In this tutorial, I will show you how to send email via gmail server using openssl. Before you can use telnet to do it. But since Google implement TLS-encrypted connection, you can’t do that anymore unless you upgrade your telnet with ssl capability.
OpenSSL version that I use is OpenSSL 1.0.1f 6 Jan 2014. You can check your version using command openssl version -a.
darklinux@darklinux:~$ openssl version -a OpenSSL 1.0.1f 6 Jan 2014 built on: Thu Jun 11 15:26:18 UTC 2015 platform: debian-i386 options: bn(64,32) rc4(8x,mmx) des(ptr,risc1,16,long) blowfish(idx) compiler: cc -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DL_ENDIAN -DTERMIO -g -O2 -fstack-protector –param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 -Wl,-Bsymbolic-functions -Wl,-z,relro -Wa,–noexecstack -Wall -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM OPENSSLDIR: “/usr/lib/ssl” darklinux@darklinux:~$
Before we start, I will give you a prove that we can’t use telnet to connect to gmail server.
darklinux@darklinux:~$ telnet smtp.gmail.com 587
Trying 74.125.200.108…
Connected to gmail-smtp-msa.l.google.com.
Escape character is ‘^]’.
220 smtp.gmail.com ESMTP p8sm40810771pfi.34 – gsmtp
helo
250 smtp.gmail.com at your service
mail from: <taufanlinux@gmail.com>
530 5.7.0 Must issue a STARTTLS command first. p8sm40810771pfi.34 – gsmtp
darklinux@darklinux:~$ telnet smtp.gmail.com 465
Trying 74.125.68.108…
Connected to gmail-smtp-msa.l.google.com.
Escape character is ‘^]’.
helo
#####FConnection closed by foreign host.
darklinux@darklinux:~$
As you see above, both connection are rejected. Gmail server request for STARTTLS.
STARTTLS is an extension to plain text communication protocols, which offers a way to upgrade a plain text connection to an encrypted TLS (Trasnport Layer Security) or SSL (Secure Socket Layer) connection instead of using a separate port for encrypted communication.
What is openssl?
Before we start, I will explain a bit about OpenSSL. OpenSSL is general purpose cryptography library that provide open source implementation of TLS and SSL protocols. It was developed in 1998 and become widely used. In 2014 two thirds of all web servers use OpenSSL. Version are available for Linux, Solaris, Mac OS, BSD, OvenVMS and windows.
In order to connect to gmail server, you need to provide the user id and password. This user id and password must be convert to base64 encryption format because gmail server use this cipher encryption.
The format is: \000your_gmail\000your_password.
If my gmail user id is taufanlinux@gmail.com and my password is type123456, the format will be:
\000taufanlinux@gmail.com\000type123456.
You can use python to convert it to base64.
darklinux@darklinux:~$ python
Python 2.7.6 (default, Jun 22 2015, 18:00:18)
[GCC 4.8.2] on linux2
Type “help”, “copyright”, “credits” or “license” for more information.
>>> import base64
>>> authplain = base64.b64encode(‘\000taufanlinux@gmail.com\000type123456’)
>>> authplain
‘AHRhdWZhbmxpbnV4QGdtYWlsLmNvbQB0eXBlMTIzNDU2‘
>>>
AHRhdWZhbmxpbnV4QGdtYWlsLmNvbQB0eXBlMTIzNDU2 is my authentication code.
Below are the steps:
Step 1. Connect to gmail server.
After you get the authentication code, then you can connect to gmail server. Type openssl s_client -connect smtp.gmail.com:465 -crlf.
–s_client option will tell openssl to establish TLS/SSL client a transparent connection to a remote server.
–connect is command to connect to
–smtp.gmail.com is the remote server
–465 is the smtp server port.
–crlf (create line feed enter). Make sure to add this option otherwise you can’t send the email after you finish the email content with .(dot).
darklinux@darklinux:~$ openssl s_client -connect smtp.gmail.com:465 -crlf
CONNECTED(00000003)
depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA
verify error:num=20:unable to get local issuer certificate
verify return:0
—
Certificate chain
0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=smtp.gmail.com
i:/C=US/O=Google Inc/CN=Google Internet Authority G2
1 s:/C=US/O=Google Inc/CN=Google Internet Authority G2
i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
2 s:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
—
Server certificate
—–BEGIN CERTIFICATE—–
MIIEgDCCA2igAwIBAgIITzzp9mJ728kwDQYJKoZIhvcNAQELBQAwSTELMAkGA1UE
BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRl
cm5ldCBBdXRob3JpdHkgRzIwHhcNMTYwMTI3MTMxNTU5WhcNMTYwNDI2MDAwMDAw
WjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN
TW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEXMBUGA1UEAwwOc210
cC5nbWFpbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCX9nfK
WcIh8WVTpu31NGmHFkdWlFkizVNCGf8nJtAQ4k6Q3ok38ZLs+AcXROLuGdcliqJ4
AXlpf1sE3dhLkmJ/Ge9f+AMAO0yf0yibHcSXK0oy546T6D381hfB9o+vCkQLaWjk
Eyodumtlb1025i2+3h72Aax0AqRYetDsmlEu6HUdT/KOmDRhRq8mfeFtZ0Kdtnq/
q6x5pMlZfvAHYt21nCp+lLHCbppPu/fcMgbs9s39BEH9pY65M+AsLz0wNoLgyusX
L+gL3ZgO1bZsaOP6CsNF4ZzTEJC79v51RhaX2xu35dUN8Q/VjMHRrErH8sovLuXw
63/bCG7j1Jw+VVmtAgMBAAGjggFLMIIBRzAdBgNVHSUEFjAUBggrBgEFBQcDAQYI
KwYBBQUHAwIwGQYDVR0RBBIwEIIOc210cC5nbWFpbC5jb20waAYIKwYBBQUHAQEE
XDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtpLmdvb2dsZS5jb20vR0lBRzIuY3J0
MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50czEuZ29vZ2xlLmNvbS9vY3NwMB0G
A1UdDgQWBBSegxW81AyX1CL9DItwhfN+UNFFazAMBgNVHRMBAf8EAjAAMB8GA1Ud
IwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEvMCEGA1UdIAQaMBgwDAYKKwYBBAHW
eQIFATAIBgZngQwBAgIwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL3BraS5nb29n
bGUuY29tL0dJQUcyLmNybDANBgkqhkiG9w0BAQsFAAOCAQEAWzUFgHwcZK64kH9P
UJuhr+huE1+vEWQ+xJivjUqMg2Jm1KEX9QX8JCV8d9lvcxj2G7iqDowoJc55kEpP
m2HezvsLdfDrwMMPnAG1cmcmOZ67zHY+i64S/Xl0J56y1DTVPq7Oy1ZsqSNdpanv
rpilxEXy9Syu9AwWjABwkANcEYEir9FrowXjPCgzB6wdvO6R60wqdIBC+/7qNhtI
+AjTSoMypHx5dfHK7vNI0UEGktRF4VFOX70vrCdOGZ5l7LUHMlpL8BexcwcGj4pK
UAfn0RdHdtQ3mn0Ybgv2JZ8ayMVlZ4gVE+FYEIr+0CAfVR4l/odv2GRKzpTrNeWE
VhTzbg==
—–END CERTIFICATE—–
subject=/C=US/ST=California/L=Mountain View/O=Google Inc/CN=smtp.gmail.com
issuer=/C=US/O=Google Inc/CN=Google Internet Authority G2
—
No client certificate CA names sent
—
SSL handshake has read 3727 bytes and written 421 bytes
—
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES128-GCM-SHA256
Session-ID: 96046DE5F3B84FD91F77CC0F426737A5525F9A8D24D97C79A2E81920C4883235
Session-ID-ctx:
Master-Key: 026F4D4E1AF8C445AF39AA99DB3C40EE916901102B4BC4CFA7A29B06F85EFA5D2E052BDD33F5DFD56CE63C71BCE7C3EA
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 100800 (seconds)
TLS session ticket:
0000 – 81 3f 63 38 6f 95 ba bb-63 8d f5 8c 7c ba cd 47 .?c8o…c…|..G
0010 – ce 38 c2 d2 3e ef 7c 04-13 cf 14 a9 8f a1 6f d8 .8..>.|…….o.
0020 – e9 c6 52 0b 14 1c c7 04-4c c9 02 b4 fc 1f 4d 53 ..R…..L…..MS
0030 – 50 73 a3 b9 92 3d 3e e8-02 38 6d b5 a3 22 db 89 Ps…=>..8m..”..
0040 – 24 19 04 22 00 54 3a 45-04 8e db f0 c7 60 4d 0a $..”.T:E…..`M.
0050 – da 4b 63 cb 6b 71 66 c5-8d 4a a8 d0 37 67 79 7e .Kc.kqf..J..7gy~
0060 – 20 10 35 89 aa 34 c2 63-d4 a9 a0 39 7c 25 b6 4a .5..4.c…9|%.J
0070 – 80 ad 78 ca 66 02 44 66-75 07 d4 71 88 a0 30 37 ..x.f.Dfu..q..07
0080 – 0a 51 c8 98 d4 03 fa e9-05 86 d3 64 af e9 fa 20 .Q………d…
0090 – 55 fc d5 22 cb 60 d4 95-c9 18 1f ce b5 1d 5c 2b U..”.`……..\+
00a0 – 9e d4 1d 7e …~
Start Time: 1454911916
Timeout : 300 (sec)
Verify return code: 20 (unable to get local issuer certificate)
—
220 smtp.gmail.com ESMTP xz6sm40211442pab.42 – gsmtp
Step 2.Say Hello to smtp server.
Some smtp server use ‘helo‘ some use ‘ehlo (extended helo)’. No need to put word after it.
You will get commands available is the smtp server is ready for your service.
ehlo
250-smtp.gmail.com at your service, [180.252.140.219]
250-SIZE 35882577
250-8BITMIME
250-AUTH LOGIN PLAIN XOAUTH2 PLAIN-CLIENTTOKEN OAUTHBEARER XOAUTH
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-CHUNKING
250 SMTPUTF8
Step 3. Login to the server
You can use Auth Login or Auth Plain. In this tutorial I use auth plain.
Put your attentication code after auth plain. You will get 235 2.7.0 Accepted if your user id and password are correct.
auth plain AHRhdWZhbmxpbnV4QGdtYWlsLmNvbQB0eXBlMTIzNDU2
235 2.7.0 Accepted
Step 4. Set your destination email and send it.
There are few data that you need to set.
–mail from: <your gmail address> → your email address
–rcpt to: <your destination email> → recipient address or your destination email address.
–data → to set your email content.
-. (dot) → to end your email content and send it.
mail from: <taufanlinux@gmail.com>
250 2.1.0 OK xz6sm40211442pab.42 – gsmtp
rcpt to: <taufanlinux@gmail.com>
250 2.1.5 OK xz6sm40211442pab.42 – gsmtp
data
354 Go ahead xz6sm40211442pab.42 – gsmtp
this is a test.
.
250 2.0.0 OK 1454912007 xz6sm40211442pab.42 – gsmtp
If you get 250 2.0.0 OK,it mean your email has already sent.
This link will take you to Google Developers Console website. You need to sign in with the gmail account that you want to use for sending WordPress emails.
Thanks for the tutorial.I am not getting the last mail sent message like 250 2.0.0 OK .It keeps stuck after sending mail?
I have the same situation, I dont get the last mail sent message. It seems, the . (dot is not recognized), has anyone solved that?
I have the same situation, I dont get the last mail sent message. It seems, the . (dot is not recognized), has anyone solved that?