SMTP mail relays exposed to the internet typically use a combination of SSL and authenticated SMTP to avoid abuse by malicious actors.
This is an excellent choice from a security perspective, but makes smoke testing a bit more complex than just opening telnet.
Take note that SMTP AUTH as a standalone feature can be tested with plain telnet, but when it is combined with SMTP over TLS/SSL then openssl needs to be used.
The easiest way to satisfy an SMTP server that implements the authentication service extension is to individually base64 encode the username and password and provide these encoded values when prompted by the server (AUTH LOGIN).
Start by encoding your credentials for later use:
$ echo 'myuser' | base64 bXl1c2VyCg== $ echo 'mypass!' | base64 bXlwYXNzIQo=
Now use openssl to start a TLS/SSL connection to the SMTP server. Make sure to use the ‘-quiet’ parameter to avoid the annoying problem where pressing the letter ‘R’ causes a renegotiation of the connection.
$ openssl s_client -starttls smtp -crlf -quiet -connect mysecure.smtp.com:587 250 AUTH=PLAIN LOGIN
Then, tell the server you want to authenticate by typing ‘AUTH LOGIN’ and providing the Base64 encoded value of the username.
AUTH LOGIN 334 VXNlcm5hbWU6 bXl1c2VyCg==
The response ‘VXNlcm5hbWU6’ when Base64 decoded says ‘Username:’ (echo ‘VXNlcm5hbWU6’ | base64 -d). You will now be prompted for the password, provide the Base64 encoded value.
334 UGFzc3dvcmQ6 bXlwYXNzIQo=
If successful, you will see a success message.
235 Authentication successful
Note that ‘AUTH PLAIN’ is essentially the same, but you must provide a single Base64 string that looks like ‘<username>\0<username>\0password’. You would generate this Base64 value like this:
$ echo 'myuser\0myuser\0mypass!' | base64
And would use this single SMTP command to authenticate, instead of separate username and password values.
AUTH PLAIN bXl1c2VyXDBteXVzZXJcMG15cGFzcyEK 235 Authentication successful
Send Test Email
After authentication, the exchange looks like just like our standard SMTP exchange for an email.
EHLO <CLIENTHOST> MAIL FROM: <FROM> RCPT TO: <TO> DATA Subject: testing123 this is a test . QUIT
If you need to test authenticated SMTP on Windows, you can use Powershell as described in my article here.