Skip to content

Instantly share code, notes, and snippets.

@kousu

kousu/Guide.md

Last active March 2, 2017 06:28
Show Gist options
  • Save kousu/ff27a342143a430b4d45ef2b21853fde to your computer and use it in GitHub Desktop.
Save kousu/ff27a342143a430b4d45ef2b21853fde to your computer and use it in GitHub Desktop.
Download ZIP
Debugging mailservers by self-MITM
Raw
Guide.md

Debugging mail is hard. It's even harder when there's SSL in the way. But we can use unix elbow grease to get around this!

Run socat as a proxy, offloading the SSL processing to openssl in a subshell:

$ socat -v TCP-LISTEN:5877 EXEC:'openssl s_client -connect mail.your.server\:587 -starttls smtp'

Test this is working by, in parallel session

$ nc localhost 5877
EHLO mail.your.server

Re-run the proxy.

Edit your mail server / client config to use localhost:5877 as its outgoing mail server with encryption disabled, instead of mail.your.server:587 or mail.your.server:25. Then run it. socat will display the traffic.

Re-run the proxy and you can emulate what your client did by nc localhost 5877ing again.

Cheers!

@kousu
Copy link
Author

kousu commented Mar 2, 2017

(that \: is key! don't remove that! the socat parser is a bit stupid)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment