کد:
http://www.messagingtalk.org/how-smtp-commands-work
In this article, you will learn what SMTP commands are and how to use them to test SMTP issues such as basic SMTP health, re-laying checking, SMTP versions, etc.
If we send or receive mail over the internet or using Exchange 2000 or higher, it was transported via SMTP. Knowing more about SMTP and how to troubleshoot SMTP on a basic level is essential. Tools for the job are knowledge of the command syntax and a remote terminal tool such as Telnet.
Let’s start by Telneting to port 25 of a mail host and see what comes out of it. The command syntax will be
Telnet hostname 25
If you’re running a flavor of Exchange, you may receive a reply similar to:
220 win2k3dc.target.local Microsoft ESMTP MAIL Service, Version: 6.0.3790.0 ready at Thu, 31 Mar 2005 11:35:01 +0200
I’m going to break the reply down and explain each part:
220
A status code implying that Exchange is available and listening. SMTP mail systems have to return a status code for each line of every mail conversation, which indicates anything from command received successfully, to “go away – you’re not wanted here”. Some replies may only be numbers; others may be numbers with an explanatory text. At the end of this article I have listed some more detail about the meaning of these.
win2k3dc.target.local
The hostname responsible for the service
Microsoft ESMTP MAIL Service, Version: 6.0.3790
Software responding to the service request:
ready at Thu, 31 Mar 2005 11:35:01 +0200

Note that if your machine is internet facing, it’s a really good idea to hide the response, also known as a banner. Knowing what software is installed on a machine gives a malicious person an idea as to how to start attacking. Here’s how you hide this message:
XCON: How to Modify the SMTP Banner

So what do we do now? How do we know what to type? SMTP conversations mirror human conversations in that humans greet, exchange pleasantries that help establish who we are, talk and then say goodbye. For a successful SMTP conversation to occur, something similar happens, and some of the words used may look familiar. In SMTP talk, that may look like this:

Notice the first word after the 220 message was HELO. This could also have been EHLO. For the purposes of this article, SMTP can be presented in two basic flavors, SMTP and ESMTP. ESMTP is all that SMTP is, with some extra bits bolted on, like large message support, pipelining, authentication etc, which makes it a perfect candidate for Microsoft to build a transport mechanism around, which in fact is what they did. Most internal server to server messages originate and are received using ESMTP, not SMTP. Entering EHLO instead of HELO will produce a list of available commands that Exchange will accept, along with a “ready” message.
Each line was responded to by codes starting with a 2xx or a 5xx. Either my input was good 2xx or I entered a command that was flawed or unacceptable 5xx.
In this case, even though I’m trying to impersonate “noddy.com” my real domain is echoed back to me on the next line as: 250 win2k3dc.target.local Hello [127.0.0.1]
Let’s look at the conversation again. HELO noddy.com
who I am- email host/domain,
MAIL FROM: dude@noddy.com
who I am – email address
RCPT TO: anotherdude@target.local
who I am mailing. Multiple recipients may be specified by using multiple RCPT lines
DATA
body of the message, including any further arguments, such as subject lines. This needs to be ended using a period “.” Followed by an empty line. Notice that extra tags such as subject: need to be followed by an empty line.
What we have achieved here is test that SMTP is up and accepting mail. To make this more interesting, test for two way communication by requesting a delivery receipt:
Change the RCPT TO line to read:
RCPT TO :anotherdude@target.local notify=success,failure
How would we test for other conditions such as relaying allowed? Simple – change the RCPT TO: line to read another SMTP address for which delivery is not enabled. Here’s an example

If your mail host is configured correctly you will receive a polite – or not so polite message saying that your mail cannot be accepted. If the opposite occurs and your mail submission is succesfull for an email domain that doesn’t isn’t part of your SMTP servers inbound domain list – you have an open relay. A SPAM target. If this is facing the internet you should fix it really soon. Like now.
Here is a basic list of commands. This list is extensive enough to test anything you’re willing to try without breaking out of Telnet and using a mail client. These were sourced from RFC 821, which may be found here: http://www.faqs.org/rfcs/rfc821.html
HELO MAIL RCPT DATA RSET NOOP QUIT Some of these are not discussed above.
RSET – resets the current session, allowing you to start again. NOOP – No Operation. Does what it says. Use this to stay connected while thinking about your next command. Prevents timeouts. QUIT – Quits the current session and disconnects. Common Messages are listed below, however - to get to the exact meaning of virtually any SMTP code, have a look here: http://www.faqs.org/rfcs/rfc1893.html
211 System status, or system help reply 214 Help message 220 Service ready 221 Service closing transmission channel 250 Requested mail action okay, completed 251 User not local; will forward to 354 Start mail input; end with . 421 Service not available, closing transmission channel 450 Requested mail action not taken: mailbox unavailable 451 Requested action aborted: local error in processing 452 Requested action not taken: insufficient system storage 500 Syntax error, command unrecognized 501 Syntax error in parameters or arguments 502 Command not implemented 504 Command parameter not implemented 550 Requested action not taken: mailbox unavailable 551 User not local; please try 552 Requested mail action aborted: exceeded storage allocation 553 Requested action not taken: mailbox name not allowed 554 Transaction failed




موضوعات مشابه: