How To Manually Send Email Using Telnet to Check for Open Relays

Knowing how to manually send an email using TELNET rather than a traditional email application such as Microsoft Outlook is sometimes useful for troubleshooting or testing for an open mail server relay. In order to send email via TELNET you will need 3 things:

  • An active internet connection
  • The address of a mail server capable of sending email from you – usually provided by your ISP (e.g. mail.myisp.com)
  • A valid email address (e.g. [email protected])

How to Manually Send An Email Using TELNET

The first thing to do is to open a connection from your computer to your mail server.

telnet mail.myisp.com 25

You should receive a reply like:

Trying ???.???.???.???...
Connected to mail.myisp.com.
Escape character is '^]'.
220 mail.myisp.com ESMTP Sendmail ?version-number?; ?date+time+gmtoffset?

You will then need to declare where you are sending the email from:

HELO local.domain.name

Don’t worry too much about your local domain name although you really should use your exact fully qualified domain name as seen by the outside world the mail server has no choice but to take your word for it.

This should give you:

250 mail.myisp.com Hello local.domain.name [ip.address.displayed.here], pleased to meet you

Now give your email address or some other email address that can be used with the mail server:

MAIL FROM: [email protected]

Should yield:

250 2.1.0 [email protected] Sender ok

If it doesn’t please see possible problems below.

Now give the recipients address:

RCPT TO: [email protected]

Should yield:

250 2.1.0 [email protected] Recipient ok

If it doesn’t see possible problems below.

To start composing the message issue the command:

DATA

If you want a subject for your email type:

Subject: your subject line here

then press enter twice

You may now proceed to type the body of your message. Example:

Hello world! I am the test email.

To tell the mail server that you have completed the message enter a single “.” on a line on it’s own.

.

The mail server should reply with:

250 2.0.0 ???????? Message accepted for delivery

You can close the connection by issuing the QUIT command.

QUIT

The mailserver should reply with something like:

221 2.0.0 mail.myisp.com closing connection
Connection closed by foreign host.

Possible Problems

Here are a list of problems you may encounter and their fixes:

501 [email protected] Sender domain must exist

The domain that you are sending from must exist

503 Need MAIL before RCPT

A recipient has been specified before a sender.

550 [email protected] Relaying Denied

The mail server has refused to relay mail for you, this may be for any number of reasons but typical reasons include:

  • Not using this provider for an internet connection
  • Not using an email address provided by the owner of the server.

Some Things to Watch Out For

  1. If you type too quickly, sometimes it won’t recognize your text
  2. The backspace key sometimes does not work with some telnet clients (even though it may seem as though it does). you can try the DELETE key instead.

MD5 Password Cracking

A lot of computer systems and applications use standard MD5 hash algorithms to store passwords. Using a straight unsalted MD5 hash of a password in order to store it securely used to be acceptable a few years ago but a recent technique similar to rainbow tables allows someone to recover the password by comparing the MD5 hashed password against a pregenerated list of known MD5 hashes of words. So all anyone has to do is compare your MD5 stored hash against this known list of MD5 hashes and they can then crack your MD5 hash to determine what your password string is. Here are a couple of good online searchable databases of MD5 hashes:

You can also try a Google search. Just take your MD5 hash and use that as the search term in Google. There is a pretty good chance that someone has already cracked the MD5 password and posted the results on their website which Google has indexed.

Hand Holding a Key

How To Remove the Password or Document Protection on a Microsoft Word Document

These instructions are for the version of Word that comes with Microsoft Office XP or Office 2003. I will explain 3 different techniques so hopefully one of the three techniques will work for you.

Technique 1

1. Switch to the HTML code view of the Word document by using Microsoft Script Editor. You can launch the Microsoft Script Editor by pressing the ALT+SHIFT+F11 key combination while in Word.
2. Search for the word “Password” and you should find a block of text that looks like this:

<w:DocumentProtection>ReadOnly</w:DocumentProtection>
<w:UnprotectPassword>19E8E61E</w:UnprotectPassword>

3. You can remove the document protection by deleting those two lines and then save the document. When you reopen the document the protection should be gone. If you want to remove a document password then replace the password with “00000000”. So for the example above, you would replace “19E8E61E” with “00000000”. Save the document and close the script editor. When you reopen the document, the password should be gone.

Note: This technique does not work for “File Open” password protected Word files. Office encrypts these files with a 40 bit key which can not be bypassed with this technique.

Technique 2

This technique removes the “document protection” feature of a Microsoft Word XP or 2003 document.

1. Create a new Word document.

2. From the top menu bar select Insert | File and then browse for the Word document that you want to remove the password on.

3. Select the password protected Word document and select Insert which will insert the password protected Word document into the new empty Word document you just created.

4. Finally, select Tools from the top menu and confirm that there is no longer an “Unprotect document” menu item which will mean the document protection has been removed.

Technique 3

1. Open the document as “read-only”

2. Save it under a different file name but save it as “.rtf” file format

3. Open the .rtf document and then resave it as “.doc” file format

4. Done. The password should now be removed from the document. Some of the formatting may be a little off due to having saved it in .rtf format but the password should be removed.

Note: Similar to technique 1, this method does not work for “File Open” password protected Word files.

Microsoft Office Logo