BLOG

Basic email delivery using telnet

Whenever we’re working with someone to diagnose some obscure delivery issue one of the things we usually have them try is to “run a transaction by hand”. Being able to do that is a trick that everyone working with email should be able to do. I was drafting a blog post today and wanted to refer to running a transaction by hand and I realized that we hadn’t actually explained it anywhere. So here we are.
When you’re running a transaction by hand you’re doing everything your mailserver would do to deliver an email, but you’re doing it yourself. That means that you get to see all the responses from the mailserver you’re sending the mail to, and also any delays or errors in much more detail than you can usually get from mailserver delivery logs.
I want to send some email to playingwithtelnet@gmail.com. There are two main steps to doing this – first I need to find out which mailserver I need to talk to to send mail to gmail, then I need to actually send the mail.
To find the mailserver I have to look up the MX record for gmail.com. From a unix / linux / mac command prompt you can do that like this (the bits you type are in orange):

platter:~ steve$ host -t mx gmail.com
gmail.com mail is handled by 5 gmail-smtp-in.l.google.com.
gmail.com mail is handled by 30 alt3.gmail-smtp-in.l.google.com.
gmail.com mail is handled by 10 alt1.gmail-smtp-in.l.google.com.
gmail.com mail is handled by 40 alt4.gmail-smtp-in.l.google.com.
gmail.com mail is handled by 20 alt2.gmail-smtp-in.l.google.com.

Another option is to use a web-based dns lookup site such as Al Iverson’s xnnd.com or our emailstuff.org.
However you do the DNS query you’ll usually end up with one or more hostnames, each with an associated priority. When you’re sending email you’re supposed to try those servers in order of priority, lowest number first, so in this case we’re going to be talking to the server gmail-smtp.in.l.google.com.
If you’re trying to replicate a delivery failure that you’ve seen then you can skip this step and go straight to trying to deliver to the same mailserver you saw fail previously (though double checking that that is a real MX for the domain is a good idea).
You may sometimes not get any answers to the MX record lookup – if, and only if, that happens then you should send mail directly to the domain part of the email address (“gmail.com” in this example).
Now we know which mailserver we’re going to talk to, so we connect to it with telnet on port 25. You can do this from a unix / linux / mac command line, or from a Windows command prompt (though a Windows firewall may be configured to block you from doing this). Again, the bits you type are in orange, while the responses from the server are in blue

platter:~ steve$ telnet gmail-smtp-in.l.google.com 25
Trying 74.125.155.27...
Connected to gmail-smtp-in.l.google.com.
Escape character is '^]'.
220 mx.google.com ESMTP y27si6889009wfi.2
HELO platter.wordtothewise.com
250 mx.google.com at your service
MAIL FROM:<steve@blighty.com>
250 2.1.0 OK y27si6889009wfi.2
RCPT TO:<playingwithtelnet@gmail.com>
250 2.1.5 OK y27si6889009wfi.2
DATA
354  Go ahead y27si6889009wfi.2
From: <steve@blighty.com>
To: <playingwithtelnet@gmail.com>
Subject: Just a test email
The body of the mail goes here.
.
250 2.0.0 OK 1276638161 y27si6889009wfi.2
QUIT
221 2.0.0 closing connection y27si6889009wfi.2
Connection closed by foreign host.

A simple mail delivery like this goes through a number of steps. First you telnet to the server on port 25, wait for that to connect, then wait for the server to send you it’s “banner” (“220 mx.google.com ESMTP …”). Then you tell the server who you are with the “HELO” command, and wait for a response.
Then you tell it the email address you’re sending mail from with the “MAIL FROM” command – note that there’s a colon after MAIL FROM, and then your bare email address surrounded by angle brackets – and wait for a response. Next you tell it who you want to send mail to, with the RCPT TO command – again followed by a colon and the recipients bare email address surrounded by angle brackets.
(You can send mail to multiple recipients by repeating the RCPT TO command here).
Then you’re ready to send the email itself, so you send the “DATA” command to tell the server you’re about to do that, and wait for it to respond with something like “354 Go ahead”. Then you enter the email you want to send, consisting of the headers, a blank line, then the body of the message. To tell the server you’re done, send a period (“.”) on it’s own as the final line. You’ll typically want to have at least To:, From: and Subject: headers and a short message body for even a simple test, but if you’re considering content-related filtering then you’ll want to paste in a copy of a real email.
Once the server has accepted the email you send the command “QUIT” to tell it you’re done, and it will close the connection.
You can see that each response from the server starts with a three digit number. If that starts with a “2” it means that it’s happy with what you just told it, if it starts with a “3” it’s waiting for you to send the text of the email. If it starts with a “4” or a “5” it means it’s unhappy with what you just told it – maybe you typoed something, maybe it’s rejecting the mail delivery, maybe you tried commands in the wrong order – and the text after the number should give you some idea as to why.
If you typo something while you’re using telnet you can use backspace to delete and correct it while you’re on the same line. Once you’ve hit return, though, it’s already sent to the server and you can’t change it (and you might need to quite out and start over).
If you get confused at any point and need to quit out of telnet and start over you can use Ctrl-] (hold the ctrl key and press the close square bracket key) to get to a telnet> prompt, then type “quit”.
There’s some more sophisticated things you can do, but they’ll have to wait for another post.
Meanwhile, feel free to use playingwithtelnet@gmail.com to play with running an email transaction by hand.

9 comments

  1. The view from a blacklist operator – Word to the Wise says

    […] it – if you open a commandline on your mailserver you can run an SMTP transaction by hand (as I discussed yesterday) from 127.0.0.2 using “telnet -b 127.0.0.2 your.hostname 25″ (on Linux-ish systems, […]

  2. Anthony Edwards says

    You can, of course, also do the same thing with web servers, Microsoft even publish a (brief) tutorial how to do so at:
    http://support.microsoft.com/kb/279466
    This can be a useful way of investigating a web site without running the risk of running or downloading malicious code. Also useful to establish whether content at a given URL is hosted locally, or the URL is actually a redirect elsewhere.

  3. Kieran says

    You can do this from a command prompt in Windows too (although the nslookup syntax is different). However, I’ve found that backspace commands don’t work so you have to type everything very carefully (or paste them from somewhere else)

  4. steve says

    Yes, it is very useful for webservers. The Microsoft tutorial isn’t that useful, as it’s using HTTP 0.9, which doesn’t work with any webserver that’s doing virtual hosting.
    I have an example of doing the same thing using HTTP 1.1 here …
    https://wordtothewise.com/aarpspam/keylog.html#c7
    … as part of our investigation of the AARP spammers (http://blog.wordtothewise.com/2010/04/analysing-lead-gen-spam/)

  5. Neil Schwartzman says

    Steve,
    thanks for this marvellous piece! I learned a lot. Remember many of us don’t actually run mail servers, and have no real interest in doing so, nevertheless, this stuff is extremely valuable in figuring out what is going wrong (or right) with a mail stream. I’ve sent it along to a bunch f account managers at work. thanks again.

  6. adamo says

    There is also smtpclient whose source code one can grab from ftp://www.ossp.org/pkg/tool/smtpclient/ which one may find handy for such purposes.

  7. Bill Volz says

    There are some things you can’t do with telnet and other things that are verfy difficult. For example TLS, AUTH, and adapter/IP binding to name a few.. I wrote this tool as a telnet replacement to help with this.
    http://www.socketlabs.com/services/smtp_server_connection_diagnostics_tool

  8. Email Deliverability says

    This is another troubleshooting trick for me, thank you very much for explaining in detailed. Maybe someday I will encounter this problem on my own and I can apply these instructions from you. Much Appreciated
    Lea Mae

  9. Dedicated Servers says

    thank you very much for explaining in detailed. but not working for yahoo and hostmail.

Comment:

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.