SMTP STARTTLS certificate negotitiation via telnet

Gaurav Minocha picture Gaurav Minocha · Nov 20, 2014 · Viewed 64.2k times · Source

I am trying to start tls in sendmail, but I do not know how to use certificate. Please suggest me way

> telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 <machinename> ESMTP Sendmail <version>; <date>;localhost(OK)-localhost [127.0.0.1]
EHLO localhost
250-<mahinename> Hello localhost [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-EXPN
250-VERB
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH DIGEST-MD5 CRAM-MD5
250-STARTTLS
250-DELIVERBY
250 HELP
STARTTLS
220 2.0.0 Ready to start TLS

When and How should I use/provide the certificate?

Answer

Simon picture Simon · Nov 20, 2014

You can't, because as soon as you start using TLS, the conversation becomes encrypted, and you probably don't speak that language ;)

Here is what you can do instead:

openssl s_client -debug -starttls smtp -crlf -connect localhost:25

OpenSSL will do the STARTTLS handshake for you and you will be able to pick up the conversation from there (decrypted automatically on the fly).