I am using smtp.gmail.com
and port 587. After a successful connection, I send EHLO
and receive the following:
250-smtp.gmail.com at your service, [62.16.4.123]
250-SIZE 35882577
250-8BITMIME
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-CHUNKING
250 SMTPUTF
I choose STARTTLS
and after that, I don't know what to send to the server and to login and send email.
If I will send something like AUTH LOGIN
or base64-encrypted login with password, the connection is broken.
Can someone explain what my client should send to successfully finish the STARTTLS
negotiation?
Or, should I start over with a new SSL connection?
CodePudding user response:
After you send an (unencrypted) STARTTLS
command, if the server returns any reply other than 220
, handle it has a failure and move on with other SMTP commands as needed (though, at this point, the only one that really makes sense is QUIT
).
If the server returns 220
to STARTTLS
, you then need to perform the actual TLS handshake over the existing TCP connection, starting with a TLS CLIENT HELLO. Whatever TLS library you are using with your socket should be able to handle this for you, do not implement this from scratch.
If the TLS handshake is successful, then you can send further SMTP commands (through the TLS-encrypted channel), starting with a new EHLO
(as the server's capabilities may and likely will change, most notably the available AUTH
schemes), then followed by AUTH
, MAIL FROM
, RCPT TO
, DATA
/BDAT
, etc and finally QUIT
, as needed.
If the TLS handshake fails, the TCP connection is left in an unknown state, so further SMTP communication is not possible. All you can do at that point is close the TCP connection and start over.