tags:

views:

1166

answers:

3
+1  Q: 

How can I automate telnet port 25 testing?

I need to make a large set of tests in telnet. I am working on some ways to auto detect dictionary attacks on our email server, and then throttle them back, or blacklist them etc.

I am now ready to run some tests and see if my work pays off. I figured I would just download some script kiddy app to run the tests. I can not find any and those I can are bad or binary and non configurable.

I will have a list of addresses I generate in a loop.

I want to take $address as an argument and do this:

telnet myserver.com 25 helo some-string.com mail from: [email protected] rcpt to: $address quit

Within that, I need to test a few things, such as, if I enable greylisting, I want to fail the script, as that is my first countermeasure. I suppose in that case, I would just have telnet timeout?

  • helo should return a code string starting with 220, that is about as accurate as I need to make this test.

  • mail from should return 250, or looking for OK would suffice

  • rctp to should return 250 or Ok sometimes, when I send in a valid user, but most of the time I will send in a bad address, so I look for the absence of 250 or OK.

  • Finally, I will send in a quit.

I am not able to get conditions and logging to happen within an interactive situation. I looked at expect but could not get it to work.

My code so far:

echo -e "helo foo\nmail from: foo.... | telnet example.com 25 | grep -i blah

This did not perform as expected.

What can I do to accomplish my goal?

+3  A: 

Try netcat: http://netcat.sourceforge.net/

It'll let you send and receive data on a socket. telnet isn't what you want - it's for interactive use.

Andrew Medico  2009-03-05 03:58:05
netcat's definitely the tool, but just be aware that in some organizations it might trigger malware alerts. It's not malware itself, but it's a tool that allows people to probe a network in ways that admins and security people don't feel comfortable with.
Michael Burr  2009-03-05 04:06:15
A: 

I'm surprised that Expect didn't do it for you since it's written for just these kinds of things.

Perl is simpler in some ways and can get a job like this done. But with Perl, you won't bother with Telnet, you can instead open port 25 directly.

If you really want to exercise your server get the source for Siege and modify it to talk SMTP instead of HTTP. That was my favorite tool for testing Apache performance and I'm sure it wouldn't be too hard to make it test Sendmail.

John Fricker  2009-03-05 04:02:49
I am playing with expect, any ideas how to do conditionals in it, that is all I need.
 2009-03-05 04:15:59
With some fiddling, Expect is the way to go.
 2009-06-19 18:16:00
+1  A: 

expect wrapped around netcat (instead of telnet) is probably the best initial bet. But, if you really need to this, I would use perl. There are SMTP client libraries for it.

mcr  2009-03-05 04:18:36

related questions

What is a good Telnet client implementation C#?
How to check if an email address exists without sending an email?
netstat says 443 is open, but I cannot connect to it with telnet .. why ?
telnet to port 25 from AS400
Emulating a Host user interface
linux c/c++ programming telnet connection io redirection
Telnet / Terminal commands
How do I launch a specific telnet-based app from a web browser?
C# Telnet Library
Disable character echo on Java network connection
How do I get a PHP script to send and receive data from an already running process?
Telnet lib and language choice for cross OS telnet client?
Schedule a .vbs file to run in Windows
Running applications through Telnet
Force telnet client into character mode
Telnet Server
Why vim doesn't work correctly into a telnet session ?
Managing Cisco programatically; Telnet vs SNMP?
How does Telnet server communicate to the client?
Using telnet in a C Program
Proxy for command line utilities in Win XP
telneting backspace key is wrong
Spawning an interactive telnet session from a shell script
Exchange drop support for SMTP?