Connecting to Your SMTP Server with the SMTP-AUTH Login Command

SMTP is the standard protocol for e-mail traffic. Either for sending e-mail from an e-mail client such as Windows Mail in Vista or Outlook Express in previous Windows versions, to entire mail servers sending e-mail between themselves across the Internet.

SMTP used to be anonymous in its origins, with authentication implemented during its evolution. Originally, SMTP servers were typically internal to an organization, receiving mail that was destined for the organization from the outside. These servers were also responsible for relaying messages from the organization to the outside. But, with time, SMTP servers evolved to become message submission agents for e-mail user agents, some of which were now relaying mail from the outside of an organization, such as when a company mobile worker that wants to send e-mail while on a trip using the corporate SMTP server. This meant that the SMTP protocol had to include specific rules and methods for relaying mail and authenticating users to prevent abuses such as spam relaying.
Note: An open mail relay is an SMTP server configured in such a way that it allows anyone on the Internet to send e-mail through it, not just mail destined to or originating from known users.
While SMTP-AUTH is generally a security improvement over unauthenticated SMTP, it can also introduce a weakness. If authenticated users are allowed to submit messages from IP addresses and unauthenticated users are not, then an attacker who manages to get the credentials of one user’s account is then able to use the authenticated server as an open mail relay. Therefore, every user’s password now becomes a key to the mail system’s security. A good password policy can effectively prevent such an attack.
For more information about SMTP, refer to RFC 821, RFC 2821, RF 2554, RFC 4954 and RFC 5321.
You can use the TELNET command to test and perform SMTP connections and send e-mail.
You can read more about SMTP in my articles on  testing SMTP service in IIS and Exchange and SMTP, POP3 and Telnet in Exchange.
Generally, in order to connect to an SMTP server and send a test email, you need to perform the following tasks:

telnet mail.kuku.co.il 25

Note: I’ve used my own incoming mail server. However, you can do the same for ANY mail server – for more information about MX records, check out a previous article I wrote on  configuring MX Records for incoming SMTP email.
Next, you issue a set of textual commands that perform the actual mail sending process:

220 mail.kuku.co.il hello ESMTP Sat, 6 Jun 2009 07:11:14 -0400
ehlo
250-mail.kuku.co.il Hello [xxx.xxx.xxx.xxx]
250-TURN
250-SIZE 104857600
250-ETRN
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-8bitmime
250-BINARYMIME
250-CHUNKING
250-VRFY
250-TLS
250-STARTTLS
250-X-EXPS GSSAPI NTLM LOGIN
250-X-EXPS=LOGIN
250-AUTH GSSAPI NTLM LOGIN
250-AUTH=LOGIN
250-X-LINK2STATE
250-XEXCH50
250 OK
mail from: [email protected]
250 2.1.0 [email protected] OK
rcpt to: [email protected]
250 2.1.5 [email protected]
data
354 Start mail input; end with <CRLF>.<CRLF>
This is a test.
.
250 2.6.0 <[email protected]> Queued mail for
delivery
quit
221 2.0.0 mail.kuku.co.il Service closing transmission channel
Connection to host lost.

Note: I’ve removed my IP address, sending e-mail address, and receiving e-mail address from the above sample.
Next, I wanted to be able to send an e-mail through the mail server to an external recipient, that would be considered as relaying. However, since most modern mail servers will not allow for unauthenticated SMTP connections to relay mail through them, we must now add the SMTP-AUTH command to the test procedure. The SMTP-AUTH extension is defined in RFC 4954.
For example, again using my own server:

220 mail.kuku.co.il hello ESMTP Sat, 6 Jun 2009 07:11:14 -0400
ehlo
250-mail.kuku.co.il Hello [xxx.xxx.xxx.xxx]
250-TURN
250-SIZE 104857600
250-ETRN
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-8bitmime
250-BINARYMIME
250-CHUNKING
250-VRFY
250-TLS
250-STARTTLS
250-X-EXPS GSSAPI NTLM LOGIN
250-X-EXPS=LOGIN
250-AUTH GSSAPI NTLM LOGIN
250-AUTH=LOGIN
250-X-LINK2STATE
250-XEXCH50
250 OK
mail from: [email protected]
250 2.1.0 [email protected] OK
rcpt to: [email protected]
550 5.1.1 Bad destination mailbox address ([email protected]).
Connection to host lost

Relaying to [email protected] is blocked.


So in order to be able to do so, I would have to authenticate to the server prior to attempting to send the e-mail.
Since do I have a valid user name and password, I can use these to authenticate. However, there is one major obstacle in front of us. The encoding of the SMTP-AUTH command. What we need to do is get a base64 encoding of our user name and password.
There are some base64 encoders available, but I personally like using Eb64 and Db64, available here for free:
Small Utils:
http://www.dlcsistemas.com/html/other_utils.html
So, assuming my user name and passwords for my account are:

[email protected]
myPASSWORD

I run this command:

EB64.EXE /t [email protected]

and get this output:

bXl1c2VybmFtZUBrdWt1LmNvLmls

And for this command:

EB64.EXE /t myPASSWORD

I get this output:

bXlQQVNTV09SRA==

The process of authentication is simple. You issue an AUTH LOGIN command prior to providing the source and destination e-mail addresses. From that point onwards, the server and the client “speak” in base64 encoding.
The server should return a 334 VXNlcm5hbWU6 message. This is a base64 encoded string asking you for your username.
After providing it in,the server should have returned 334 UGFzc3dvcmQ6. Again this is a base64 encoded string now asking for your password.
Once you provide that, the server performs the authentication, and if successful, will respond with a 235 2.7.0 Authentication successful message.
So now I go back to my TELNET window and incorporate this information in my connection the the SMTP server:

220 mail.kuku.co.il hello ESMTP Sat, 6 Jun 2009 07:11:14 -0400
ehlo
250-mail.kuku.co.il Hello [xxx.xxx.xxx.xxx]
250-TURN
250-SIZE 104857600
250-ETRN
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-8bitmime
250-BINARYMIME
250-CHUNKING
250-VRFY
250-TLS
250-STARTTLS
250-X-EXPS GSSAPI NTLM LOGIN
250-X-EXPS=LOGIN
250-AUTH GSSAPI NTLM LOGIN
250-AUTH=LOGIN
250-X-LINK2STATE
250-XEXCH50
250 OK
auth login
334 VXNlcm5hbWU6
bXl1c2VybmFtZUBrdWt1LmNvLmls
334 UGFzc3dvcmQ6
bXlQQVNTV09SRA==
235 2.7.0 Authentication successful.
mail from: [email protected]
250 2.1.0 [email protected] OK
rcpt to: [email protected]
250 2.1.5 [email protected]
data
354 Start mail input; end with <CRLF>.<CRLF>
This is a test.
.
250 2.6.0 <[email protected]> Queued mail for
delivery
quit
221 2.0.0 mail.kuku.co.il Service closing transmission channel
Connection to host lost.

This concludes the action, and the e-mail was successfully sent.