Sending Email with Netcat
Is it possible to send an email from a host that has no email client software installed? As long as you have netcat, of course it is!
Netcat (/usr/bin/nc on Red Hat Enterprise Linux systems) is a simple utility for reading and writing data across TCP/UDP connections. It's often used for testing and debugging network connections. In its most basic usage, netcat allows you to feed a stream of data to a specific port on a specific host, which is perfect for our purpose here. Check the netcat man page for more information on it's various features. There are also sample scripts under /usr/share/doc/nc-*/. If netcat is not installed on your Red Hat Enterprise Linux, CentOS or Fedora system, you can install it with the command yum install nc.
What we will be doing with netcat is using it to feed a stream of data to port 25 (SMTP) on a mail relay, making it believe it's talking to a regular email client. In order to do this, we first need to figure out what our email server expects to see from a client. This can be done by connecting via telnet to our SMTP relay host and issuing the correct SMTP commands, as in the following example:
[user@host]# telnet smtp.domain.com 25 Trying 192.168.0.1... Connected to smtp.domain.com (192.168.0.1). Escape character is '^]'. 220 myrelay.domain.com ESMTP HELO smtp.domain.com 250 myrelay.domain.com MAIL FROM:<firstname.lastname@example.org> 250 sender <email@example.com> ok RCPT TO:<firstname.lastname@example.org> 250 recipient <email@example.com> ok DATA 354 go ahead From: [Alice Hacker] <firstname.lastname@example.org> To: [Bob Smith] <email@example.com> Date: Mon, 12 Apr 2010 14:21:26 -0400 Subject: Test Message Hi there! This is supposed to be a real email... Have a good day! Alice . 250 ok: Message 222220902 accepted QUIT 221 myrelay.domain.com Connection closed by foreign host. [user@host]#
Note that the userid part of the "From" address does not have to contain a valid userid, only a valid domain name. You will have to replace "smtp.domain.com" with a valid SMTP relay that allows relaying from your host. Generally, experienced admins will disallow relaying from unknown hosts to discourage spam. Additionally, the body of the email (everything after the "DATA" command) is ended by sending a blank line, followed by a line with a period (.) on it by itself.
Now that we know what the remote server expects to see, we can craft a text file with our SMTP commands and the message to be sent. The recipients mail server will expect the date to be in a particular format.
Use the command:
date '+%a, %d %b %Y %H:%M:%S %z'
To generate a date string that resembles:
Mon, 12 Apr 2010 14:21:26 -0400
The contents of your message file should resemble this example:
HELO host.example.com MAIL FROM:<firstname.lastname@example.org> RCPT TO:<email@example.com> DATA From: [Alice] <firstname.lastname@example.org> To: <email@example.com> Date: Mon, 12 Apr 2010 14:21:26 -0400 Subject: Test Message Hi there! This is supposed to be a real email... Have a good day! Alice . QUIT
Now we can feed this text file to the netcat program as follows:
# /usr/bin/nc smtp.domain.com 25 < /tmp/message 220 myrelay.domain.com ESMTP 250 myrelay.domain.com 250 sender <firstname.lastname@example.org> ok 250 recipient <email@example.com> ok 354 go ahead 250 ok: Message 222220902 accepted 221 myrelay.domain.com #
And your email has been sent!
Again, what we did here was feed data to netcat, which then sends that data to port 25 on the specified host (our mail relay). Since we've formatted the data to look like an email. the SMTP server accepts it as it would any other email and sends it, assuming of course that we're allowed to relay email.
Given a little time and effort, a nice bash or korn shell script can be written that automates the creation of the message text file. You can specify multiple recipients in the email header, and include the output of other commands in the body of the email. For example, a monitoring script which is periodically executed via a cron job can email it's standard output to a list of recipients.
Pete Vargas Mas is an avid indoorsman and a Linux Consultant.Pete is a RHCE and a MCSA, which so far has not caused any eddies in the space-time continuum. He spends most of his time these days herding hundreds of Linux servers.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Server Hardening
- BitTorrent Inc.'s Sync
- The Death of RoboVM
- EnterpriseDB's EDB Postgres Advanced Server and EDB Postgres Enterprise Manager
- The Humble Hacker?
- New Container Image Standard Promises More Portable Apps
- Open-Source Project Secretly Funded by CIA
- The US Government and Open-Source Software
- Canonical and BQ's Aquaris M10 Ubuntu Edition Tablet
- ACI Worldwide's UP Retail Payments
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide