Previous: sendmail gnutls now, Up: sendmail gnutls [Contents][Index]
We use as example the server smtp.gmail.com
, port 587
. You have to have an account
there to use it; do not bomb this server with fake connections. This server requests us to start an
ESMTP
dialogue, then issue the STARTTLS
command and build the encrypted bridge; once
the bridge is set up, we restart an ESMTP
dialogue and do the authentication and the message
delivery.
We start the connector like this:
$ gnutls-cli --starttls --port 587 smtp.gmail.com
if the connection succeeds: gnutls-cli
prints message lines on its standard output
explaining what is going on; at last comes the line of greetings from the server, which begins with
code 220
.
The --starttls option tells gnutls-cli
not to build the encrypted bridge
immediately; rather, it waits for a SIGALRM
signal, which we must deliver to it when we are
ready. The quickest way to send such a signal, when there is only one gnutls-cli
process
running, is:
$ kill -SIGALRM $(/sbin/pidof gnutls-cli)
beware that pidof
may be installed in other places on your system.
The server supports the AUTH PLAIN
authentication mechanism, which requires the base64
encoding of the user name and password stored in a special record; we can do it with the external
program base64
(which comes with GNU Coreutils) like this:
SECRETS=$(printf "\x00%s\x00%s" \ "${LOGIN_NAME}" "${PASSWORD}" | base64)
GNU Emacs users can do it with:
(setq my-auth (base64-encode-string (format "%c%s%c%s" 0 "the-user-name" 0 "the-pass-word")))
The authentication dialogue goes like this:
AUTH PLAIN
followed by the encoded credentials.
235
.
So, we can do the SMTP dialogue reported below by hand (which is an edited log of a session under
Emacs’ eshell); lines starting with recv>
are the ones received from the server, lines
starting with send>
are the ones we send to the server, the ellipses ...
are
replacements for server text we are not interested in.
$ gnutls-cli --crlf --starttls --port 587 smtp.gmail.com recv> 220 ... ESMTP ... send> ehlo localhost.localdomain recv> 250-... recv> 250-SIZE 35651584 recv> 250-8BITMIME recv> 250-STARTTLS send> 250-ENHANCEDSTATUSCODES recv> 250 PIPELINING send> starttls recv> 220 2.0.0 Ready to start TLS === here we deliver SIGALRM to the gnutls-cli process recv> *** Starting TLS handshake recv> - Certificate type: X.509 recv> - Got a certificate list of 1 certificates. recv> recv> - Certificate[0] info: recv> # The hostname in the certificate matches 'smtp.gmail.com'. recv> # valid since: .. recv> # expires at: ... recv> # fingerprint: ... recv> # Subject's DN: ... recv> # Issuer's DN: ... recv> recv> recv> - Peer's certificate issuer is unknown recv> - Peer's certificate is NOT trusted recv> - Version: TLS1.0 recv> - Key Exchange: RSA recv> - Cipher: ARCFOUR-128 recv> - MAC: MD5 recv> - Compression: NULL send> ehlo localhost.localdomain recv> 250-... recv> 250-SIZE 35651584 recv> 250-8BITMIME recv> 250-AUTH LOGIN PLAIN recv> 250-ENHANCEDSTATUSCODES recv> 250 PIPELINING send> auth plain <the-encoded-auth-credentials> recv> 235 2.7.0 Accepted send> mail from:<from-address@gmail.com> recv> 250 2.1.0 OK ... send> rcpt to:<to-address@poste.it> recv> 250 2.1.5 OK ... send> data recv> 354 Go ahead ... send> From: from-address@gmail.com send> To: to-address@poste.it send> Subject: interactive demo from gmail send> send> demo send> . recv> 250 2.0.0 OK ... send> quit recv> 221 2.0.0 closing connection ...
Previous: sendmail gnutls now, Up: sendmail gnutls [Contents][Index]