Troubleshooting SMTP Auth Login with Telnet
This page explains the Microsoft syntax that SMTP needs to login to an Exchange server 2010. Here are SMTP commands that you can try using telnet to test email.
Topics for Exchange SMTP Auth Login
0) Pre-requisite – Get Your Base64 Encoder
1) Launch Telnet from a Cmd Prompt
♠
Understanding the SMTP Auth Login Reasoning
I am embarrassed at how long it took me to master the SMTP verb Auth Login. Rather than pretending that Auth Login is easy, I am going to go slowly and give you even more instructions than usual. My mission is to explain how to send email from the command line.
We will open a telnet shell and connect to the Exchange 2010 server. Once we receive the 250 OK reply code, we will issue the SMTP commands to encode the password.
Before you go any further, ask your self, ‘do I really need to authenticate?’ Could I just try sending email using the plain commands, mail from: and rcpt to:? Another benefit of trying this simpler technique is that you will gain experience of the telnet and SMTP commands before you grapple with Auth Login and encoding.
0) Pre-requisite – Get Your Base64 Encoder
It is essential that you obtain a base64 encoder. Before you go any further you must be able to encode username and password. For me, even this first step wasn’t easy, foolishly, I searched in Google for a 64Bit encrypter instead of a base64 encoder. So here are two important lessons, pay attention to detail, and this is where you can get a good base64 encoder: Opinionated.
1) Launch Telnet From a Cmd Prompt
This part is easy. We are testing that the SMTP service is running on the Exchange 2010 server. Here is your simple command to test the SMTP. From the cmd prompt, type: Telnet server 25. (Where ‘server’ is the HostName of your Exchange 2010 server.)
Telnet server 25
What you should see is this.
220 guy.cp.com Microsoft ESMTP MAIL Service, ……
Learning Points
- 220 – A SMTP return code meaning success.
- guy.cp.com – Is the fully qualified name of the server.
- Microsoft ESMTP MAIL Service – Tells you this mail server understands Extended SMTP.
- See here for my help troubleshooting NDR messages
Guy Recommends: The SolarWinds Exchange Monitor
Here is a free tool to monitor your Exchange Server. Download and install the utility, then inspect your mail queues, monitor the Exchange server’s memory, confirm there is enough disk space, and check the CPU utilization.
This is the real deal – there is no catch. SolarWinds provides this fully-functioning freebie, as part of their commitment to supporting the network management community.
Free Download of SolarWinds Exchange Monitor
2) Type One Word: ehlo
This is what should happen when you carefully type: ehlo, then press the Enter key for a carriage return.
220 guy.cp.com Microsoft ESMTP MAIL Service,
ehlo
250 guy.cp.com Hello [10.2.1.10]
more… verbs
250 OK
Learning Points
- ESMTP uses ehlo as a greeting – to establish an initial connection.
- SMTP uses helo instead of ehlo.
- 250 – Means that the action which you requested, completed OK. (Remember codes beginning with 2yz indicate success.
- Note for simplicity, I have omitted the list of extra ESMTP verbs.
3) SMTP Auth Login Plain
Our mission is to login to our mailbox on the Exchange 2010 server. Issue the following SMTP command in telnet: Auth Login (Where Auth means authenticate). Naturally, you must know your mailbox name and its email address. This must be your email domain, not your Active Directory domain. As a precaution, go to Active Directory Users and Computers, user properties, Email Address tab and double check the spelling of your email address.
Username (Mailbox name) = guy
Email address = [email protected]
Next type just two words: auth login. Naturally, follow with Enter (carriage return).
220 guy.cp.com Microsoft ESMTP MAIL Service
ehlo
250 guy.cp.com Hello [10.2.1.10]
more… verbs
250 OK
auth login
334 VXNlcm5hbWU6
Learning Points
- There are lots of chances to make a mistake, thus once telnet launches start simply with just two words ‘auth login’. No need for your username – yet.
- I expect you spotted that the command uses login not logON.
- Another surprise is the response: 334 VXNlcm5hbWU6. All becomes clear when you realize that in base64, VXNlcm5hbWU6 decodes to Username:
- Time to get your base64 encoder at the ready. dillfrog.com.
4a) Encrypted Username
This is where you need to be precise. Type your username in the encoder and then copy the encrypted result into memory (ctrl + c). Now be careful, and right-click in the cmd window and select Paste from the short cut menu. For example, guyt encodes to: UGF1bGluZTE= so that is what I pasted. (Because ctrl + v does not work in the cmd shell, you must use that short cut menu.)
®