Yikes! This post is over a year old!
If you think it deserves a rewrite please get in touch or leave a comment.
— Thanks, Ash.
Getting started
We use Sendgrid for sending mails in most of our web applications, so I’ll use their SMTP server as an example, but you can substitute the values with any other SMTP server credentials.
For this you’ll need:
SMTP Host/IP Address: smtp.sendgrid.net
Port: 587
SSL/TLS: TLS
Username: apikey
Password: SG.xxxYYYzzzAAAbbbCCC
To connect using the TLS
protocol on port 587
, use:
openssl s_client -starttls smtp -connect smtp.sendgrid.com:587
To use SSL
on port 465
:
openssl s_client -connect smtp.sendgrid.com:465
You’ll get a lot of output concerning the SSL session and certificates used, but afterwards you’ll see a message similar to:
220 SG ESMTP service ready at ismtpd0002p1lon1.sendgrid.net
For SSL
connections, or
250 AUTH=PLAIN LOGIN
For TLS
connections.
Say EHLO
Now that you have connected to the mail server (SMTP Host) you need to identify yourself with the EHLO
(Extended Hello) command. This command takes an IP address or domain name as argument. You should set this to mixd.co.uk
EHLO mixd.co.uk
On most SMTP servers you will get a list of commands back when using EHLO:
250-smtp.sendgrid.net
250-8BITMIME
250-PIPELINING
250-SIZE 31457280
250-STARTTLS
250-AUTH PLAIN LOGIN
250 AUTH=PLAIN LOGIN
Authenticate yourself
Now that you’ve said EHLO
and identified yourself, you now need to begin authentication.
This can be a bit fiddly so have a second Terminal window/tab open to run some helper commands.
If you look at the output sent back from your EHLO, you will see this 250 AUTH=PLAIN LOGIN
. This indicates to us which authentication mechanisms are accepted by the SMTP server. PLAIN
and LOGIN
in this example.
PLAIN
Auth
The PLAIN
mechanism expects a base64 encoded string containing both username and password, each prefixed with a NULL
byte. To generate this string using the base64
binary, run this command:
echo -ne "\0apikey\0SG.xxxYYYzzzAAAbbbCCC" | base64
2AGFwaWtleQBTRy54eHhZWVl6enpBQUFiYmJDQ0M=
Now you can pass this base64 encoded string to the AUTH
command in your openssl:
AUTH PLAIN AGFwaWtleQBTRy54eHhZWVl6enpBQUFiYmJDQ0M=
The result should be:
235 Authentication successful
LOGIN
Auth
The LOGIN
mechanism expects a base64 encoded username and base64 encoded password, but separately. First, generate the base64 encoded strings:
echo -ne "apikey" | base64
2YXBpa2V5
echo -ne "SG.xxxYYYzzzAAAbbbCCC" | base64
4U0cueHh4WVlZenp6QUFBYmJiQ0ND
and authenticate with the SMTP server:
AUTH LOGIN
You will be prompted for the username first, then the password. The entire conversation will look like this:
334 VXNlcm5hbWU6
YXBpa2V5
334 UGFzc3dvcmQ6U0cueHh4WVlZenp6QUFBYmJiQ0ND
235 Authentication successful
Send an email
Now that you’re successfully authenticated, you can now send an email!
You’ll need three things for this:
- The sender (
MAIL FROM
) - The recipient (
RCPT TO
) - and the message body (
DATA
)
You must always start with the MAIL FROM
command, as this tells the SMTP server that a new mail transaction is started.
We follow that up by the recipient’s address and finally the message subject and body. Both the subject header and body are passed via the DATA
command.
It’s recommended to include the From:
header again in the DATA
command.
Once we are ready to send our message, we end with a single dot (.
) character. Here’s how that looks if you put it all together:
You have to make sure to type the rcpt to
command in lowercase. Pressing R
in the client session instructs openssl to renegotiate the TLS connection.
MAIL FROM: from@domain.com
2250 Sender address accepted
rcpt to: john@doe.com
4250 Recipient address accepted
DATA 6354 Continue
From: from@domain.com
Subject: Test message!
Hi,
This is a test message!
Thanks
.
250 Ok: queued as bazLUK4DEBqH25dH6iZuNg
You should receive a confirmation (250 Ok
) at the end that the message was accepted.
Type QUIT
to close the session.