[SpamCop-List] Re: Telnet help? Finding active addy? (LONG)
Margie Arbon
spamcop-list
Sun, 11 Feb 2001 13:07:12 -0500
On Sun, 11 Feb 2001 11:08:12 -0500, "SD" <spamdeputy> wrote in
<966dn9$tmf$1>:
>I'm looking for an online guide (Telnet for Newbies), any good sources?
The RFCs, but they are generally not a newbie guide. There is some good
and useful stuff in there, like RFC 2324, which is critical to my life
<g> http://www.cis.ohio-state.edu/htbin/rfc/rfc2324.html
RFC 821 is a little more appropriate to this question though:
http://www.cis.ohio-state.edu/rfc/rfc0821.txt
Please read that before you start playing with mail servers. It
explains the commands and the response codes.
>More specifically, someone (I think it was Margie) posted a message showing
>a telnet session (I think) to test if an e-mail addy was real. The first two
>commands came back denied, which I image most servers would do, the third
>looked like setting up an e-mail "from" and "to" and it got confirmation on
>the "to" addy.
First the basics:
The SMTP port is port 25. If you are attempting to communicate with an
SMTP mail server, you need to make sure that you are telneting to port
25 of that server.
If you are on a dial-up, and the mail-server you are attempting to query
is using the DUL, it will not allow you to connect. This is where a
unix shell account comes in very handy. I do most of my whois, relay
tests, traceroutes and other lookups from shell accounts.
Be careful. There is nothing wrong with a few checks on addresses. A
lot of checks on addresses on a specific mailserver can look like a
dictionary attack and get you reported to your ISP.
Unless you are an extremely good typist, get a real telnet client like
Terraterm. Windows Telnet is very unforgiving.
Cntl-H erases the last character (doesn't always work in win telnet).
Cntl-W erases the last word.
First you have to find the MX (mail exchanger) for the domain you are
looking for:
You can do this from Sam Spade if you don't have a shell account handy.
> dig att.net mx
; <<>> DiG 8.3 <<>> att.net mx
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 4, ADDITIONAL: 14
;; QUERY SECTION:
;; att.net, type = MX, class = IN
;; ANSWER SECTION:
att.net. 19h52m48s IN MX 5 gateway2.att.net.
att.net. 19h52m48s IN MX 5 gateway3.att.net.
att.net. 19h52m48s IN MX 5 gateway4.att.net.
att.net. 19h52m48s IN MX 5 gateway5.att.net.
att.net. 19h52m48s IN MX 5 gateway6.att.net.
att.net. 19h52m48s IN MX 5 gateway1.att.net.
<...>
OK, now you have the mail servers. Telnet to port 25 of one of the mail
servers:
> telnet gateway1.att.net 25
Trying 204.127.134.16...
Connected to gateway1.att.net.
Escape character is '^]'.
220 mtiwgwc27.worldnet.att.net ESMTP server (InterMail vM.4.01.03.10
201-229-121-110) ready Sun, 11 Feb 2001 17:37:14 +0000
HELO mail-abuse.org
250 mtiwgwc27.worldnet.att.net
rset
250 Ok resetting state
expn arbonm
502 Command is locally disabled
vrfy arbonm
502 Command is locally disabled
rset
250 Ok resetting state
mail from: <margie>
250 Sender <margie> Ok
rcpt to: <arbonm>
250 Recipient <arbonm> Ok
rcpt to: <qwhogakahfkjh>
550 Invalid recipient: <qwhogakahfkjh>
quit
221 mtiwgwc27.worldnet.att.net ESMTP server closing connection
Connection closed by foreign host.
>
What did I just do?
I typed:
>> telnet gateway1.att.net 25
Response:
>Trying 204.127.134.16...
>Connected to gateway1.att.net.
>Escape character is '^]'.
Good sign, it will talk to me
If you want to break out of the session at this point type cntl-]
>220 mtiwgwc27.worldnet.att.net ESMTP server (InterMail vM.4.01.03.10 201-229-121
>-110) ready Sun, 11 Feb 2001 17:37:14 +0000
Gateway1.att.net just identified itself and told me what MTA it is
running. This is a sign of a well configured mail server.
I typed:
>HELO mail-abuse.org
I just identified the server that I am connecting from.
Response:
>250 mtiwgwc27.worldnet.att.net
250 means everything is ok. The machine gave me its name in return.
I typed:
>rset
This clears all prior SMTP transactions.
Response:
>250 Ok resetting state
Again, this tells me everything is fine.
I typed:
>expn arbonm
I am asking the server to expand that address to show aliases or mailing
lists.
Response:
>502 Command is locally disabled
5xxs are permanent errors, this system does not allow EXPNs
I typed:
>vrfy arbonm
I am asking the server if this address is valid on this system.
Response:
>502 Command is locally disabled
It does not allow verifys either. The next option is to attempt to send
mail to that user name.
I typed:
>rset
Response:
>250 Ok resetting state
I typed:
>mail from: <margie>
At this point, I am initiating an SMTP transaction, as I would if I were
truly going to send mail. I am telling the server that the mail is from
this user name. This would become the "return path" and "envelope from"
in the headers.
Response:
>250 Sender <margie> Ok
The server will accept mail from this user.
I typed:
>rcpt to: <arbonm>
This is the address I am sending mail to. This is the way the mail
would actually be delivered. In the headers, this would show up as the
"for".
Response:
>250 Recipient <arbonm> Ok
The system will accept mail for this user. Good, right? This means it's
a valid address? Not really. Some systems are set up to give a 250
response to any address, so we need to see if this server gives
legitimate information.
I typed:
>rcpt to: <qwhogakahfkjh>
I made this up. The odds are remote it would be a valid address.
Response:
>550 Invalid recipient: <qwhogakahfkjh>
This address is an invalid user on this system. It will not accept mail
for it. This tells me that the prior address is indeed valid.
Now, if I wanted to really send mail, the next command would be "DATA".
Then I would type To:, From:, Date:, Subject: and the message text.
These would become the "short" headers you see in your mail and the
message itself. This also explains how you can get mail with a To: that
is not your address. The mail server delivers to the rcpt to:, not the
To: in the DATA section.
I didn't want to actually send mail, so I typed:
>quit
Response:
>221 mtiwgwc27.worldnet.att.net ESMTP server closing connection
>Connection closed by foreign host.
>>
Clear as mud?
--
Margie