Saturday, 17 December 2011

Testing Linux Mail Servers with OpenSSL


Testing POP3 TLS/SSL

Telnet does not support any encryption. If you are protecting your POP3 sessions with TLS/SSL then you need s_client, which is part of OpenSSL. You can query both local and remote mail servers, using your own server names of course. Commands that you type are in bold:
openssl s_client -connect localhost.com:995
openssl s_client -connect remotehost.com:995
You'll see a whole lot of lines about certificates and protocols, and eventually something like this:


--- 
+OK Dovecot ready.
Now we know we're talking to a Dovecot server. Dovecot supports both secure POP3 and secure IMAP. Now I can give Dovecot my login. Note that if you enter an invalid username it won't tell you, but will still say +OK:
+OK Dovecot ready. 
user carla 
+OK 
pass password 
+OK Logged in.
Let's see if I have any messages:
list 
+OK 2 messages: 
1 1759 
2 12422
Yay, two messages for me! Use the retr command to read them:
retr 1 
+OK 1759 octets 
[snip headers] 
Date: Tue, 15 Feb 2011 11:56:48 -0800 
From: Mom 
To: carla@example.com 
Subject: dinner this weekend 
[snip message-id]
Hello Little Carla,
We're having a little get-together this weekend and hope you can come. Bring your fabulous chicken skewers.
Love, 
the Mama
To read the second message type retr 2. To delete messages type dele followed by the message number, for example dele 1. Messages are not really deleted until you type quit, so you can change your mind and un-delete with the rset command, which un-deletes all messages marked for deletion.
You may need to use the domain name on a remote server to log in, for example user carla@example.com. RFC 1939 contains a complete listing of POP3 commands.

Testing IMAP TLS/SSL

This is how to talk to an IMAP server over TLS/SSL. Again, commands that you type are in bold, and remember to use your own server name and login:
openssl s_client -connect localhost.com:993
CONNECTED(00000003) 
[snip mass certificate and protocol lines] 
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE AUTH=PLAIN AUTH=LOGIN] Dovecot ready.
login carla password 
a001 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT IDLE CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS QUOTA] Logged in
Hurrah, we're in! Now let's list mailboxes:
a002 list "" "*" 
* LIST (\HasChildren) "." "INBOX" 
* LIST (\HasNoChildren) "." "INBOX.INBOX_Trash" 
* LIST (\HasNoChildren) "." "INBOX.Trash" 
* LIST (\HasNoChildren) "." "INBOX.read" 
* LIST (\HasNoChildren) "." "INBOX.Queue" 
* LIST (\HasNoChildren) "." "INBOX.INBOX_Drafts"
And let's see what's in the Inbox:
a003 examine inbox 
* FLAGS (\Answered \Flagged \Deleted \Seen \Draft Junk NonJunk) 
* OK [PERMANENTFLAGS ()] Read-only mailbox. 
* 10 EXISTS 
* 0 RECENT 
* OK [UNSEEN 1] First unseen. 
* OK [UIDVALIDITY 1291459647] UIDs valid 
* OK [UIDNEXT 8026] Predicted next UID 
* OK [HIGHESTMODSEQ 2710] Highest 
a003 OK [READ-ONLY] Select completed.
There are ten messages; let's read the body of the fourth one without the headers:
a004 4 rfc822.text 
* 4 FETCH (RFC822.TEXT {857} 
On Tue, 15 Feb 2011 11:44:21 -0800 
Edwin Hungrytum wrote:
I hear there is going to be food this weekend-- may I come?
Thanks! 
Edwin
a005 OK Fetch completed.
I'm bored with reading email this way, so it's time to go:
a005 logout 
* BYE Logging out 
a005 OK Logout completed. 
closed
There are many different commands for listing messages, and reading headers and selected headers. Read all about them in RFC 3501.


1 comment:

  1. What is Linux Mail server and how its working all the points get it from through this blog.Most of the people like this kind of valuable tips.web hosting

    ReplyDelete