SMTP

From Omnia
Revision as of 15:11, 19 August 2015 by Kenneth (talk | contribs) (→‎LOGIN Authentication)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Interactive telnet session with Mail server

$ telnet oeey.com 25
Trying 50.50.251.110...
Connected to oeey.com.
Escape character is '^]'.
ehlo bob
220 ******************************
250-oeey.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH CRAM-MD5 LOGIN DIGEST-MD5 GSSAPI NTLM PLAIN
250-AUTH=CRAM-MD5 LOGIN DIGEST-MD5 GSSAPI NTLM PLAIN
250 8BITMIME


The contents of your message file should resemble this example:

HELO host.example.com
MAIL FROM: <test@host.example.com>
RCPT TO: <bob@example.com>
DATA
From: [Alice] <alice@geek.com>
To: <bob@example.com>
Date: Mon, 12 Apr 2010 14:21:26 -0400
Subject: Test Message

Hi there! This is supposed to be a real email...

Have a good day!
Alice


.
QUIT

Now feed message to netcat:

/usr/bin/nc smtp.domain.com 25 < /tmp/message
# telnet oeey.com 25
Trying 50.50.251.110...
Connected to oeey.com.
Escape character is '^]'.
220 ******************************
EHLO trogdor
250-oeey.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH CRAM-MD5 LOGIN DIGEST-MD5 GSSAPI NTLM PLAIN
250-AUTH=CRAM-MD5 LOGIN DIGEST-MD5 GSSAPI NTLM PLAIN
250 8BITMIME
AUTH LOGIN
334 VXNlcm5hbWU6                           ## Username:
a2VubmV0aC5idXJnZW5lcg==                   ## ***
334 UGFzc3dvcmQ6                           ## Password:
SW1CQjE5OTkh                               ## ****
235 Authentication successful
RCPT TO: <kenneth@oeey.com>
503 Error: need MAIL command
MAIL FROM: <kenneth@oeey.com>
250 Ok
RCPT TO: <kenneth@oeey.com>
250 Ok
DATA
354 End data with <CR><LF>.<CR><LF>
Subject: This is a test
From: Kenneth <kenneth@oeey.com>
To: Kenneth <kenneth@oeey.com>

This is a test
.

250 Ok: queued as 8E2FD52095
500 Error: bad syntax
quit
221 Bye


SMTP Authentication

Use base64 tool to encode decode:

echo -n "[pass]" | /usr/bin/base64
echo -n "[encpass]" | /usr/bin/base64 -d
printf "\0postmaster@example.com\0pass" | /var/indimail/bin/base64
printf 'VXNlcm5hbWU6' | mimencode -u ; echo

LOGIN Authentication

This method accepts username and password as supplemental args. It simply returns each string Base64 encoded. This provides only minimal advantages over using ENCODE twice. One advantage is hiding the password if you provide it on STDIN


LOGIN: (base64) [1] [2]

EHLO trogdor
AUTH LOGIN
334 VXNlcm5hbWU6                           ## Username:
a2VubmV0aC5idXJnZW5lcg==                   ## ****
334 UGFzc3dvcmQ6                           ## Password:
SW1CQjE5OTkh                               ## ***
235 Authentication successful

How to Test SMTP AUTH using Telnet [Wiki] | NDCHost [3]:

perl -MMIME::Base64 -e 'print encode_base64("username");'    # dXNlcm5hbWUuY29t
perl -MMIME::Base64 -e 'print encode_base64("password");'    # bXlwYXNzd29yZA==
telnet mailserver.com 25
  EHLO mailserver.com
  AUTH LOGIN
  dXNlcm5hbWUuY29t
  bXlwYXNzd29yZA==

PLAIN Authentication

This type generates a PLAIN (RFC 2595) authentication string. It accepts supplemental arguments of username and password. It generates a Base64 encoded string "\0<username>\0<password>".

PLAIN: (base64 on single line) [4]

EHLO trogdor
AUTH PLAIN
334
AGtlbm5ldGguYnVyZ2VuZXIASW1CQjE5OTkh       ## \000***\000***
235 Authentication successful
perl -MMIME::Base64 -e 'print encode_base64("\000jms1\@jms1.net\000not.my.real.password")' 
perl -MMIME::Base64 -e 'print encode_base64("\000***\000***")'
AGtlbm5ldGguYnVyZ2VuZXIASW1CQjE5OTkh

This also works:

AUTH PLAIN AGtlbm5ldGguYnVyZ2VuZXIASW1CQjE5OTkh       ## \000***\000***

CRAM-MD5

CRAM-MD5 (RFC 2195) accepts three supplemental arguments. The first is the username and the second is the password. The third is the challenge string provided by the server. This string can be either Base64 encoded or not. The RFC states that all (unencoded) challenge strings must start w/ '<'. This is used to whether the string is Base64 encoded or not.

CRAM-MD5 uses the challenge and the supplied password to generate a digest. it then returns the Base64 encoded version of the string md5("<username> <challenge>")

3. AUTH CRAM-MD5

The CRAM-MD5 is a challenge-response method where the password is not sent over the network. It is expected that the password is stored in the clear in IndiMail's backend database MySQL.

% sudo /var/indimail/bin/vpasswd postmaster@example.com -e pass

Next step is to write a script named cram-md5

% cat > cram-md5 <<>"
sys.exit(1)
str=cram_md5_response(sys.argv[1], sys.argv[2], sys.argv[3]);
print "%s" %str
EOF

% sudo chmod +x ./cram-md5

Now when you do (see below) auth cram-md5, the server will issue a challenge
e.g. in the below example, the challenge is

PDIwMTM3LjEyNjc1ODUxMDBAaW5kaW1haWwub3JnPg==

if you decode this, i.e.

% echo PDIwMTM3LjEyNjc1ODUxMDBAaW5kaW1haWwub3JnPg== | base64 -d
<20137.1267585100@indimail.org>

The response for the challenge can be generated using the cram-md5 shell script which we created above. i.e.

% ./cram-md5 PDIwMTM3LjEyNjc1ODUxMDBAaW5kaW1haWwub3JnPg==
cG9zdG1hc3RlckBleGFtcGxlLmNvbSBjZWU4Mzk3YWIxMjNhMGQ0ZjNhN2ZkZGJiOWNiODcxOQ==

% telnet 0 smtp
Trying 0.0.0.0...
Connected to 0.
Escape character is '^]'.
220 indimail.org (NO UCE) ESMTP IndiMail 1.137 3 Mar 2010 08:28:17 +0530
auth cram-md5
334 PDIwMTM3LjEyNjc1ODUxMDBAaW5kaW1haWwub3JnPg==
cG9zdG1hc3RlckBleGFtcGxlLmNvbSBjZWU4Mzk3YWIxMjNhMGQ0ZjNhN2ZkZGJiOWNiODcxOQ==
235 ok, go ahead (#2.0.0)

Please do take a look at Erwin Hoffman's excellent tutorial on the same subject at
http://www.fehcom.de/qmail/smtpauth.html

CRAM-SHA1

This behaves the same as CRAM-MD5 but uses SHA1 digesting rather than MD5.

DIGEST-MD5

250-AUTH LOGIN PLAIN CRAM-MD5 DIGEST-MD5
250 HELP
>>> AUTH DIGEST-MD5
334 bm9uY2U9IkFKUlVjNUp4MFVRYnY1U0o5Rm95VW5hWnBxWklIRGhMVFUrQXduL0swVXc9Iixxb3A9ImF1dGgsYXV0aC1pbnQsYXV0aC1jb25mIixjaXBoZXI9InJjNC00MCxyYzQtNTYscmM0LGRlcywzZGVzIixjaGFyc2V0PXV0Zi04LGFsZ29yaXRobT1tZDUtc2Vzcw==
>>> dXNlcm5hbWU9InRlc3QiLHJlYWxtPSJ3aXouZXhhbXBsZS5jb20iLG5vbmNlPSJBSlJVYzVKeDBVUWJ2NVNKOUZveVVuYVpwcVpJSERoTFRVK0F3bi9LMFV3PSIsY25vbmNlPSJBSlJVYzVKeDBVUWJ2NVNKOUZveVVuYVpwcVpJSERoTFRVK0F3bi9LMFV3PSIsbmM9MDAwMDAwMDEscW9wPWF1dGgtY29uZixjaXBoZXI9InJjNCIsY2hhcnNldD11dGYtOCxkaWdlc3QtdXJpPSJzbXRwL2xvY2FsaG9zdC5zZW5kbWFpbC5jb20uIixyZXNwb25zZT0wZTdjZmNhZTcxN2VlYWM5NzJmYzlkNTYwNmExMDgzZA==
334 cnNwYXV0aD03NDM5ODBjODQ0MmRiYjcxNmQ0ZWE5ZTQ5OTNiMDFkMA==
>>> 
235 2.0.0 OK Authenticated

Decoded:

nonce="AJRUc5Jx0UQbv5SJ9FoyUnaZpqZIHDhLTU+Awn/K0Uw=",qop="auth,auth-int,auth-conf",cipher="rc4-40,rc4-56,rc4,des,3des",charset=utf-8,algorithm=md5-sess

username="test",realm="wiz.example.com",nonce="AJRUc5Jx0UQbv5SJ9FoyUnaZpqZIHDhLTU+Awn/K0Uw=",cnonce="AJRUc5Jx0UQbv5SJ9FoyUnaZpqZIHDhLTU+Awn/K0Uw=",nc=00000001,qop=auth-conf,cipher="rc4",charset=utf-8,digest-uri="smtp/localhost.sendmail.com.",response=0e7cfcae717eeac972fc9d5606a1083d

rspauth=743980c8442dbb716d4ea9e4993b01d0

GSSAPI

NTLM

Although it may be advertised as one of the above types, this method of authentication if refered to singularly as NTLM. This is a multi-step authentication type. The first 3 arguments must be supplied up front. They are username, password, and domain, in that order. These three strings are used to generate an "Auth Request" string. This string should be passed verbatim to the server. The server will then respond with a challenge. This challenge is the fourth argument. After receiving the server challenge, gen-auth will produce an "Auth Response". Posting this response to the server completes the NTLM authentication transaction.

This authentication method requires the Authen::NTLM perl module to be installed. See EXAMPLES for an example of this transaction. Note also that 'domain' is often blank from client or ignored by server.


keywords