71

For educational purposes, I need to send an email through an SMTP server, using SMTP's fundamental and simple rules.

I was able to do that using smtp4dev. I telnet localhost 25 and and commands are:

enter image description here

I want to do the same thing, using Gmail SMTP server. However, it requires authentication and TLS. I can't figure out how to do that for Gmail. Here's a screenshot of telnet smtp.gmail.com 587:

enter image description here

I searched and found many links including Wikipedia's article about STARTTLS command. But I'm not able to use TLS and authenticate to Gmail's SMTP server using command line (or sending commands myself in programming languages). Can anyone help?

Saeed Neamati
  • 35,341
  • 41
  • 136
  • 188

4 Answers4

119

to send over gmail, you need to use an encrypted connection. this is not possible with telnet alone, but you can use tools like openssl

either connect using the starttls option in openssl to convert the plain connection to encrypted...

openssl s_client -starttls smtp -connect smtp.gmail.com:587 -crlf -ign_eof

or connect to a ssl sockect directly...

openssl s_client -connect smtp.gmail.com:465 -crlf -ign_eof

EHLO localhost

after that, authenticate to the server using the base64 encoded username/password

AUTH PLAIN AG15ZW1haWxAZ21haWwuY29tAG15cGFzc3dvcmQ=

to get this from the commandline:

echo -ne '\00user@gmail.com\00password' | base64
AHVzZXJAZ21haWwuY29tAHBhc3N3b3Jk

then continue with "mail from:" like in your example

example session:

openssl s_client -connect smtp.gmail.com:465 -crlf -ign_eof
[... lots of openssl output ...]
220 mx.google.com ESMTP m46sm11546481eeh.9
EHLO localhost
250-mx.google.com at your service, [1.2.3.4]
250-SIZE 35882577
250-8BITMIME
250-AUTH LOGIN PLAIN XOAUTH
250 ENHANCEDSTATUSCODES
AUTH PLAIN AG5pY2UudHJ5QGdtYWlsLmNvbQBub2l0c25vdG15cGFzc3dvcmQ=
235 2.7.0 Accepted
MAIL FROM: <gryphius-demo@gmail.com>
250 2.1.0 OK m46sm11546481eeh.9
rcpt to: <somepoorguy@example.com>
250 2.1.5 OK m46sm11546481eeh.9
DATA
354  Go ahead m46sm11546481eeh.9
Subject: it works

yay!
.
250 2.0.0 OK 1339757532 m46sm11546481eeh.9
quit
221 2.0.0 closing connection m46sm11546481eeh.9
read:errno=0
Community
  • 1
  • 1
Gryphius
  • 75,626
  • 6
  • 48
  • 54
  • I installed OpenSSL, but no command has been added to command line. Where should I go to get openssl command in CMD? – Saeed Neamati Jun 15 '12 at 11:34
  • 1
    sorry, I don't know where the openssl executable is installed on windows, I use linux here. – Gryphius Jun 15 '12 at 11:42
  • @Gryphius I get OpenSSL Verify return code: 20 (unable to get local issuer certificate) i.e. client authentication failed, still I am able to send an email as above, could you please explain why? – codey modey Mar 17 '15 at 18:09
  • this is not "client authentication failed", it means openssl can not verify the certificate because it doesn't know the root cert's location. add `-CApath /etc/ssl/certs` to make the error go away (replace /etc/ssl/certs with your distro specific path to the trusted certs if necessary) – Gryphius Mar 18 '15 at 05:53
  • Since not everyone is using perl you can get the base64 encoded username/password with: ``powershell -command "[System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes(\"`0myemail@gmail.com`0mypassword\"))"`` (thanks to [briantist](http://stackoverflow.com/questions/32891732/powershell-pipe-string-without-the-the-cr-lf#32891905)) – pr.nizar Oct 01 '15 at 16:13
  • Note that this does not necessarily work as posed anymore / for everyone, particularly with Google tightening the security net around their services. I tried this today and I was told "Please log in via your web browser and then try again. Learn more at https://support.google.com/mail/answer/78754", with an email reporting an insecure connection just afterwards. Are you still able to obtain the behaviour described in your answer? – E.P. Mar 15 '16 at 20:22
  • @E.P. still works for me. I've created a new app password for this test though, don't know if that makes a difference. – Gryphius Mar 17 '16 at 07:24
  • Huh. It's hard to be sure because gmail security varies from user to user - so this may or may not work depending on the precise settings of the account, not all of which may be readily visible to the user. – E.P. Mar 17 '16 at 07:47
  • 1
    Now Gmail required you to use an App password instead of your regular password in order to authenticate via ssl. See: https://security.google.com/settings/security/apppasswords – Pablo Vallejo Apr 11 '16 at 02:34
  • 3
    The example above can still work, if one enables access for less secure apps under: https://www.google.com/settings/security/lesssecureapps – Ivan Jun 18 '16 at 17:30
  • Excelent job... can you post lhe code in Python also ? – ZEE Oct 03 '17 at 12:30
  • @ZEE the perl example above translates to `python -c 'import base64; print base64.b64encode("\00myemail@gmail.com\00mypassword")'` in python. If you mean the whole process, there are lots of examples on how to send through Gmail with python. – Gryphius Oct 06 '17 at 12:06
  • You need to disable Gmail 2-step verification and set "Allow less secure apps: ON" in the settings for this to work. – kiwicomb123 Dec 11 '17 at 05:40
  • 1
    Encode username + password from command line with GNU's `base64`: `echo -en '\000myemail@gmail.com\000mypassword' | base64` (don't escape the `@`). – Stefan van den Akker Mar 09 '18 at 11:13
  • Thank you but one question if you don't mind. How to use this in windows? When I enter my base64 username+password after auth login i get the error*** 501 5.5.2 Cannot Decode response l202sm26206525wma.33 - gsmtp *** what should I do? – Mostafa Ayaz Dec 16 '18 at 23:23
  • I had a problem trying to send the message in Windows CMD: "adding a new line, period, new line", does not works. I suppose, it is because [windows manages new lines differently from Linux](https://stackoverflow.com/questions/426397/do-line-endings-differ-between-windows-and-linux) so, I move to [Git Bash](https://git-scm.com/downloads) and I searched for the openssl.exe path (/C/Program Files/OpenSSL-Win64/bin), and finally it works! – Darío León Jun 12 '20 at 05:32
  • This didn't work for me, I got 501 5.5.2 Cannot Decode response when I entered in my password. What worked for me was 1. Generate an App password (https://myaccount.google.com/security) 2. After Ehlo, do Auth login 3. paste in your b64 encoded email, press enter 4. paste in your b64 encoded app password, press enter. Make sure to use the -n option when echoing your content to the base64 utility! – Almenon Oct 13 '22 at 23:18
28

Unfortunately as I am forced to use a windows server I have been unable to get openssl working in the way the above answer suggests.

However I was able to get a similar program called stunnel (which can be downloaded from here) to work. I got the idea from www.tech-and-dev.com but I had to change the instructions slightly. Here is what I did:

  1. Install telnet client on the windows box.
  2. Download stunnel. (I downloaded and installed a file called stunnel-4.56-installer.exe).
  3. Once installed you then needed to locate the stunnel.conf config file, which in my case I installed to C:\Program Files (x86)\stunnel

  4. Then, you need to open this file in a text viewer such as notepad. Look for [gmail-smtp] and remove the semicolon on the client line below (in the stunnel.conf file, every line that starts with a semicolon is a comment). You should end up with something like:

    [gmail-smtp]
client = yes
accept = 127.0.0.1:25
connect = smtp.gmail.com:465

    Once you have done this save the stunnel.conf file and reload the config (to do this use the stunnel GUI program, and click on configuration=>Reload).

Now you should be ready to send email in the windows telnet client!
Go to Start=>run=>cmd.

Once cmd is open type in the following and press Enter: 

telnet localhost 25

You should then see something similar to the following:

220 mx.google.com ESMTP f14sm1400408wbe.2

You will then need to reply by typing the following and pressing enter: 

helo google

This should give you the following response:

250 mx.google.com at your service

If you get this you then need to type the following and press enter: 

ehlo google

This should then give you the following response:

250-mx.google.com at your service, [212.28.228.49]
250-SIZE 35651584
250-8BITMIME
250-AUTH LOGIN PLAIN XOAUTH
250 ENHANCEDSTATUSCODES

Now you should be ready to authenticate with your Gmail details. To do this type the following and press enter: 

AUTH LOGIN

This should then give you the following response:

334 VXNlcm5hbWU6

This means that we are ready to authenticate by using our gmail address and password.

However since this is an encrypted session, we're going to have to send the email and password encoded in base64. To encode your email and password, you can use a converter program or an online website to encode it (for example base64 or search on google for ’base64 online encoding’). I reccomend you do not touch the cmd/telnet session again until you have done this.

For example test@gmail.com would become dGVzdEBnbWFpbC5jb20= and password would become cGFzc3dvcmQ=

Once you have done this copy and paste your converted base64 username into the cmd/telnet session and press enter. This should give you following response:

334 UGFzc3dvcmQ6

Now copy and paste your converted base64 password into the cmd/telnet session and press enter. This should give you following response if both login credentials are correct:

235 2.7.0 Accepted

You should now enter the sender email (should be the same as the username) in the following format and press enter: 

MAIL FROM:<test@gmail.com>

This should give you the following response:

250 2.1.0 OK x23sm1104292weq.10

You can now enter the recipient email address in a similar format and press enter: 

RCPT TO:<recipient@gmail.com>

This should give you the following response:

250 2.1.5 OK x23sm1104292weq.10

Now you will need to type the following and press enter: 

DATA

Which should give you the following response:

354  Go ahead x23sm1104292weq.10

Now we can start to compose the message! To do this enter your message in the following format (Tip: do this in notepad and copy the entire message into the cmd/telnet session):

From: Test <test@gmail.com>
To: Me <recipient@gmail.com>
Subject: Testing email from telnet
This is the body

Adding more lines to the body message.

When you have finished the email enter a dot:

.

This should give you the following response:

250 2.0.0 OK 1288307376 x23sm1104292weq.10

And now you need to end your session by typing the following and pressing enter:

QUIT

This should give you the following response:

221 2.0.0 closing connection x23sm1104292weq.10
Connection to host lost.

And your email should now be in the recipient’s mailbox!

ThoriumBR
  • 930
  • 12
  • 25
Exile
  • 9,163
  • 4
  • 23
  • 22
8

As no one has mentioned - I would suggest to use great tool for such purpose - swaks

# yum info swaks
Installed Packages
Name        : swaks
Arch        : noarch
Version     : 20130209.0
Release     : 3.el6
Size        : 287 k
Repo        : installed
From repo   : epel
Summary     : Command-line SMTP transaction tester
URL         : http://www.jetmore.org/john/code/swaks
License     : GPLv2+
Description : Swiss Army Knife SMTP: A command line SMTP tester. Swaks can test
            : various aspects of your SMTP server, including TLS and AUTH.

It has a lot of options and can do almost everything you want.

GMAIL: STARTTLS, SSLv3 (and yes, in 2016 gmail still support sslv3)

$ echo "Hello world" | swaks -4 --server smtp.gmail.com:587 --from user@gmail.com --to user@example.net -tls --tls-protocol sslv3 --auth PLAIN --auth-user user@gmail.com --auth-password 7654321 --h-Subject "Test message" --body -
=== Trying smtp.gmail.com:587...
=== Connected to smtp.gmail.com.
<-  220 smtp.gmail.com ESMTP h8sm76342lbd.48 - gsmtp
 -> EHLO www.example.net
<-  250-smtp.gmail.com at your service, [193.243.156.26]
<-  250-SIZE 35882577
<-  250-8BITMIME
<-  250-STARTTLS
<-  250-ENHANCEDSTATUSCODES
<-  250-PIPELINING
<-  250-CHUNKING
<-  250 SMTPUTF8
 -> STARTTLS
<-  220 2.0.0 Ready to start TLS
=== TLS started with cipher SSLv3:RC4-SHA:128
=== TLS no local certificate set
=== TLS peer DN="/C=US/ST=California/L=Mountain View/O=Google Inc/CN=smtp.gmail.com"
 ~> EHLO www.example.net
<~  250-smtp.gmail.com at your service, [193.243.156.26]
<~  250-SIZE 35882577
<~  250-8BITMIME
<~  250-AUTH LOGIN PLAIN XOAUTH2 PLAIN-CLIENTTOKEN OAUTHBEARER XOAUTH
<~  250-ENHANCEDSTATUSCODES
<~  250-PIPELINING
<~  250-CHUNKING
<~  250 SMTPUTF8
 ~> AUTH PLAIN AGFhQxsZXguaGhMGdATGV4X2hoYtYWlsLmNvbQBS9TU1MjQ=
<~  235 2.7.0 Accepted
 ~> MAIL FROM:<user@gmail.com>
<~  250 2.1.0 OK h8sm76342lbd.48 - gsmtp
 ~> RCPT TO:<user@example.net>
<~  250 2.1.5 OK h8sm76342lbd.48 - gsmtp
 ~> DATA
<~  354  Go ahead h8sm76342lbd.48 - gsmtp
 ~> Date: Wed, 17 Feb 2016 09:49:03 +0000
 ~> To: user@example.net
 ~> From: user@gmail.com
 ~> Subject: Test message
 ~> X-Mailer: swaks v20130209.0 jetmore.org/john/code/swaks/
 ~>
 ~> Hello world
 ~>
 ~>
 ~> .
<~  250 2.0.0 OK 1455702544 h8sm76342lbd.48 - gsmtp
 ~> QUIT
<~  221 2.0.0 closing connection h8sm76342lbd.48 - gsmtp
=== Connection closed with remote host.

YAHOO: TLS aka SMTPS, tlsv1.2

$ echo "Hello world" | swaks -4 --server smtp.mail.yahoo.com:465 --from user@yahoo.com --to user@gmail.com --tlsc --tls-protocol tlsv1_2 --auth PLAIN --auth-user user@yahoo.com --auth-password 7654321 --h-Subject "Test message" --body -
=== Trying smtp.mail.yahoo.com:465...
=== Connected to smtp.mail.yahoo.com.
=== TLS started with cipher TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128
=== TLS no local certificate set
=== TLS peer DN="/C=US/ST=California/L=Sunnyvale/O=Yahoo Inc./OU=Information Technology/CN=smtp.mail.yahoo.com"
<~  220 smtp.mail.yahoo.com ESMTP ready
 ~> EHLO www.example.net
<~  250-smtp.mail.yahoo.com
<~  250-PIPELINING
<~  250-SIZE 41697280
<~  250-8 BITMIME
<~  250 AUTH PLAIN LOGIN XOAUTH2 XYMCOOKIE
 ~> AUTH PLAIN AGFhQxsZXguaGhMGdATGV4X2hoYtYWlsLmNvbQBS9TU1MjQ=
<~  235 2.0.0 OK
 ~> MAIL FROM:<user@yahoo.com>
<~  250 OK , completed
 ~> RCPT TO:<user@gmail.com>
<~  250 OK , completed
 ~> DATA
<~  354 Start Mail. End with CRLF.CRLF
 ~> Date: Wed, 17 Feb 2016 10:08:28 +0000
 ~> To: user@gmail.com
 ~> From: user@yahoo.com
 ~> Subject: Test message
 ~> X-Mailer: swaks v20130209.0 jetmore.org/john/code/swaks/
 ~>
 ~> Hello world
 ~>
 ~>
 ~> .
<~  250 OK , completed
 ~> QUIT
<~  221 Service Closing transmission
=== Connection closed with remote host.

I have been using swaks to send email notifications from nagios via gmail for last 5 years without any problem.

ALex_hha
  • 1,345
  • 15
  • 16
4

Based on the existing answers, here's a step-by-step guide to sending automated e-mails over SMTP, using a GMail account, from the command line, without disclosing the password.

Requirements

First, install the following software packages:

These instructions assume a Linux operating system, but should be reasonably easy to port to Windows (via Cygwin or native equivalents), or other operating system.

Authentication

Save the following shell script as authentication.sh:

#!/bin/bash

# Asks for a username and password, then spits out the encoded value for
# use with authentication against SMTP servers.

echo -n "Email (shown): "
read email
echo -n "Password (hidden): "
read -s password
echo

TEXT="\0$email\0$password"

echo -ne $TEXT | base64

Make it executable and run it as follows:

chmod +x authentication.sh
./authentication.sh

When prompted, provide your e-mail address and password. This will look something like:

Email (shown): bob@gmail.com
Password (hidden): 
AGJvYkBnbWFpbC5jb20AYm9iaXN0aGViZXN0cGVyc29uZXZlcg==

Copy the last line (AGJ...==), as this will be used for authentication.

Notification

Save the following expect script as notify.sh (note the first line refers to the expect program):

#!/usr/bin/expect

set address "[lindex $argv 0]"
set subject "[lindex $argv 1]"
set ts_date "[lindex $argv 2]"
set ts_time "[lindex $argv 3]"

set timeout 10
spawn openssl s_client -connect smtp.gmail.com:465 -crlf -ign_eof 

expect "220" {
  send "EHLO localhost\n"

  expect "250" {
    send "AUTH PLAIN YOUR_AUTHENTICATION_CODE\n"

    expect "235" {
      send "MAIL FROM: <YOUR_EMAIL_ADDRESS>\n"

      expect "250" {
        send "RCPT TO: <$address>\n"

        expect "250" {
          send "DATA\n"

          expect "354" {
            send "Subject: $subject\n\n"
            send "Email sent on $ts_date at $ts_time.\n"
            send "\n.\n"

            expect "250" {
                send "quit\n"
            }
          }
        }
      }
    }
  }
}

Make the following changes:

  1. Paste over YOUR_AUTHENTICATION_CODE with the authentication code generated by the authentication script.
  2. Change YOUR_EMAIL_ADDRESS with the e-mail address used to generate the authentication code.
  3. Save the file.

For example (note the angle brackets are retained for the e-mail address):

send "AUTH PLAIN AGJvYkBnbWFpbC5jb20AYm9iaXN0aGViZXN0cGVyc29uZXZlcg==\n"
send "MAIL FROM: <bob@gmail.com>\n"

Lastly, make the notify script executable as follows:

chmod +x notify.sh

Send E-mail

Send an e-mail from the command line as follows:

./notify.sh recipient@domain.com "Command Line" "March 14" "15:52"
Dave Jarvis
  • 30,436
  • 41
  • 178
  • 315