ZW3B :-: API Client * Contents * Docs by LAB3W.ORJ

Translate this page

Name : BETA-TESTERS

Project name : ZW3B-API-BETA-TESTERS

Authorized. - 200 - Client API Name and Origin Wildcard OK

¿Comment? 'Ou' ¿Que faire?, OS GNU/Linux, Sécurité, Test de connexion sécurisé avec Nmap / OpenSSL - Suites de chiffrement

Vérifier les suites de chiffrement d'un protocol de communication / #Openssl, #Ciphers, #SSL, #TLS, #StartTLS, #Postfix, #Apache

Author : O.Romain.Jaillet-ramey

NdM : 2023/11/14 - Ébauche d'article.

Bonjour, aujourd'hui J'écris ce mémo sur quelques commandes concernant OpenSSL pour intéroger, pour vérifier les suites de chiffrement d'un protocol de communication.

Je vais utiliser OpenSSL, Nmap, Telnet et parler de Postfix le serveur MTA de mails.

Vérifier la suites des algorithmes de chiffrements autorisés sur un serveur.
Avec la commande de scann -> nmap <- et leur script ssl-enum-ciphers.

Script avec 33 lignes


001$ nmap --script ssl-enum-ciphers -p 443 www.zw3b.eu -6
002
003Starting Nmap 7.40 ( https://nmap.org ) at 2023-11-14 17:16 CET
004Nmap scan report for www.zw3b.eu (2607:5300:60:9389::1)
005Host is up (0.10s latency).
006Other addresses for www.zw3b.eu (not scanned): 158.69.126.137
007rDNS record for 2607:5300:60:9389::1: wan.ipv10.net
008PORT    STATE SERVICE
009443/tcp open  https
010| ssl-enum-ciphers:
011|   TLSv1.2:
012|     ciphers:
013|       TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (secp384r1) - A
014|       TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (secp384r1) - A
015|       TLS_ECDHE_ECDSA_WITH_AES_128_CCM (secp384r1) - A
016|       TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 (secp384r1) - A
017|       TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (secp384r1) - A
018|       TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (secp384r1) - A
019|       TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (secp384r1) - A
020|       TLS_ECDHE_ECDSA_WITH_AES_256_CCM (secp384r1) - A
021|       TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 (secp384r1) - A
022|       TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (secp384r1) - A
023|       TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 (secp384r1) - A
024|       TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 (secp384r1) - A
025|       TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 (secp384r1) - A
026|       TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 (secp384r1) - A
027|       TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (secp384r1) - A
028|     compressors:
029|       NULL
030|     cipher preference: client
031|_  least strength: A
032
033Nmap done: 1 IP address (1 host up) scanned in 9.54 seconds
Retirer les numéros de lignes

Je peut utiliser la commande -> openssl s_client

Je peut essayer de me conecter au site s'il dispose d'un certificat tls1_3, tls1_2, tls1_1

Script avec 57 lignes

001echo | openssl s_client -showcerts -connect www.zw3b.eu:443 -servername www.zw3b.eu -tls1_3
002CONNECTED(00000003)
003depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
004verify return:1
005depth=1 C = US, O = Let's Encrypt, CN = R3
006verify return:1
007depth=0 CN = zw3b.eu
008verify return:1
009---
010Certificate chain
011 0 s:CN = zw3b.eu
012   i:C = US, O = Let's Encrypt, CN = R3
013-----BEGIN CERTIFICATE-----
014MIIEOTCCAyGgAwIBAgISBLozcwPm7Dwnu132Z9sR/uHyMA0GCSqGSIb3DQEBCwUA
015[...]
016s41KxazyA1yD0dnXPE9u9m5i3Uu8nZrGOuHcJxM=
017-----END CERTIFICATE-----
018 1 s:C = US, O = Let's Encrypt, CN = R3
019   i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
020-----BEGIN CERTIFICATE-----
021MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw
022[...]
023MldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX
024nLRbwHOoq7hHwg==
025-----END CERTIFICATE-----
026 2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1
027   i:O = Digital Signature Trust Co., CN = DST Root CA X3
028-----BEGIN CERTIFICATE-----
029MIIFYDCCBEigAwIBAgIQQAF3ITfU6UK47naqPGQKtzANBgkqhkiG9w0BAQsFADA/
030[...]
031Dfvp7OOGAN6dEOM4+qR9sdjoSYKEBpsr6GtPAQw4dy753ec5
032-----END CERTIFICATE-----
033---
034Server certificate
035subject=CN = zw3b.eu
036
037issuer=C = US, O = Let's Encrypt, CN = R3
038
039---
040No client certificate CA names sent
041Peer signing digest: SHA384
042Peer signature type: ECDSA
043Server Temp Key: X25519, 253 bits
044---
045SSL handshake has read 4188 bytes and written 315 bytes
046Verification: OK
047---
048New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
049Server public key is 384 bit
050Secure Renegotiation IS NOT supported
051Compression: NONE
052Expansion: NONE
053No ALPN negotiated
054Early data was not sent
055Verify return code: 0 (ok)
056---
057DONE
Retirer les numéros de lignes

Voir le certificat d'un site avec en plus openssl x509 et les options -text -noout (pour un certificat local utiliser l'option -in file.pem).

Script avec 94 lignes

001$ echo | openssl s_client -showcerts -connect www.zw3b.eu:443 -servername www.zw3b.eu -tls1_3 | openssl x509 -text -noout
002depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
003verify return:1
004depth=1 C = US, O = Let's Encrypt, CN = R3
005verify return:1
006depth=0 CN = zw3b.eu
007verify return:1
008Certificate:
009    Data:
010        Version: 3 (0x2)
011        Serial Number:
012            04:ba:33:73:03:e6:ec:3c:27:bb:5d:f6:67:db:11:fe:e1:f2
013        Signature Algorithm: sha256WithRSAEncryption
014        Issuer: C = US, O = Let's Encrypt, CN = R3
015        Validity
016            Not Before: Sep 24 21:39:12 2023 GMT
017            Not After : Dec 23 21:39:11 2023 GMT
018        Subject: CN = zw3b.eu
019        Subject Public Key Info:
020            Public Key Algorithm: id-ecPublicKey
021                Public-Key: (384 bit)
022                pub:
023                    04:c3:77:94:e0:af:ca:10:c4:c4:0e:ab:e4:16:14:
024                    6a:79:00:3e:d2:20:a3:8a:f4:e2:13:06:3b:ce:67:
025                    38:93:ff:57:69:77:7f:d5:5d:dd:d5:6e:c2:f3:b4:
026                    bb:59:7b:5d:f3:00:92:c8:c4:2d:91:15:aa:70:14:
027                    22:7d:f3:cc:d5:0a:04:85:33:48:88:f7:ab:cf:3c:
028                    f2:73:6c:34:3f:50:e0:78:e1:88:56:83:f9:cc:fa:
029                    9d:89:c9:8b:58:bc:e9
030                ASN1 OID: secp384r1
031                NIST CURVE: P-384
032        X509v3 extensions:
033            X509v3 Key Usage: critical
034                Digital Signature
035            X509v3 Extended Key Usage:
036                TLS Web Server Authentication, TLS Web Client Authentication
037            X509v3 Basic Constraints: critical
038                CA:FALSE
039            X509v3 Subject Key Identifier:
040                18:7A:A8:66:84:77:A4:B8:BD:44:19:09:B2:9C:74:06:48:5D:AB:36
041            X509v3 Authority Key Identifier:
042                keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
043
044            Authority Information Access:
045                OCSP - URI:http://r3.o.lencr.org
046                CA Issuers - URI:http://r3.i.lencr.org/
047
048            X509v3 Subject Alternative Name:
049                DNS:*.zw3b.eu, DNS:zw3b.eu
050            X509v3 Certificate Policies:
051                Policy: 2.23.140.1.2.1
052
053            CT Precertificate SCTs:
054                Signed Certificate Timestamp:
055                    Version   : v1 (0x0)
056                    Log ID    : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C:
057                                5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99
058                    Timestamp : Sep 24 22:39:13.014 2023 GMT
059                    Extensions: none
060                    Signature : ecdsa-with-SHA256
061                                30:45:02:21:00:D1:84:23:8C:C2:68:20:52:97:2E:FA:
062                                1A:B5:88:A4:F8:1A:46:78:38:17:24:63:90:C8:BB:13:
063                                30:DD:99:1B:E5:02:20:29:19:0B:8E:A0:8D:61:BE:5C:
064                                F4:34:97:BF:98:94:13:43:17:86:B5:3B:75:10:75:62:
065                                CD:1A:3D:0D:E0:3D:D3
066                Signed Certificate Timestamp:
067                    Version   : v1 (0x0)
068                    Log ID    : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84:
069                                16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52
070                    Timestamp : Sep 24 22:39:13.078 2023 GMT
071                    Extensions: none
072                    Signature : ecdsa-with-SHA256
073                                30:46:02:21:00:C4:19:58:41:52:FF:84:DD:4C:C2:10:
074                                94:EF:01:F6:FE:A3:5F:BB:97:91:55:F7:BF:94:3F:8C:
075                                A0:AD:C6:A7:28:02:21:00:C5:03:34:4B:3E:2A:C8:27:
076                                F0:B6:E6:C2:DF:5D:13:26:D1:01:D8:CA:70:8C:8C:77:
077                                74:68:87:79:FC:67:DB:BD
078    Signature Algorithm: sha256WithRSAEncryption
079         09:fa:05:97:8f:9f:87:5e:06:0e:26:25:94:ca:c4:1e:51:13:
080         e7:14:e1:6d:74:b0:24:05:b9:60:4d:75:48:b4:49:8f:92:14:
081         aa:b6:2d:ac:43:fd:5e:07:1a:20:b7:7a:53:f6:23:16:68:34:
082         6e:9f:79:cb:bc:52:bb:74:a0:a0:20:ff:ab:ba:f7:67:aa:8f:
083         2d:fc:e3:55:92:f3:c6:dd:f3:f3:31:22:0f:ce:03:b6:82:d1:
084         72:0b:50:de:1b:9f:e2:6e:56:fa:22:c6:ee:b6:d0:1a:da:fd:
085         db:bd:be:92:69:3d:59:fa:2c:04:0d:09:dc:60:c0:75:d8:7d:
086         2c:79:71:e3:1a:3a:77:40:de:8f:60:40:69:d6:1f:1d:2b:08:
087         67:90:7a:ea:1e:9c:13:20:d4:ca:8b:0e:06:23:18:11:92:64:
088         67:46:aa:45:12:08:4d:a3:43:2b:85:6f:8a:11:2c:38:67:ca:
089         62:7d:6b:e9:1e:28:b2:83:0c:cd:e2:1f:71:97:df:f6:6b:b7:
090         ed:77:81:48:2d:94:0f:ae:d5:62:d4:3c:f7:e0:52:a1:60:55:
091         3e:f7:8c:cf:b1:35:96:af:ff:60:66:b3:8d:4a:c5:ac:f2:03:
092         5c:83:d1:d9:d7:3c:4f:6e:f6:6e:62:dd:4b:bc:9d:9a:c6:3a:
093         e1:dc:27:13
094DONE
Retirer les numéros de lignes

Note : Voir un certificat local openssl x509 -text -noout -in file.pem.

On peut visualiser d'autres protocoles que le HTTPS (port 443).

Après cette introduction, je vais vous parler des procotoles SMTPs IMAPs POPs...

Par exemple le service STMP (port 25) ou SMTPs (port 465) ou SMTPS with StartTLS (port 587)

Ci-dessous, j'envoie un commande sur le port 25 (SMTP) sans sécurité avec en option "starttls" pour activer la transmission sécurisée.

Script avec 67 lignes

001$ echo | openssl s_client -starttls smtp -showcerts -connect smtp.zw3b.eu:25 -servername smtp.zw3b.eu
002CONNECTED(00000003)
003depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
004verify return:1
005depth=1 C = US, O = Let's Encrypt, CN = R3
006verify return:1
007depth=0 CN = mail.zw3b.eu
008verify return:1
009---
010Certificate chain
011 0 s:CN = mail.zw3b.eu
012   i:C = US, O = Let's Encrypt, CN = R3
013-----BEGIN CERTIFICATE-----
014MIIGRjCCBS6gAwIBAgISBAO2RR2xXxEujKzQr5wV6Wf+MA0GCSqGSIb3DQEBCwUA
015[...]
016GpjuiyV0VMVKFUUPfTKf2BDeQkQlPWUdnZj1W7ROCES6TB4CUv/IVbr1DI6M1Erj
0172qAdtLT7EypMLxFAXAKB5uwr0mYf0mihwQs=
018-----END CERTIFICATE-----
019 1 s:CN = mail.zw3b.eu
020   i:C = US, O = Let's Encrypt, CN = R3
021-----BEGIN CERTIFICATE-----
022MIIGRjCCBS6gAwIBAgISBAO2RR2xXxEujKzQr5wV6Wf+MA0GCSqGSIb3DQEBCwUA
023[...]
024GpjuiyV0VMVKFUUPfTKf2BDeQkQlPWUdnZj1W7ROCES6TB4CUv/IVbr1DI6M1Erj
0252qAdtLT7EypMLxFAXAKB5uwr0mYf0mihwQs=
026-----END CERTIFICATE-----
027 2 s:C = US, O = Let's Encrypt, CN = R3
028   i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
029-----BEGIN CERTIFICATE-----
030MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw
031[...]
032MldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX
033nLRbwHOoq7hHwg==
034-----END CERTIFICATE-----
035 3 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1
036   i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
037-----BEGIN CERTIFICATE-----
038MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw
039[...]
040emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc=
041-----END CERTIFICATE-----
042---
043Server certificate
044subject=CN = mail.zw3b.eu
045
046issuer=C = US, O = Let's Encrypt, CN = R3
047
048---
049No client certificate CA names sent
050Peer signing digest: SHA384
051Peer signature type: ECDSA
052Server Temp Key: X25519, 253 bits
053---
054SSL handshake has read 6536 bytes and written 417 bytes
055Verification: OK
056---
057New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
058Server public key is 384 bit
059Secure Renegotiation IS NOT supported
060Compression: NONE
061Expansion: NONE
062No ALPN negotiated
063Early data was not sent
064Verify return code: 0 (ok)
065---
066250 CHUNKING
067DONE
Retirer les numéros de lignes

Ci-dessous, j'envoie une commande sur le port 465 (SMTPs) donc sécurisée.

Script avec 67 lignes

001echo | openssl s_client -showcerts -connect smtp.zw3b.eu:465 -servername smtp.zw3b.eu
002CONNECTED(00000003)
003depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
004verify return:1
005depth=1 C = US, O = Let's Encrypt, CN = R3
006verify return:1
007depth=0 CN = mail.zw3b.eu
008verify return:1
009---
010Certificate chain
011 0 s:CN = mail.zw3b.eu
012   i:C = US, O = Let's Encrypt, CN = R3
013-----BEGIN CERTIFICATE-----
014MIIGRjCCBS6gAwIBAgISBAO2RR2xXxEujKzQr5wV6Wf+MA0GCSqGSIb3DQEBCwUA
015[...]
016GpjuiyV0VMVKFUUPfTKf2BDeQkQlPWUdnZj1W7ROCES6TB4CUv/IVbr1DI6M1Erj
0172qAdtLT7EypMLxFAXAKB5uwr0mYf0mihwQs=
018-----END CERTIFICATE-----
019 1 s:CN = mail.zw3b.eu
020   i:C = US, O = Let's Encrypt, CN = R3
021-----BEGIN CERTIFICATE-----
022MIIGRjCCBS6gAwIBAgISBAO2RR2xXxEujKzQr5wV6Wf+MA0GCSqGSIb3DQEBCwUA
023[...]
024GpjuiyV0VMVKFUUPfTKf2BDeQkQlPWUdnZj1W7ROCES6TB4CUv/IVbr1DI6M1Erj
0252qAdtLT7EypMLxFAXAKB5uwr0mYf0mihwQs=
026-----END CERTIFICATE-----
027 2 s:C = US, O = Let's Encrypt, CN = R3
028   i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
029-----BEGIN CERTIFICATE-----
030MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw
031[...]
032MldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX
033nLRbwHOoq7hHwg==
034-----END CERTIFICATE-----
035 3 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1
036   i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
037-----BEGIN CERTIFICATE-----
038MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw
039TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
040[...]
041emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc=
042-----END CERTIFICATE-----
043---
044Server certificate
045subject=CN = mail.zw3b.eu
046
047issuer=C = US, O = Let's Encrypt, CN = R3
048
049---
050No client certificate CA names sent
051Peer signing digest: SHA384
052Peer signature type: ECDSA
053Server Temp Key: X25519, 253 bits
054---
055SSL handshake has read 6336 bytes and written 384 bytes
056Verification: OK
057---
058New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
059Server public key is 384 bit
060Secure Renegotiation IS NOT supported
061Compression: NONE
062Expansion: NONE
063No ALPN negotiated
064Early data was not sent
065Verify return code: 0 (ok)
066---
067DONE
Retirer les numéros de lignes

Ci-dessous, j'envoie une commande sur le port 587 (SMTPs) (dans un serveur MAIL comme Postfix, la demande StartTLS est automatique). Ici, c'est "openssl" le client, il faut lui envoyer l'opion nous même, tout comme nous l'avons fait en se connectant sur le port 25.

Script avec 67 lignes

001$ echo | openssl s_client -starttls smtp -showcerts -connect smtp.zw3b.eu:587 -servername smtp.zw3b.eu
002CONNECTED(00000003)
003depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
004verify return:1
005depth=1 C = US, O = Let's Encrypt, CN = R3
006verify return:1
007depth=0 CN = mail.zw3b.eu
008verify return:1
009---
010Certificate chain
011 0 s:CN = mail.zw3b.eu
012   i:C = US, O = Let's Encrypt, CN = R3
013-----BEGIN CERTIFICATE-----
014MIIGRjCCBS6gAwIBAgISBAO2RR2xXxEujKzQr5wV6Wf+MA0GCSqGSIb3DQEBCwUA
015[...]
016GpjuiyV0VMVKFUUPfTKf2BDeQkQlPWUdnZj1W7ROCES6TB4CUv/IVbr1DI6M1Erj
0172qAdtLT7EypMLxFAXAKB5uwr0mYf0mihwQs=
018-----END CERTIFICATE-----
019 1 s:CN = mail.zw3b.eu
020   i:C = US, O = Let's Encrypt, CN = R3
021-----BEGIN CERTIFICATE-----
022MIIGRjCCBS6gAwIBAgISBAO2RR2xXxEujKzQr5wV6Wf+MA0GCSqGSIb3DQEBCwUA
023[...]
024GpjuiyV0VMVKFUUPfTKf2BDeQkQlPWUdnZj1W7ROCES6TB4CUv/IVbr1DI6M1Erj
0252qAdtLT7EypMLxFAXAKB5uwr0mYf0mihwQs=
026-----END CERTIFICATE-----
027 2 s:C = US, O = Let's Encrypt, CN = R3
028   i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
029-----BEGIN CERTIFICATE-----
030MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw
031[...]
032MldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX
033nLRbwHOoq7hHwg==
034-----END CERTIFICATE-----
035 3 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1
036   i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
037-----BEGIN CERTIFICATE-----
038MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw
039[...]
040emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc=
041-----END CERTIFICATE-----
042---
043Server certificate
044subject=CN = mail.zw3b.eu
045
046issuer=C = US, O = Let's Encrypt, CN = R3
047
048---
049No client certificate CA names sent
050Peer signing digest: SHA384
051Peer signature type: ECDSA
052Server Temp Key: X25519, 253 bits
053---
054SSL handshake has read 6537 bytes and written 417 bytes
055Verification: OK
056---
057New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
058Server public key is 384 bit
059Secure Renegotiation IS NOT supported
060Compression: NONE
061Expansion: NONE
062No ALPN negotiated
063Early data was not sent
064Verify return code: 0 (ok)
065---
066250 CHUNKING
067DONE
Retirer les numéros de lignes

On peut utiliser telnet pour se connecter au serveur SMTP :

Script avec 5 lignes

001$ telnet mail.zw3b.eu 25
002Trying 2607:5300:60:9389:17:4c1:0:1a...
003Connected to mail.zw3b.eu.
004Escape character is '^]'.
005220 mail.zw3b.eu ESMTP Postfix
Retirer les numéros de lignes

Il faut envoyer un "nom de domaine" avec la commande SMTP :

Script avec 1 ligne

001EHLO zw3b.eu
Retirer les numéros de lignes

Qui nous connecte au serveur et retourne ces informations en attente d'une authentification :

Script avec 9 lignes

001250-mail.zw3b.eu
002250-PIPELINING
003250-SIZE 20480000
004250-ETRN
005250-STARTTLS
006250-ENHANCEDSTATUSCODES
007250-8BITMIME
008250-DSN
009250 CHUNKING
Retirer les numéros de lignes

On peut s'identifier sur le serveur comme expliquer sur cette page -> test-smtp-with-telnet-or-openssl .

...