Exchange Server 2010 – SMTP Auth Login

Troubleshooting SMTP Auth Login with Telnet

This page explains the Microsoft syntax that SMTP needs to login to an Exchange server 2010.  Here are SMTP commands that you can try using telnet to test email.

Topics for Exchange SMTP Auth Login

0) Pre-requisite – Get Your Base64 Encoder

1) Launch Telnet from a Cmd Prompt

2) Type One Word: ehlo

3) SMTP Auth Login Plain

4a) Encrypted Username

4b) Encrypted Password

5) Sending Email

 ♠

Understanding the SMTP Auth Login Reasoning

I am embarrassed at how long it took me to master the SMTP verb Auth Login.  Rather than pretending that Auth Login is easy, I am going to go slowly and give you even more instructions than usual.  My mission is to explain how to send email from the command line. 

We will open a telnet shell and connect to the Exchange 2010 server.  Once we receive the 250 OK reply code, we will issue the SMTP commands to encode the password.

Before you go any further, ask your self, ‘do I really need to authenticate?’  Could I just try sending email using the plain commands, mail from: and rcpt to:?  Another benefit of trying this simpler technique is that you will gain experience of the telnet and SMTP commands before you grapple with Auth Login and encoding.

0) Pre-requisite – Get Your Base64 Encoder

It is essential that you obtain a base64 encoder.  Before you go any further you must be able to encode username and password.  For me, even this first step wasn’t easy, foolishly, I searched in Google for a 64Bit encrypter instead of a base64 encoder.  So here are two important lessons, pay attention to detail, and this is where you can get a good base64 encoder: Opinionated.

1) Launch Telnet From a Cmd Prompt

This part is easy. We are testing that the SMTP service is running on the Exchange 2010 server.  Here is your simple command to test the SMTP.  From the cmd prompt, type: Telnet server 25.  (Where ‘server’ is the HostName of your Exchange 2010 server.)

What you should see is this.

Learning Points

• 220 – A SMTP return code meaning success.
• guy.cp.com  – Is the fully qualified name of the server.
• Microsoft ESMTP MAIL Service – Tells you this mail server understands Extended SMTP.
• See here for my help troubleshooting NDR messages

Guy Recommends: The SolarWinds Exchange Monitor

Here is a free tool to monitor your Exchange Server.  Download and install the utility, then inspect your mail queues, monitor the Exchange server’s memory, confirm there is enough disk space, and check the CPU utilization.

This is the real deal – there is no catch.  SolarWinds provides this fully-functioning freebie, as part of their commitment to supporting the network management community.

Free Download of SolarWinds Exchange Monitor

2) Type One Word: ehlo 

This is what should happen when you carefully type: ehlo, then press the Enter key for a carriage return.

Learning Points

• ESMTP uses ehlo as a greeting – to establish an initial connection.
• SMTP uses helo instead of ehlo.
• 250 – Means that the action which you requested, completed OK.  (Remember codes beginning with 2yz indicate success.
• Note for simplicity, I have omitted the list of extra ESMTP verbs.

3) SMTP Auth Login Plain

Our mission is to login to our mailbox on the Exchange 2010 server.  Issue the following SMTP command in telnet: Auth Login (Where Auth means authenticate).  Naturally, you must know your mailbox name and its email address.  This must be your email domain, not your Active Directory domain.  As a precaution, go to Active Directory Users and Computers, user properties, Email Address tab and double check the spelling of your email address.

Username (Mailbox name) = guy

Email address = [email protected]

Next type just two words: auth login.  Naturally, follow with Enter (carriage return).

Learning Points

• There are lots of chances to make a mistake, thus once telnet launches start simply with just two words ‘auth login’.  No need for your username – yet.
• I expect you spotted that the command uses login not logON.
• Another surprise is the response: 334 VXNlcm5hbWU6.  All becomes clear when you realize that in base64, VXNlcm5hbWU6 decodes to Username:
• Time to get your base64 encoder at the ready. dillfrog.com.

4a) Encrypted Username

This is where you need to be precise.  Type your username in the encoder and then copy the encrypted result into memory (ctrl + c).  Now be careful, and right-click in the cmd window and select Paste from the short cut menu.  For example, guyt encodes to: UGF1bGluZTE= so that is what I pasted.  (Because ctrl + v does not work in the cmd shell, you must use that short cut menu.)

Learning Points

• If you get a second 334, but this time, 334 UGFzc3dvcmQ6, this is good news ,it means SMTP liked your username and now it wants your encoded password.
• You are not going mad, UGFzc3dvcmQ6 is different from VXNlcm5hbWU6.
• UGFzc3dvcmQ6 means Password:  Why not check with your base64 encoder / decoder?

4b) Encrypted Password

All you need now is to encrypt your password with the base64 encoder.  Once you have the string, copy then paste the password into the SMTP prompt, just as you did with the username.  (Remember the short cut menu, do NOT use ctrl + c.)

Learning Points

• If you have got this far – well done.  The hard part is over, you have mastered ‘auth login’ and base64.
• Unlike cmd, in SMTP you cannot use the doskey, the arrow keys just do not work.

SolarWinds Firewall Browser

Here is an utility where you can review firewall settings such as access control lists (ACL), or troubleshoot problems with network address translation (NAT).

Other reasons to download this SolarWinds Firewall Browser include managing requests to change your firewall settings, and testing firewall rules before you go live.

 Guy recommends that you download a copy of the SolarWinds free Firewall Browser.

5) Sending Email

Let us finish as we started, by paying attention to detail.  There are now 3 key commands to master,
mail from:
rcpt to:
data
Note the colon after from: and to:.  Also when you have typed the message, in this example ‘Please send cheque soonest’, remember the full stop ‘.’ or period as some call this key stroke.  To see what I mean, refer to the last but one line, it’s not empty there is a dot representing a full stop.

Learning Points

• Note the colon: after mail from: and rcpt to:
• Avoid this typing error, ‘mail to:’ is wrong.  What you mean is – ‘mail from:’.
• Once you type data, examine the response.  354 Start mail input, end with <CRLF>.<CRLF>.  SMTP is telling you to end with 2 carriage returns, but remember the full stop in between.
• When you have finished your SMTP / Telnet session type quit, then quit again.

6) Summary of SMTP Auth Login in Exchange Server 2010

I was surprised at how long it took me to understand the SMTP Auth Login command.  Begin by opening a telnet shell and then connect to your Exchange server.  Once you receive the 250 OK reply code, then issue the SMTP commands to encode the password. Naturally, it is essential that you obtain a base64 encoder because you must be able to encode username and password.

See more Microsoft Exchange Server 2010 topics:

• Exchange Home  • Exchange 2010 Transition  • Exchange 2010 Migration  • Exchange 2010 SP1

• Exchange MX Records  • Exchange 2010 Logs  • Exchange 2010 Circular Logging  • Exchange Stores

• Exchange 2010 GAL  • Exchange 2010 SMTP Connector  • Free Exchange Monitor  • Home