13

So I'm learning about SMTP and am trying to use telnet to send some mail over SMTP.

I've easilly been able to send mail to my gmail account via:

$ host gmail.com
...
gmail.com mail is handled by 5 gmail-smtp-in.l.google.com.
...
$ telnet gmail-smtp-in.l.google.com 25
Trying 74.125.142.27...
...
Connected to gmail-smtp-in.l.google.com.
...
HELO <me@test.com>
...

However, I'm having trouble sending from my gmail account. From what I understand about SMTP, I should be using SMTP to send mail from < mygmailaddress@gmail.com > to the outgoing gmail SMTP servers, which in turn use SMTP to transfer the mail to the receivers incoming SMTP server ect.

However, I'm having difficulties. If I telnet into smtp.gmail.com via port 465 (gmail outgoing smtp mail server canonical), I'm immediately disconnected after starting with HELO <blah@blah.com>, or asked to STARTTLS. I can't find answers on how to proceed.

Any help is appreciated.

Sidenote: Currently I'm using Starbucks free Wi-Fi to access the internet. I'm actually unable to telnet directly from my computer (No route to host error). Instead, it only works if I ssh into a remote linux box on my school's network first, then telnet from there. Any idea why this is?

Thanks!

gone
  • 2,587
  • 6
  • 25
  • 32
  • Possible duplicate of [How to send email using simple SMTP commands via Gmail?](https://stackoverflow.com/questions/11046135/how-to-send-email-using-simple-smtp-commands-via-gmail) – iammilind Oct 10 '19 at 11:04

2 Answers2

27

First of all, it looks like you're using the wrong port. Gmail exposes port 465 for SMTP over SSL and port 587 for SMTP with STARTTLS, as documented here. The difference between these two is that SMTP over SSL first establishes a secure SSL/TLS connection and conducts SMTP over that connection, and SMTP with STARTTLS starts with unencrypted SMTP and then switches to SSL/TLS. This is why you don't get a response to your HELO.

$ telnet smtp.gmail.com 587
Trying 74.125.25.108...
Connected to gmail-smtp-msa.l.google.com.
Escape character is '^]'.
220 mx.google.com ESMTP fr1sm24834956pbb.26 - gsmtp
HELO <me@test.com>
250 mx.google.com at your service
STARTTLS
220 2.0.0 Ready to start TLS

But even if you telnet to port 587 you still aren't going to be able to send any email by hand. In order to do anything interesting you will have to STARTTLS, and you won't be able to handle the SSL/TLS binary protocol to negotiate the encryption.

rhashimoto
  • 15,650
  • 2
  • 52
  • 80
  • 5
    Check out Swaks to bridge the gap between raw telnet and a mail client. http://www.jetmore.org/john/code/swaks/ – Jed Nov 16 '13 at 18:05
  • for me STARTTLS did not worked, according to the documention 587 is used for TLS and 465 for SSL: https://support.google.com/a/answer/176600?hl=en – flotto Jul 04 '17 at 12:42
20

The telnet client will not negotiate a TLS session for you. You should use another tool, such as OpenSSL's s_client. The following issues the STARTTLS command for you and handles the TLS negotiation:

$ openssl s_client -starttls smtp -connect smtp.gmail.com:587 -crlf

Alternatively, you could connect directly to the SMTPS port:

$ openssl s_client -connect smtp.gmail.com:465 -crlf
Erwan Legrand
  • 4,148
  • 26
  • 26
  • Hi @Erwan Legrand I'm trying to implement an smtp daemon, and want to trigger the negotiation of a TLS session, but when I use openssl with the command you suggest here, I get this response "SSL handshake has read 2888 bytes and written 429 bytes Verification error: unable to get local issuer certificate --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Server public key is 256 bit Secure Renegotiation IS NOT supported". Any suggestions? – Eric Lang Apr 05 '21 at 05:26
  • @EricLang You need to pass the CA certificate to s_client using either -CAfile or -CApath. (A TLS server is supposed to send the full certificate chain. In practice, servers usually send the chain minus the root as they assume the client will already have a copy of the root certificates they trust.) – Erwan Legrand Apr 06 '21 at 07:27