Talk smtp to gmail with openssl s_client

Here are the basic commands to talk smtp to gmail.

We will send email from sender@gmail.com to recepient@gmail.com
The gmail password of sender@gmail.com is "my secret password".

Preparation:

To authenticate, we need our user/pass in base64 format:
base64("sender@gmail.com") = c2VuZGVyQGdtYWlsLmNvbQ0K
base64("my secret password") = bXkgc2VjcmV0IHBhc3N3b3Jk

To get the base64 encoded string, google "base64 online encoder" and click on any of the online encoder/decoders.

If you're using Gmail's two-step authentication

Go to https://security.google.com/settings/security/apppasswords and get a one-time password.

Ending the DATA of the email.

To end the DATA part, we need to press dot (".") and then Enter (which should send CRLF).

Important NOTE: I'm on a macbook, and the terminal client sends LF when I press enter. When I want to send CRLF, I press Ctrl+V, Enter. If you don't know what I'm talking about, after the dot (".") if it doesn't work with dot and Enter, press [dot, Ctrl+V, Enter].

The commands

We will use S_client which is like telnet, but supports SSL (encrypted telnet). You will need OpenSSL for that purpose.

[mihail@arch ~]# openssl s_client -connect smtp.gmail.com:587 -starttls smtp
[a lot of text will be printed - ssl info. For simplicity ignore it.]
---
250 SMTPUTF8
auth login
334 VXNlcm5hbWU6
c2VuZGVyQGdtYWlsLmNvbQ0K
334 UGFzc3dvcmQ6
bXkgc2VjcmV0IHBhc3N3b3Jk
235 2.7.0 Accepted
helo
250 mx.google.com at your service
mail from:<sender@gmail.com>
250 2.1.0 OK dc8smxxxxwib.7 - gsmtp
rcpt to:<recepient@gmail.com>
250 2.1.5 OK dc8smxxxxwib.7 - gsmtp
data
354 Go ahead dc8smxxxxwib.7 - gsmtp
from:<sender@gmail.com>
to:<recepient@gmail.com>
subject:manual smtp with gmail
some text as the body of the email
more lines of text

.
250 2.0.0 OK 1414600919 dc8smxxxxwib.7 - gsmtp
quit
221 2.0.0 closing connection dc8smxxxxwib.7 - gsmtp
read:errno=0
[mihail@arch ~]#

 

 

Update1:

If you want to use SSL 465, the command is:
#openssl s_client -connect smtp.gmail.com:465 -tls1

(here you need to start with HELO, and then AUTH LOGIN - I don't know why)

Update2:

Also, some accounts fail with:

3073894076:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:598:

I don't know why. It seems like it wants to fall back to ssl3.

5 thoughts on “Talk smtp to gmail with openssl s_client”

  1. The solution for Update2 is just typing everything (mainly rcpt to, because it seems that's where the error occurs) in lower case. It appears to be case sensitive. When I followed through your instructions it worked just fine.

    Also, you need to enable logging in from 'less secure apps' (e.g. OpenSSL) otherwise Google will consider it an attack, haha. To do that, go to https://www.google.com/settings/security/lesssecureapps and change it. Should work now [;

  2. Thought I'd share this: it would not accept my username or password, but I read on another site that you can't just press enter after username and password, you need to press ctrl+v+enter+enter. That worked for me.

    http://stackoverflow.com/questions/1516754/connecting-to-smtp-gmail-com-via-command-line

    "There is one more oddity to overcome if you're using OSx or Linux terminals. Just pressing the "ENTER" key does not apparently result in a CRLF which SMTP needs to end a message. You have to use "CTRL+V+ENTER". So, this should look like the following:
    ^M
    .^M
    250 2.0.0 OK"

Leave a Reply

Your email address will not be published. Required fields are marked *

Notify me of followup comments via e-mail. You can also subscribe without commenting.