{"id":808,"date":"2018-05-23T10:00:08","date_gmt":"2018-05-23T01:00:08","guid":{"rendered":"https:\/\/fsck.jp\/?p=808"},"modified":"2022-06-13T14:10:46","modified_gmt":"2022-06-13T05:10:46","slug":"openssl-s_client-%e3%81%a7-smtp-starttls-%e3%81%a8-smtp-auth-%e3%81%ae%e7%a2%ba%e8%aa%8d%e3%82%92%e3%81%99%e3%82%8b","status":"publish","type":"post","link":"https:\/\/fsck.jp\/?p=808","title":{"rendered":"openssl s_client \u3067 SMTP STARTTLS \u3068 SMTP AUTH \u3092\u52d5\u4f5c\u78ba\u8a8d\u3059\u308b"},"content":{"rendered":"<h2>\u6982\u8981: openssl s_client \u30b3\u30de\u30f3\u30c9\u306b\u3064\u3044\u3066<\/h2>\n<p>telnet \u30b3\u30de\u30f3\u30c9\u3067 HTTP \u3084 SMTP\u3001POP \u306e\u63a5\u7d9a\u30c6\u30b9\u30c8\u3092\u884c\u3046\u3053\u3068\u304c\u3042\u308b\u304c\u3001\u540c\u69d8\u306b openssl \u306e s_client \u30b5\u30d6\u30b3\u30de\u30f3\u30c9\u3067\u3001TLS \u63a5\u7d9a\u306e\u624b\u52d5\u78ba\u8a8d\u3092\u3059\u308b\u3053\u3068\u304c\u53ef\u80fd\u3060\u3002\u4f8b\u3048\u3070\u3001HTTPS \u306e\u78ba\u8a8d\u306f\u4ee5\u4e0b\u306e\u3088\u3046\u306b\u5b9f\u884c\u3067\u304d\u308b\u3002<\/p>\n<pre>$ <strong>openssl s_client -connect www.example.com:443<\/strong>\n(\u4e2d\u7565)\n<strong>GET \/ HTTP\/1.0<\/strong>(Enter)\n<strong>Host: www.example.com<\/strong>(Enter2\u56de\u62bc\u3059)<\/pre>\n<p>\u3055\u3089\u306b\u3001\u6700\u521d\u306f\u5e73\u6587\u63a5\u7d9a\u3057\u3066\u3001\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u30d7\u30ed\u30c8\u30b3\u30eb\u4e0a\u306e STARTTLS \u30b3\u30de\u30f3\u30c9\u3067 TLS \u72b6\u614b\u306b\u5165\u308a\u305f\u3044\u5834\u5408\u3082\u3042\u308b\u3002SMTP\u3001IMAP\u3001LDAP\u3001FTP \u306a\u3069\u306e STARTTLS \u304c\u76f8\u5f53\u3059\u308b\u3002\u3053\u308c\u3082 s_client \u30b5\u30d6\u30b3\u30de\u30f3\u30c9\u306e -starttls \u30aa\u30d7\u30b7\u30e7\u30f3\u3067\u5b9f\u73fe\u3067\u304d\u308b\u3002<\/p>\n<p>mail.example.com \u30b5\u30fc\u30d0\u306e TCP\u30dd\u30fc\u30c8 587 (SMTP Submission) \u3067 SMTP STARTTLS \u304c\u4f7f\u3048\u308b\u5834\u5408\u3001\u4ee5\u4e0b\u306e\u30b3\u30de\u30f3\u30c9\u3067\u63a5\u7d9a\u304c\u53ef\u80fd\u3068\u306a\u308b\u3002-starttls \u30aa\u30d7\u30b7\u30e7\u30f3\u306e\u5f15\u6570\u306b\u3001smtp \u3092\u3068\u308b\u3002<\/p>\n<pre>$ <strong>openssl s_client -connect mail.example.com:587 -starttls smtp<\/strong><\/pre>\n<p>\u305f\u3060\u3057\u3001SMTP \u30bb\u30c3\u30b7\u30e7\u30f3\u306e\u4e2d\u3067 RCPT TO: \u3092\u5927\u6587\u5b57\u3067\u6253\u3063\u305f\u77ac\u9593\u306b\u3001RENEGOTIATING \u3068\u3044\u3046\u8868\u793a\u3068\u3068\u3082\u306b\u5148\u3078\u9032\u3081\u306a\u304f\u306a\u3063\u3066\u3057\u307e\u3046\u306e\u3067\u6ce8\u610f\u304c\u5fc5\u8981\u3067\u3042\u308b\u3002<\/p>\n<pre>$ <strong>openssl s_client -connect mail.example.com:587 -starttls smtp<\/strong>\nCONNECTED(00000003)\ndepth=2 C = JP, O = \"SECOM Trust Systems CO.,LTD.\", OU = Security Communication RootCA2\nverify return:1\ndepth=1 C = JP, L = Academe, O = National Institute of Informatics, CN = NII Open Domain CA - G4\nverify return:1\ndepth=0 C = JP, L = Academe, O = Example, OU = Example Dept, CN = mail.example.com\nverify return:1\n(\u4e2d\u7565)\n250 DSN\n<strong>EHLO mail.example.com<\/strong>\n250-mail.example.com\n250-PIPELINING\n250-SIZE 52428800\n250-ETRN\n250-AUTH PLAIN LOGIN\n250-AUTH=PLAIN LOGIN\n250-ENHANCEDSTATUSCODES\n250-8BITMIME\n250 DSN\n<strong>MAIL FROM: test@example.com<\/strong>\n250 2.1.0 Ok\n<strong>RCPT TO: test@example.jp<\/strong>\nRENEGOTIATING\ndepth=2 C = JP, O = \"SECOM Trust Systems CO.,LTD.\", OU = Security Communication RootCA2\nverify return:1\ndepth=1 C = JP, L = Academe, O = National Institute of Informatics, CN = NII Open Domain CA - G4\nverify return:1\ndepth=0 C = JP, L = Academe, O = Example, OU = Example Dept, CN = mail.example.com\nverify return:1<\/pre>\n<p>\u6a19\u6e96\u5165\u529b\u306e\u4e00\u6587\u5b57\u76ee\u304c\u5927\u6587\u5b57\u306e\u300cR\u300d\u306b\u306a\u3063\u3066\u3044\u308b\u3068\u3001openssl s_client \u306e TLS \u518d\u30cd\u30b4\u30b7\u30a8\u30fc\u30b7\u30e7\u30f3\u30b3\u30de\u30f3\u30c9\u3068\u3057\u3066\u89e3\u91c8\u3055\u308c\u3066\u3057\u307e\u3046\u305f\u3081\u3067\u3042\u308b\u3002<\/p>\n<p>\u518d\u30cd\u30b4\u30b7\u30a8\u30fc\u30b7\u30e7\u30f3\u3092\u56de\u907f\u3059\u308b\u306b\u306f\u3001\u5148\u982d\u306e r \u3092\u5c0f\u6587\u5b57\u3067\u6253\u3064\u304b\u3001openssl s_client \u306e\u30aa\u30d7\u30b7\u30e7\u30f3\u3068\u3057\u3066 -ign_eof \u307e\u305f\u306f -quiet \u3092\u8ffd\u52a0\u3059\u308b\u3002<\/p>\n<pre>$ <strong>openssl s_client -quiet -connect mail.example.com:587 -starttls smtp<\/strong><\/pre>\n<h2>SMTP AUTH \u306e\u30c6\u30b9\u30c8<\/h2>\n<p>\u4e0a\u8a18\u306e openssl s_client \u30b3\u30de\u30f3\u30c9\u3092\u7528\u3044\u3066\u3001SMTP \u306e\u30bb\u30c3\u30b7\u30e7\u30f3\u3092\u624b\u6253\u3061\u3067\u518d\u73fe\u30c6\u30b9\u30c8\u3059\u308b\u3002\u3055\u3089\u306b SMTP \u30bb\u30c3\u30b7\u30e7\u30f3\u306e\u4e2d\u3067\u3001SMTP AUTH \u306e\u30c6\u30b9\u30c8\u3082\u7d44\u307f\u8fbc\u3093\u3067\u307f\u308b\u3002<\/p>\n<h2>\u5b9f\u884c\u4f8b1: AUTH PLAIN \u8a8d\u8a3c<\/h2>\n<p>SMTP AUTH \u306e PLAIN \u30b3\u30de\u30f3\u30c9\u3067\u5fc5\u8981\u306a\u6587\u5b57\u5217\u306f\u3001\u300c\u30e6\u30fc\u30b6\u540d\\0\u30e6\u30fc\u30b6\u540d\\0\u30d1\u30b9\u30ef\u30fc\u30c9\u300d\uff08\\0\u306f\u30cc\u30eb\u6587\u5b57\uff09\u3068\u3044\u3046\u5408\u6210\u6587\u5b57\u5217\u3092 BASE64 \u30a8\u30f3\u30b3\u30fc\u30c9\u3057\u305f\u3082\u306e\u3067\u3042\u308b\u3002\u3042\u3089\u304b\u3058\u3081\u6587\u5b57\u5217\u3092\u4f5c\u3063\u3066\u304a\u304f\u3002<\/p>\n<pre>$ <strong>printf 'username\\0username\\0password' | base64<\/strong>\ndXNlcm5hbWUAdXNlcm5hbWUAcGFzc3dvcmQ=<\/pre>\n<p>\u3055\u304d\u307b\u3069\u306e\u30a8\u30f3\u30b3\u30fc\u30c9\u6587\u5b57\u5217\u3092 AUTH PLAIN \u306e\u5f15\u6570\u3068\u3057\u3066\u4e0e\u3048\u308b\u3002<\/p>\n<pre>$ <strong>openssl s_client -quiet -connect mail.example.com:587 -starttls smtp<\/strong>\ndepth=2 C = JP, O = \"SECOM Trust Systems CO.,LTD.\", OU = Security Communication RootCA2\nverify return:1\ndepth=1 C = JP, L = Academe, O = National Institute of Informatics, CN = NII Open Domain CA - G4\nverify return:1\ndepth=0 C = JP, L = Academe, O = Example, OU = Example Dept, CN = mail.example.com\nverify return:1\n250 DSN\n<strong>EHLO mail.example.com<\/strong>\n250-mail.example.com\n250-PIPELINING\n250-SIZE 10485760\n250-ETRN\n250-AUTH PLAIN LOGIN\n250-AUTH=PLAIN LOGIN\n250-ENHANCEDSTATUSCODES\n250-8BITMIME\n250 DSN\n<strong>AUTH PLAIN dXNlcm5hbWUAdXNlcm5hbWUAcGFzc3dvcmQ=<\/strong>\n235 2.7.0 Authentication successful \u2190\u8a8d\u8a3c\u6210\u529f\n<strong>MAIL FROM: test@example.com<\/strong>\n250 2.1.0 Ok\n<strong>RCPT TO: test@example.jp<\/strong>\n250 2.1.5 Ok \u2190\u30e1\u30fc\u30eb\u30ea\u30ec\u30fc\u6210\u529f\n<strong>QUIT<\/strong>\n221 2.0.0 Bye<\/pre>\n<h2>\u5b9f\u884c\u4f8b2: AUTH LOGIN \u8a8d\u8a3c<\/h2>\n<p>AUTH LOGIN \u30b3\u30de\u30f3\u30c9\u3067\u306f\u3001\u30e6\u30fc\u30b6\u540d\u3068\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u305d\u308c\u305e\u308c BASE64 \u30a8\u30f3\u30b3\u30fc\u30c9\u3057\u305f\u6587\u5b57\u5217\u304c\u5fc5\u8981\u306b\u306a\u308b\u3002<\/p>\n<pre>$ <strong>printf 'username' | base64<\/strong>\ndXNlcm5hbWU=\n$ <strong>printf 'password' | base64<\/strong>\ncGFzc3dvcmQ=<\/pre>\n<p>\u30b5\u30fc\u30d0\u304b\u3089\u306e 334 VXNlcm5hbWU6 \u306b\u5bfe\u3057\u3066\u306f\u30e6\u30fc\u30b6\u540d\u306e\u30a8\u30f3\u30b3\u30fc\u30c9\u6587\u5b57\u5217\u3092\u3001334 UGFzc3dvcmQ6 \u306b\u5bfe\u3057\u3066\u306f\u30d1\u30b9\u30ef\u30fc\u30c9\u306e\u30a8\u30f3\u30b3\u30fc\u30c9\u6587\u5b57\u5217\u3092\u5165\u529b\u3059\u308b\u3002<\/p>\n<pre>$ <strong>openssl s_client -quiet -connect mail.example.com:587 -starttls smtp<\/strong>\ndepth=2 C = JP, O = \"SECOM Trust Systems CO.,LTD.\", OU = Security Communication RootCA2\nverify return:1\ndepth=1 C = JP, L = Academe, O = National Institute of Informatics, CN = NII Open Domain CA - G4\nverify return:1\ndepth=0 C = JP, L = Academe, O = Example, OU = Example Dept, CN = mail.example.com\nverify return:1\n250 DSN\n<strong>EHLO mail.example.com<\/strong>\n250-mail.example.com\n250-PIPELINING\n250-SIZE 10485760\n250-ETRN\n250-AUTH PLAIN LOGIN\n250-AUTH=PLAIN LOGIN\n250-ENHANCEDSTATUSCODES\n250-8BITMIME\n250 DSN\n<strong>AUTH LOGIN<\/strong>\n334 VXNlcm5hbWU6 \u2190\"Username:\" \u304c BASE64 \u30a8\u30f3\u30b3\u30fc\u30c9\u3055\u308c\u3066\u3044\u308b\n<strong>dXNlcm5hbWU=<\/strong>\n334 UGFzc3dvcmQ6 \u2190\"Password:\" \u304c BASE64 \u30a8\u30f3\u30b3\u30fc\u30c9\u3055\u308c\u3066\u3044\u308b\n<strong>cGFzc3dvcmQ=<\/strong>\n235 2.7.0 Authentication successful \u2190\u8a8d\u8a3c\u6210\u529f\n<strong>MAIL FROM: test@example.com<\/strong>\n250 2.1.0 Ok\n<strong>RCPT TO: test@example.jp<\/strong>\n250 2.1.5 Ok \u2190\u30e1\u30fc\u30eb\u30ea\u30ec\u30fc\u6210\u529f\n<strong>QUIT<\/strong>\n221 2.0.0 Bye<\/pre>\n<p>\u53c2\u8003URL:<\/p>\n<ul>\n<li><a href=\"https:\/\/bsdmad.hatenablog.com\/entry\/20090409\/1239249624\">openssl \u3067 SMTP \u306e STARTTLS \u3092\u8a66\u3059<\/a><\/li>\n<li><a href=\"https:\/\/serverfault.com\/questions\/336617\/postfix-tls-over-smtp-rcpt-to-prompts-renegotiation-then-554-5-5-1-error-no-v\">Postfix TLS over SMTP &#8211; RCPT TO prompts renegotiation then 554 5.5.1 Error: no valid recipients<\/a><\/li>\n<li><a href=\"https:\/\/www.openssl.org\/docs\/manmaster\/man1\/openssl-s_client.html\">man openssl-s_client<\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>\u6982\u8981: openssl s_client \u30b3\u30de\u30f3\u30c9\u306b\u3064\u3044\u3066 telnet \u30b3\u30de\u30f3\u30c9\u3067 HTTP \u3084 SMTP\u3001POP \u306e\u63a5\u7d9a\u30c6\u30b9\u30c8\u3092\u884c\u3046\u3053\u3068\u304c\u3042\u308b\u304c\u3001\u540c\u69d8\u306b openssl \u306e s_client \u30b5\u30d6\u30b3\u30de\u30f3\u30c9\u3067\u3001TLS  [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[14,15,8,7],"tags":[],"_links":{"self":[{"href":"https:\/\/fsck.jp\/index.php?rest_route=\/wp\/v2\/posts\/808"}],"collection":[{"href":"https:\/\/fsck.jp\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/fsck.jp\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/fsck.jp\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/fsck.jp\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=808"}],"version-history":[{"count":3,"href":"https:\/\/fsck.jp\/index.php?rest_route=\/wp\/v2\/posts\/808\/revisions"}],"predecessor-version":[{"id":1188,"href":"https:\/\/fsck.jp\/index.php?rest_route=\/wp\/v2\/posts\/808\/revisions\/1188"}],"wp:attachment":[{"href":"https:\/\/fsck.jp\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=808"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/fsck.jp\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=808"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/fsck.jp\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=808"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}