You can not telnet to a modern IMAP or POP3 server, since TELNET does not have session encryption to protect the confidentiality of the password.
I guess modern servers only support connections over SSL (and telnet-ssl must not count as "TELNET"), and logging in with anything other than plaintext passwords is impossible by hand. Since I do this all the time, I thought it a bit odd. I suppose Mr. Crispin simply wanted to discourage insecure logins, or perhaps he just thinks it is difficult enough to respond to, say, a Cram-MD5 challenge that it may as well be considered impossible in casual conversation.
I've had this Python utility lying around for a while, this seems like a good opportunity to share it.
if args is None:
args = sys.argv[1:]
response = hmac.HMAC(args, args.decode('base64')).hexdigest()
print (args + ' ' + response).encode('base64')
if __name__ == '__main__':
I use it pretty frequently, since I work with IMAP4, SMTP, and POP3 servers and clients a lot, and it is generally too time consuming to use an actual client, and usually actual clients won't give me the information I want anyway. Here's an example of its usage (italics are things I send to the server, the rest is from the shell or received from the server):
exarkun@boson:~$ telnet domain.example.com 143
Connected to domain.example.com.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 LOGINDISABLED NAMESPACE IDLE AUTH=CRAM-MD5 STARTTLS] Twisted IMAP4rev1 Ready
01 authenticate cram-md5
+ Stopped telnet domain.example.com 143
exarkun@boson:~$ hmac username password bk04TXh3SURQSlJVNGlZbENRUkZWVmVMRXFEeEJWUzA=
telnet domain.example.com 143
01 OK Authentication successful
* BYE Nice talking to you
02 OK LOGOUT successful
Connection closed by foreign host.
Perhaps telnet and IMAP4 are not as incompatible as one may otherwise have been led to believe...