So I'm learning about SMTP and am trying to use telnet
to send some mail over SMTP.
I've easilly been able to send mail to my gmail account via:
$ host gmail.com
...
gmail.com mail is handled by 5 gmail-smtp-in.l.google.com.
...
$ telnet gmail-smtp-in.l.google.com 25
Trying 74.125.142.27...
...
Connected to gmail-smtp-in.l.google.com.
...
HELO <[email protected]>
...
However, I'm having trouble sending from my gmail account. From what I understand about SMTP, I should be using SMTP to send mail from < [email protected] > to the outgoing gmail SMTP servers, which in turn use SMTP to transfer the mail to the receivers incoming SMTP server ect.
However, I'm having difficulties. If I telnet
into smtp.gmail.com
via port 465
(gmail outgoing smtp mail server canonical), I'm immediately disconnected after starting with HELO <[email protected]>
, or asked to STARTTLS
. I can't find answers on how to proceed.
Any help is appreciated.
Sidenote: Currently I'm using Starbucks free Wi-Fi to access the internet. I'm actually unable to telnet
directly from my computer (No route to host error). Instead, it only works if I ssh
into a remote linux box on my school's network first, then telnet
from there. Any idea why this is?
Thanks!
Gmail has supported STARTTLS for some time, as have some other mail providers, but that standard isn't enough on its own to protect sessions against eavesdropping. So the addition of support for MTA-STS in Gmail is meant to fill in some of the gaps and provide a higher resistance to interception.
The outgoing SMTP server, smtp.gmail.com , requires TLS. Use port 465 , or port 587 if your client begins with plain text before issuing the STARTTLS command.
StartTLS is a protocol command used to inform the email server that the email client wants to upgrade from an insecure connection to a secure one using TLS or SSL. StartTLS is used with SMTP and IMAP, while POP3 uses the slightly different command for encryption, STLS.
The telnet client will not negotiate a TLS session for you. You should use another tool, such as OpenSSL's s_client. The following issues the STARTTLS command for you and handles the TLS negotiation:
$ openssl s_client -starttls smtp -connect smtp.gmail.com:587 -crlf
Alternatively, you could connect directly to the SMTPS port:
$ openssl s_client -connect smtp.gmail.com:465 -crlf
First of all, it looks like you're using the wrong port. Gmail exposes port 465 for SMTP over SSL and port 587 for SMTP with STARTTLS, as documented here. The difference between these two is that SMTP over SSL first establishes a secure SSL/TLS connection and conducts SMTP over that connection, and SMTP with STARTTLS starts with unencrypted SMTP and then switches to SSL/TLS. This is why you don't get a response to your HELO.
$ telnet smtp.gmail.com 587
Trying 74.125.25.108...
Connected to gmail-smtp-msa.l.google.com.
Escape character is '^]'.
220 mx.google.com ESMTP fr1sm24834956pbb.26 - gsmtp
HELO <[email protected]>
250 mx.google.com at your service
STARTTLS
220 2.0.0 Ready to start TLS
But even if you telnet to port 587 you still aren't going to be able to send any email by hand. In order to do anything interesting you will have to STARTTLS, and you won't be able to handle the SSL/TLS binary protocol to negotiate the encryption.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With