Using telnet to test authenticated relay in Exchange 2010

Using telnet to test authenticated relay in Exchange

January 12, 2010 in Microsoft | 3 comments

Many times I find myself wanting to test the SMTP service in Exchange.  Unfortunately, without using OWA or the actual outlook client there aren’t many options.  Some time ago, a colleague of mine showed me how to test exchange by using telnet and connecting to the server on port 25.  Not only will this give you the error codes for SMTP events but it lets you test internal, external, authenticated, and unauthenticated relay.  So from a sys admin point of view it’s pretty crucial to be able to test this when you are configuring an appliance or a piece of software to send email notifications.

-Insert your relevant information between <>
-Console prompts are show in green
-Text in blue are variable names I made up, feel free to change them

Connect to the SMTP Server
C:>telnet <SMTP Server name or IP> 25

If the connection is successful you should receive the SMTP Server banner. It should look something like this and return the 220 code on the first line.

220 SMTPServer.testdomain.local Microsoft ESMTP MAIL Service ready at Sat, 8 Jan 21
10 6:03:15 –0600

If you receive output, try saying hello to the server with the ‘ehlo’ command.  After you press ENTER you should receive a list of available options on that particular SMTP server.  Take note of the line that reads ‘250-AUTH NTLM LOGIN’.  If you want to test authenticated SMTP, you need to have the ‘AUTH LOGIN’ command available.  AUTH LOGIN translates to basic authentication.  For instance, this server supports both NTLM and basic authentication.

250-SMTPServer.testdomain.local Hello []

If you don’t see the option for ‘AUTH LOGIN’ check your SMTP server settings.  In Exchange 2007, you can open the Exchange management console, browse to Server Configuration, select Hub Transport, and then check the properties of the default receive connector.  In particular, check the authentication tab.  It should look something like this…
imageNote that basic authentication is selected.  Also ensure that the check box beneath basic authentication (Offer Basic authentication only after starting TLS) is unchecked.  If it’s checked you probably won’t get the ‘AUTH LOGIN’ option.

Once we have basic authentication configured we can try sending a email.

Login to the STP Server
334 VXNlcm5hbWU6

It’s important to note here that authentication in SMTP is done using Base64 encoded phrases.  So when I enter ‘AUTH LOGIN’ and press enter the server returns ‘VXNlcm5hbWU6’ which is Base64 for Username:.  Any and all parts of the authentication discussion will be in Base64.  I use this web site…

to do Base64 encodes and decodes.  You can Google for a different method if you prefer.  Let’s do the entire authentication conversation in Base64 and then I’ll show the translated input and output.

Conversation in Base64
334 VXNlcm5hbWU6
334 UGFzc3dvcmQ6
235 2.7.0 Authentication successful

Translated back to plain text
334 Username:
334 Password:
235 2.7.0 Authentication successful

Once we receive the authentication successful response we can test sending a email as that particular user.  This is no different then sending a test email through telnet without the authentication piece.

Send the test email
250 2.1.0 Sender OK
250 2.1.5 Recipient OK
354 Start mail input; end with <CRLF>.<CRLF>
This is a test email
250 2.6.0 <4b5125d60-e494-47f2-9917-7bd91e455544@SMTPServer.testdomain.local> Queued
mail for delivery

There is one item that I got hung up on the first time I tried testing this.  Basically you can’t make typos.  For instance if I typed..

mail frrom:

Realized that I spelled from wrong, backspaced, spelled it correctly, and then finished the command by pressing enter I would receive this error.

501 5.5.4 Unrecognized parameter

That’s because it takes all of your input and assumes its one line.  It looks like the line is correct but all of those backspaces really didn’t do anything.  If you receive the error type the line again and ensure that you type it correctly the first time.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s