Monday, November 13, 2017

SSMTP and Authenticated SMTP

Related to my previous post, this page has an excellent (and short) write up of how to deal with Comcast (or any other authenticated SMTP provider) email forwarding, using a smarthost.

As recommended, I installed ssmtp (and mailx) onto Raspbian with the following:
sudo apt-get install ssmtp sudo apt-get install bsd-mailx
I edited /etc/ssmtp/ssmtp.conf, to include the following settings:
# comcast
mailhub=smtp.comcast.net:587
UseSTARTTLS=YES
UseTLS=YES
AuthUser=<username>@comcast.net
AuthPass=<plaintext password>
rewritedomain=<fqdn>
FromLineOverride=YES
hostname=<hostname + fqdn>
This was a heck of a lot easier than the alternatives, using exim4, that are documented in other places.
Posted by at No comments:

Monday, November 6, 2017

Manual Testing of Mail with SMTP and TLS

If you're anything like me, you've used the telnet method to verify SMTP connectivity many times, over the years:

$ telnet smtp.mail.com
EHLO domain.com
MAIL FROM: alex@mydomain
RCPT TO: alex@someotherdomain
DATA
Subject: This is a test email
This is a test email.
.

In the modern era of TLS encrypted email connectivity, this no longer works.  However, there is a similar method, only requiring Perl or BASH, and OpenSSL.  Thanks to https://www.saotn.org/test-smtp-authentication-starttls/ for the details.

First, you need to create an authentication string that the remote mail server will accept.  With Perl, do this:

$ perl -MMIME::Base64 -e 'print encode_base64("\000username\@example.com\000password")'
AHVzZXJuYW1lQGV4YW1wbGUuY29tAHBhc3N3b3Jk

With BASH, do this:

$ echo -ne '\0username@example.com\0password' | base64
AHVzZXJuYW1lQGV4YW1wbGUuY29tAHBhc3N3b3Jk

Then, you can make your test connection to the mail server, using the handy "s_client" functionality of OpenSSL:

$ openssl s_client -connect smtp.gmail.com:587 -starttls smtp
CONNECTED(00000003)
<removed all the certificate junk>
---
250 SMTPUTF8
EHLO there
250-smtp.gmail.com at your service, [73.213.115.193]
250-SIZE 35882577
250-8BITMIME
250-AUTH LOGIN PLAIN XOAUTH2 PLAIN-CLIENTTOKEN OAUTHBEARER XOAUTH
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-CHUNKING
250 SMTPUTF8
AUTH PLAIN AHVzZXJuYW1lQGV4YW1wbGUuY29tAHBhc3N3b3Jk235 2.7.0 Accepted

See, it really wasn't very hard, was it?
Posted by at No comments:
Subscribe to: Posts (Atom)