用 telnet 測試郵件帳密及支援的認證方式

續 使用 telnet 驗證 email 密碼對不對 與 使用 telnet 加上 auth 寄信

一般我們用 telnet 到郵件主機的 25 並 helo 一下就可以知道郵件主機支援了什麼驗證帳密的方式，通常有 login 、cram-md5、plain

telnet 1.1.1.1 25
Trying 1.1.1.1...
Connected to 1.1.1.1.
Escape character is '^]'.
220 xxxxxxxxxxxxxxx ESMTP
ehlo wow
250-xxxxxxxxxxxxxxx
250-AUTH=LOGIN CRAM-MD5 PLAIN # <--- 支援認證方式
250-AUTH LOGIN CRAM-MD5 PLAIN
250-STARTTLS
250-PIPELINING
250 8BITMIME

我們來一一測試如何驗證

AUTH LOGIN

telnet 1.1.1.1 25
Trying 1.1.1.1...
Connected to 1.1.1.1.
Escape character is '^]'.
220 xxxxxxxxxxxxxxxxxx ESMTP
ehlo wow
250-xxxxxxxxxxxxxxxxxx
250-AUTH=LOGIN CRAM-MD5 PLAIN
250-AUTH LOGIN CRAM-MD5 PLAIN
250-STARTTLS
250-PIPELINING
250 8BITMIME
auth login
334 VXNlcm5hbWU6
Y3Jvc3NAc3NvcmMudHc=  # 輸入字串，printf "[email protected]" | base64，這是帳號
334 UGFzc3dvcmQ6
MTIzNDU2              # 輸入字串，printf "123456" | base64 所產生，這是密碼
235 go ahead

出現 go ahead 就是成功了

AUTH PLAIN

telnet 1.1.1.1 25
Trying 1.1.1.1...
Connected to 1.1.1.1.
Escape character is '^]'.
220 xxxxxxxxxxxxxxx ESMTP
ehlo wow
250-xxxxxxxxxxxxxxx 
250-AUTH=LOGIN CRAM-MD5 PLAIN
250-AUTH LOGIN CRAM-MD5 PLAIN
250-STARTTLS
250-PIPELINING
250 8BITMIME
auth plain AGNyb3NzQHNzb3JjLnR3CjM0NTY=   # 輸入字串，printf "\[email protected]\0123456" | base64
235 go ahead

AUTH CRAM-MD5

telnet 1.1.1.1 25
Trying 1.1.1.1...
Connected to 1.1.1.1.
Escape character is '^]'.
220 xxxxxxxxxxxxxxx ESMTP
ehlo wow
250-xxxxxxxxxxxxxxx 
250-AUTH=LOGIN CRAM-MD5 PLAIN
250-AUTH LOGIN CRAM-MD5 PLAIN
250-STARTTLS
250-PIPELINING
250 8BITMIME
auth cram-md5
334 PDE3MDIuMTMxxxxxxxxxxxxbzE5OS0zMi5hc2lhd2hlcmUuY29tPg==  # 先到這邊，把這字串交給 script 產生出另一組

script 如下，來源

#!/usr/bin/perl -w
use strict;
# Paul Makepeace <http://paulm.com>, 2002-10-12
# Takes user, key, and base-64 encoded challenge and returns base-64
# encoded CRAM. See,
# IMAP/POP AUTHorize Extension for Simple Challenge/Response:
# RFC 2195 http://www.faqs.org/rfcs/rfc2195.html
# SMTP Service Extension for Authentication:
# RFC 2554 http://www.faqs.org/rfcs/rfc2554.html
# Args: tim tanstaaftanstaaf PDE4OTYuNjk3MTcwOTUyQHBvc3RvZmZpY2UucmVzdG9uLm1jaS5uZXQ+
# should yield: dGltIGI5MTNhNjAyYzdlZGE3YTQ5NWI0ZTZlNzMzNGQzODkw
use Digest::HMAC_MD5 qw(hmac_md5_hex);
use MIME::Base64 qw(decode_base64 encode_base64);
die "$0 user key challenge\n" unless @ARGV == 3;
my ($user, $key, $challenge) = @ARGV;
my $challenge_data = decode_base64($challenge);
my $hmac_digest = hmac_md5_hex($challenge_data, $key);
my $response = encode_base64("$user $hmac_digest");
print "\nChallenge: $challenge_data \nHMAC digest: $hmac_digest \nCRAM Base64: $response";

perl script [email protected] 123456 PDE3MDIuMTMxxxxxxxxxxxxbzE5OS0zMi5hc2lhd2hlcmUuY29tPg==

產生如下

Challenge: <1702.1395907935@xxxxxxxxxxxxxxxxxxxxx>
HMAC digest: e0710737aee2xxxxxc1aa32a3c24f1e8
CRAM Base64: Y3Jvc3NAc3NvcmMuxxx3xxxWUyZWQ1ZmVjMWFhMzJhM2MyNGYxZTg=

就拿 CRAM Base64 貼上去就可以了

Y3Jvc3NAc3NvcmMuxxx3xxxWUyZWQ1ZmVjMWFhMzJhM2MyNGYxZTg=
235 go ahead