Telnet can be used from a command line interface, aka shell prompt, to manually send commands to an Simple Mail Transfer Protocol (SMTP) server to test email deliveries. An SMTP server typically listens on port 25 for incoming connections from mail clients or other email servers. So you could enter
telnet
mail.example.com 25
to connect to that port on a server, e.g.,
mail.example.com in this example, from a command line.
Telnet is available on Linux systems, or can be installed if it is not,
and is also available on Mac OS X systems where you can run the application
by using the Terminal application to obtain a shell prompt. Telnet was
available by default with early versions of Microsoft Windows, but that is
no longer the case. The free and open source
PuTTY program is an
excellent telnet client for Windows, however. To use it to connect to port
25 on an email server, you simply select Telnet
as the connection
type and put 25
in the port field.
Once you've connected to port 25 on a mail server, the first command to
enter is either helo
or ehlo
. Issuing that command
is akin to saying "hello" when you meet someone. The command is usually
followed by the name of the system from which you are connecting, e.g.,
helo me.example.com
if you ran the telnet command on a system
with a
fully qualified domain name (FQDN) of me.example.com. But you can follow
the helo
or ehlo
command with anything, just as
you could say "hello, I'm Paul" when you met someone even if your name was
Peter.
Ehlo
is a command that is part of
Extended SMTP (ESMTP),
aka "Enhanced SMTP", which defines protocol extensions for the SMTP
protocol. Ehlo
is shorthand for "Extended Hello" and in the
protocol extensions of ESMTP provides a similar role of an introduction.
If the email server to which you are connecting supports the protocol
extensions of ESMTP, it will reply with a list of the keywords it supports
with each preceded by the code 250 as shown below:
$ telnet smtp.mandrillapp.com 25 Trying 54.158.189.65... Connected to smtp.mandrillapp.com. Escape character is '^]'. 220 smtp.mandrillapp.com ESMTP ehlo moonpoint.com 250-ip-10-81-192-73 250-PIPELINING 250-SIZE 26214400 250-STARTTLS 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250 8BITMIME
If the server doesn't support ESMTP, it will return error code 500, instead.
ESMTP client software can then try either HELO
, instead, or
issue the QUIT
command to terminate the connection to the server.
If the email server doesn't require authentication, you can then issue commands specifying the "from" and "to" addresses for the email message as shown below:
$ telnet mail.example.com 25 Trying 192.168.101.222... Connected to mail.example.com. Escape character is '^]'. 220 mail.example.com ESMTP Sendmail 8.14.7/8.14.7; Sat, 4 Apr 2015 22:02:39 -0400 mail from: testing@example.com 250 2.1.0 testing@example.com... Sender ok rcpt to: moonpoint@example.com 250 2.1.5 moonpoint@example.com... Recipient ok data 354 Enter mail, end with "." on a line by itself This is a test. . 250 2.0.0 t3520758032350 Message accepted for delivery quit 221 2.0.0 mail.example.com closing connection Connection closed by foreign host.
First you issue the command mail from:
followed by the
email address that is the "from" address. You then issue the command
rcpt to:
followed by the destination email address. The
content of the message is specified by typing data
then hitting
Enter and then typing the contents of the email you wish to send.
To terminate the content, type a period by itself as the first character
on a line and then hit Enter. That's all you need to send an email
message and you can then terminate the connetion to the server with the
Quit
command.
In the example above, the message you send won't have a subject, because
none was specified. You can specify the subject by entering Subject:
after the Data
command. You can also include From:
and To:
in the data that follows the data
command. Those don't even have to be the same as what you speficied with the
mail from:
and rcpt to
commands. If you enter
a From:
and To:
address after the data
command, those will be what the recipient sees when he or she views the
message. E.g., you could use rcpt to: mary@example.com
to
send an email to mary@example.com, but put a bogus address after the
data
command, such as From: bogusemail@nonexistent.com
and the email would still be delivered successfully to Mary's mary@example.com
email address, but when she viewed the message it would appear to her it was
sent to bogusemail@nonexistent.com.
$ telnet mail.example.com 25 Trying 192.168.101.222... Connected to mail.example.com. Escape character is '^]'. 220 mail.example.com ESMTP Sendmail 8.14.7/8.14.7; Sat, 4 Apr 2015 22:17:16 -0400 mail from: testing@example.com 250 2.1.0 testing@example.com... Sender ok rcpt to: someone@example.com 250 2.1.5 someone@example.com... Recipient ok rcpt to: someoneelse@somesite.com 250 2.1.5 someoneelse@somesite.com... Recipient ok data 354 Enter mail, end with "." on a line by itself From: someone@example.com To: bogusemail@example.com Subject: A Test Just a test. . 250 2.0.0 t352HGPe003192 Message accepted for delivery QUIT 221 2.0.0 mail.example.com closing connection Connection closed by foreign host. $
In the example above, I skipped the introduction using helo
or ehlo
and went straight to rcpt to
. I then
entered rcpt to: someone@example.com
. When I entered the
rcpt to: someoneelse@somesite.com
command I wasn't adding a
second delivery destination for the email but replacing the prior email
recipient; you can just re-enter commands if you've made typos. I then
changed the "from" address that the recipient would see
with From: someone@example.com
and also inserted
To: bogusemail@example.com
. There's no validation of the
from
address at any part of this process, which shows just
how easy it is to spoof the "from" address in an email message, which is
why you should never assume that the "from" address in an email message
reflects the actual sender. Spammers and malware distributors often insert
fake "from" addresses in their email. The email server will check that
the rcpt to:
address is a valid email address on the server or
the sender is allowed to "relay" email based on the sender's IP address,
email address, or authentication, but the "to" address seen in a message
when viewed in an email client also doesn't necessarily reflect the one
used in the rcpt to
address.
If the rcpt to
address isn't a valid email account on the
server and if the server isn't configured to "relay" email to addresses that
exist on other servers, or at least not for the sender of a particular message,
it will respond with a "relaying denied" message.
s telnet example.com 25 Trying 192.168.101.222... Connected to example.com. Escape character is '^]'. 220 localhost.localdomain ESMTP Sendmail 8.14.7/8.14.7; Sat, 4 Apr 2015 22:15:24 -0400 ehlo example.com 250-example.com Hello me.somewhere.com [10.0.1.12], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 250-DSN 250-ETRN 250-AUTH DIGEST-MD5 CRAM-MD5 250-DELIVERBY 250 HELP mail from: testing@example.com 250 2.1.0 testing@example.com... Sender ok rcpt to: someone@someothersite.com 550 5.7.1 someone@someothersite.com... Relaying denied
The above commands can be used by one email server communicating with
another, e.g., a sender's email server communicating with a recipient's email
server. They can also be used by a client email application, e.g.,
Thunderbird
or Microsoft Outlook. If you are sending email from an email client to an
email server, you may be required to authenticate with that server first
with a userid and password before the server will allow the client to
transmit email through it,though. This is a mechanism to block
spammers from sending email via the server. You can use the AUTH
PLAIN
command to transmit those credentials if the email server
supports that command. E.g., in the example below the server supports
that command, since it returns the code 250 followed by "AUTH PLAIN"
after an ehlo
command is issued, so I can authenticate
with it by issuing the command AUTH PLAIN
followed by the
appropriate credentials.
$ telnet smtp.mandrillapp.com 25 Trying 54.204.65.134... Connected to smtp.mandrillapp.com. Escape character is '^]'. 220 smtp.mandrillapp.com ESMTP ehlo test 250-ip-10-187-29-39 250-PIPELINING 250-SIZE 26214400 250-STARTTLS 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250 8BITMIME AUTH PLAIN AG1vb25wb22udEBob3RtYW2sLmNvbQBDaTMtY2RfOT0McklOd23OMFEsNGFB 235 2.7.0 Authentication successful Mail From: testing@example.com 250 2.1.0 Ok RCPT To: moonpoint@somesite.com 250 2.1.5 Ok Data 354 End data with <CR><LF>.<CR><LF> This is a test message. . 250 2.0.0 Ok: queued as 85761C042C quit 221 2.0.0 Bye Connection closed by foreign host.
So what is that long string of characters after the AUTH
PLAIN
command. That's actually the userid and password that the
server requires for authentication. It looks like just random letters
and numbers because the userid and password are
base64-encoded. You
can generate the encoded credentials using a Perl command similar to
the one below:
$ perl -MMIME::Base64 -e 'print encode_base64("\000moonpoint\@example.com\000SomePassword");' AG1vb25wb2ludEBleGFtcGxlLmNvbQBTb21lUGFzc3dvcmQ=
The command is in the format
perl -MMIME::Base64 -e
'print encode_base64("\000user_name\@domain_name\000Password");'
.
The user name is preceded by \000
, i.e., a backslash followed
by a null character represented by three zeros. If authentication requires
that you enter a userid in the form of userid@domainname
, instead
of just username
, then you need to precede the "@" with the
backslash escape
character. If you don't do so, Perl will think the "@" represents a
reference to an array and the result you get won't work.
You then add another backslash followed by three zeros and
the password. The encoded data will then be returned. In this case it was
AG1vb25wb2ludEBleGFtcGxlLmNvbQBTb21lUGFzc3dvcmQ=
which is
what I would copy and paste after the AUTH PLAIN
command when
providing credentials to the server. Note: you can also use online services
to do the base64 encoding, but you would be providing the login
credentials to get the results, so someone else could possibly learn the
userid and password.
References:
-
SMTP, testing via Telnet
Last modified: June 11, 2013
FreeBSDwiki