I’m building a new pair of ‘mail-relay’ servers for customers to mail out through. Customers can only use SMTP-AUTH to send mail, but i needed a method of testing the mechanism. Actually I’ll be using MySQL based usernames and passwords, but before I get stuck into pam-mysql i needed to test it was working on system accounts. To test you need to base64 encode the username and password to submit them via the command line. Ive added an account allied ‘mutest’ with a password of ‘mytest99’ to demonstrate. Don’t’t worry, the account has now been deleted! First job is to get the encoded hashes for which we use a command line perl script.
# perl -MMIME::Base64 -e 'print encode_base64("mytest")' bXl0ZXN0 # perl -MMIME::Base64 -e 'print encode_base64("mytest99")' bXl0ZXN0OTk=
Ok thats the hashing done, now we can test the SMTP-AUTH system.
# telnet 127.0.0.1 25 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 mailout1.gconnect.net ESMTP Mail Service; Wed, 4 Jan 2012 12:41:44 GMT ehlo gconnect.net 250-mailout1.gconnect.net Hello localhost [127.0.0.1], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-EXPN 250-VERB 250-8BITMIME 250-SIZE 30000000 250-DSN 250-ETRN 250-AUTH LOGIN PLAIN 250-DELIVERBY 250 HELP auth login 334 VXNlcm5hbWU6 bXl0ZXN0 334 UGFzc3dvcmQ6 bXl0ZXN0OTk= 235 2.0.0 OK Authenticated
So thats a success! Although we need to test a failure too, so i’ll make a new hash of the wrong password:
# perl -MMIME::Base64 -e 'print encode_base64("mytest98")' bXl0ZXN0OTg=
Now i’ll do it all again with the incorrect password.
[root@mailout1 ~]# telnet 127.0.0.1 25 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 mailout1.gconnect.net ESMTP Mail Service; Wed, 4 Jan 2012 12:45:40 GMT ehlo gconnect.net 250-mailout1.gconnect.net Hello localhost [127.0.0.1], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-EXPN 250-VERB 250-8BITMIME 250-SIZE 30000000 250-DSN 250-ETRN 250-AUTH LOGIN PLAIN 250-DELIVERBY 250 HELP auth login 334 VXNlcm5hbWU6 bXl0ZXN0 334 UGFzc3dvcmQ6 bXl0ZXN0OTg= 535 5.7.0 authentication failed
Pretty straightforward, but not something we do every day.