You can not telnet to a modern IMAP or POP3 server, since TELNET does not have session encryption to protect the confidentiality of the password.
I guess modern servers only support connections over SSL (and telnet-ssl must not count as "TELNET"), and logging in with anything other than plaintext passwords is impossible by hand. Since I do this all the time, I thought it a bit odd. I suppose Mr. Crispin simply wanted to discourage insecure logins, or perhaps he just thinks it is difficult enough to respond to, say, a Cram-MD5 challenge that it may as well be considered impossible in casual conversation.
I've had this Python utility lying around for a while, this seems like a good opportunity to share it.
#!/usr/bin/python
import sys
import hmac
def main(args=None):
if args is None:
args = sys.argv[1:]
response = hmac.HMAC(args[1], args[2].decode('base64')).hexdigest()
print (args[0] + ' ' + response).encode('base64')
if __name__ == '__main__':
main()
I use it pretty frequently, since I work with IMAP4, SMTP, and POP3 servers and clients a lot, and it is generally too time consuming to use an actual client, and usually actual clients won't give me the information I want anyway. Here's an example of its usage (italics are things I send to the server, the rest is from the shell or received from the server):
exarkun@boson:~$ telnet domain.example.com 143
Trying 7.6.5.4...
Connected to domain.example.com.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 LOGINDISABLED NAMESPACE IDLE AUTH=CRAM-MD5 STARTTLS] Twisted IMAP4rev1 Ready
01 authenticate cram-md5
+ bk04TXh3SURQSlJVNGlZbENRUkZWVmVMRXFEeEJWUzA=
^]
telnet> z
[1]+ Stopped telnet domain.example.com 143
exarkun@boson:~$ hmac username password bk04TXh3SURQSlJVNGlZbENRUkZWVmVMRXFEeEJWUzA=
eXdpR1k1V0VQdThkQ2NnSkdVS2xRTE5CQnl6cWZacWI=
exarkun@boson:~$ fg
telnet domain.example.com 143
eXdpR1k1V0VQdThkQ2NnSkdVS2xRTE5CQnl6cWZacWI=
01 OK Authentication successful
02 logout
* BYE Nice talking to you
02 OK LOGOUT successful
Connection closed by foreign host.
Perhaps telnet and IMAP4 are not as incompatible as one may otherwise have been led to believe...
JP,
ReplyDeleteI "roll my own" Mime. I don't like letting some mysterious program
write my Mime for me. The Mime *is* the message. Then I send the Mime
using netcat. Telnet has trouble with long messages, but netcat has
never failed me. Authenticating is the problem. And tying it all
together so that the Mime can be generated and sent in a batch fashion.
(That's a big plus--I can generate and send an email by invoking a
command at the command line.)
Each of my emails starts as a text file template that has a few special
commands built in. These commands are email server directives or
special Unix instructions. The file contains or codes for everything
the email server needs.
I don't pipe this file into netcat, rather I translate it first using
code that runs the Unix instructions (and leaves the ouput of the
instructions in context), then the results of the translation are piped
into netcat.
This is the invocation
splurge9 $2 | nc -q 5 -t $smtp $port | divert
where splurge9 is the translation tool I spoke of and divert is a
filter that allows me to see the output, yet it captures the cram-md5
challenge.
Here is an example $2. This sends an email to myself. My password
(mypass) and server name (myserver) have been changed. The command
go_hmac calls your Python code (Thanks a bunch). The chunk command
stores strings for later recall:
`chunk to_name "Joe Rosevear";
chunk to joe@myserver.com;
chunk from_name "Joe Rosevear";
chunk from joe@myserver.com;
chunk subject "test";
read nothing;
`ehlo myserver.com
auth cram-md5
`read challenge < $env_handy/challeng;
go_hmac joe@myserver.com mypass $challenge;
echo;
`mail from: `chunk from`
rcpt to: `chunk to`
rcpt to: `chunk from`
data
MIME-Version: 1.0
To: "`chunk to_name`" <`chunk to`>
From: "`chunk from_name`" <`chunk from`>
Date: `date -R
`Subject: `chunk subject`
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
test
.
This does it all. With the use of mimencode I can put in attachments
too (`cat picture.jpg | mimencode`). Of course, Mime content statments
and boundaries are needed. Granted, it's cumbersome. Sometimes I give
in and use Yahoo email.
Then as a partner to this I use a Perl script that I found (called
Poppy) to pull the incoming emails off the Pop3 server and save them as
Mime.
I had this working before, by the way, but only for "auth login" with
your help it now does "auth cram-md5" which I needed, because of
changes with my ISP.
-Joe Rosevear