Design + Computation

Testing Secure Email Submissions

Matthew Borger ‐ September 13, 2012

Recently I’ve been upgrading my home server and decided to fix a few outstanding issues. One of them has been setting up the server to send email through my ISP Verizon. I have Verizon DSL service and wanted to go about manually verifying that I can forward email using low level stuff such as telnet. Although I wanted to use an encrypted connection of course so my username and password aren’t being sent in plain text over the Internet. Luckily Verizon supports SSL connections over port 465. Telnet doesn’t support SSL connections but the openssl client can help out here.

Fire up a terminal. Verizon’s SMTP server is located at smtp.verizon.net.

$ openssl s_client -connect smtp.verizon.net:465 -crlf

A lot of SSL stuff will scroll across the screen. You’re looking for a banner line like the following:

220 vms173005pub.verizon.net -- Server ESMTP (Sun Java(tm) System Messaging Server 7u2-7.02 32bit (built Apr 16 2009))

Then you can continue with the usual SMTP commands. First say hello and use the domain name you want to send email from.

helo borgernet.com

Next the server will require authentication. Most default SMTP server setups will list what authentication methods are available to use but Verizon’s server does not provide that. A good guess is the login method.

auth login
334 VXNlcm5hbWU6

The response looks like gibberish but it actually says 'Username:' in base64. You’ll have to provide your username encoded in base64. A second terminal might be useful at this point and use the following command to figure that out. I’m using printf instead of echo because echo will add a newline character to the end of your username.

$ printf 'username' | base64

Copy and paste the output into the smtp prompt. The next string of gibberish says 'Password:' in base64. Repeat the above command encoding your password to paste in the prompt. Once it responds that the login is successful you can continue with sending an email.

mail from: noone@nowhere.com
rcpt to: someone@somewhere.com
data
Subject: An awesome subject line
An awesome email
.
quit