Querying SSL/TLS capabilities of SMTP servers

Justin justin-cypherpunks at soze.net
Thu Jul 8 23:52:50 PDT 2004 

This one should work better.  The last one had string comparison
problems.


#!/usr/bin/perl

use IO::Select;
use IO::Socket;
use Net::DNS;

$ehloname = "mail.senate.gov";
$timeout = 15;
$dlevel = 0;

sub debug {
    (my $str, my $mlevel) = @_;
    if ($mlevel <= $dlevel) { print "DEBUG $str"; }
}

sub checkmailtls {
    my ($domain, $mpri, $mrelay) = @_;
    my $proto = "smtp";
    my $hastls = "no-tls";
    my @flags;

    my $mhost = IO::Socket::INET->new (
 	    Proto => "tcp", PeerAddr => $mrelay,
	    PeerPort => "25", Timeout => "10"
    );
    if (! defined $mhost) {
	print "$domain $mpri $mrelay noconnect\n";
	return;
    }

    debug("opened connection to $mrelay\n", 1);

    $sel = IO::Select->new($mhost);
    @readable = $sel->can_read($timeout);   # magic number
    if ($#readable == -1) {
	print "$domain $mpri $mrelay timeout-a\n";
	goto OUT;
    }
    $greeting .= <$mhost>; # there's only one handle; we know which it is.

    debug("greeting: $greeting", 2);
    if ($greeting =~ /[\\*]{8}/) {
	$proto = "smtp";
	push (@flags, "filtered");
    }
    if ($greeting =~ /\b(esmtp|postfix|exim|sendmail)\b/i) {
        debug("setting esmtp (greet)!\n", 1);
	$proto = "esmtp";
    	debug("found esmtp-indicator in greeting\n", 1);
    }

    print $mhost "EHLO $ehloname\r\n";
    print $mhost "QUIT\r\n";

    if (! (@readable = $sel->can_read($timeout))) {
	print "$domain $mpri $mrelay timeout-b\n";
	goto OUT;
    }
    while (<$mhost>) { #$sel->can_read(0)) {
	chomp;
	debug("loop-recv: $_\n", 2);
	if (/^5[0-9]{2}/) {
	    if ($proto =~ /^esmtp/) {
		push(@flags, "lies");
	    	$proto = "smtp";
	    }
	    $hastls = "no-tls";
	    last;
	}
	if (/STARTTLS/) {
	    if ($proto =~ /^smtp/) {
		debug("setting esmtp (stls)!\n", 1);
		$proto = "esmtp";
		push(@flags, "nobproto");
	    }
	    $hastls = "adv-tls";
	    last;
	}
    }
    print "$domain $mpri $mrelay $proto $hastls @flags\n";

    # try again just in case the remote host didn't notice the first one
    print $mhost "QUIT\r\n";
OUT:
    close $mhost;
    debug("closed connection to $mrelay\n", 1);
}

### begin ####
if ($#ARGV >= 0) {
    for ($i = 0; $i <= $#ARGV; $i++) { push (@hostfifo, $ARGV[$i]); }
} else {
    while (<>) { chomp; push (@hostfifo, $_); }
}

while ($domain = shift(@hostfifo)) {
    my @mx = mx($domain);
    if ($#mx == -1) {
	checkmailtls($domain, "A", $domain);
    } else {
	foreach $record (@mx) {
	    my $mrelay = $record->exchange;
	    my $mpri = $record->preference;
	    checkmailtls($domain, $mpri, $mrelay);
	}
    }
}

More information about the cypherpunks-legacy mailing list