« MBS Plugin for FileMa… | Home | MBS Plugin Schulungen… »

Reading CURL logs

Today we look into a CURL log and explain the messages. The following log is from sending an email, so let's check it:

Rebuilt URL to: smtp://sslout.df.eu/

This shows the URL we really connect to. This URL may be rewritten/fixed by CURL from what you passed.

Trying 134.119.18.24...

We got an IP for the domain and now try to connect. Depending if your OS prefers IPv4 or IPv6, it may be the preferred IP type.

Connected to sslout.df.eu (134.119.18.24) port 587 (#0)

We are connected. Here you see the IP and port we did connect to.

220 smtprelay01.ispgateway.de ESMTP dfex

The server is greeting us, shows the name it's configured with.

EHLO MacbookPro-Christian

The client greets back using the host name.

250-smtprelay01.ispgateway.de Hello MacbookPro-Christian [89.26.38.13]

Server greets back and we see our own IP here.

250-SIZE 104857600

The server reports here the maximum size of an encoded email. So if you want to show the user how big the emails can be, make a smtp connection without email content, username and password and just get this value from the debug log. Than multiple by 6 and divide by 8. Than you have the actual data size. Minus a few Kilobytes for email text gives the size of maximum attachment. In this case about 75 MB.

250-8BITMIME

For sending MIME encoded emails, the server supports 8-bit. Not all servers do that.

250-PIPELINING

Sending several emails over one connection is supported.

250-AUTH PLAIN LOGIN

Authenticated SMTP is supported with plain login.

250-STARTTLS

Using Transport layer security is supported.

250 HELP

Helpful messages are provided.

STARTTLS

The plugin starts TLS upgrade.

220 TLS go ahead

The server replies success and we discuss now the SSL parameters:

ALPN, offering http/1.1

We offer to use HTTP 1.1 (not needed here)

Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH

We offer all ciphers, but please not 40 or 56-bit encryption and please no RC4. We want something strong!

successfully set certificate verify locations:
CAfile: /Users/cs/Library/Preferences/sslout.df.eu.cer
CApath: none

We set to use this certificate file only. The SSL connection will now only work with that specific certificate and if the server doesn't use this one, the connection will fail. This is called certificate pinning. Any intermediate proxy certificate will not be accepted.

TLSv1.2 (OUT), TLS header, Certificate Status (22):
TLSv1.2 (OUT), TLS handshake, Client hello (1):
TLSv1.2 (IN), TLS handshake, Server hello (2):
TLSv1.2 (IN), TLS handshake, Certificate (11):
TLSv1.2 (IN), TLS handshake, Server key exchange (12):
TLSv1.2 (IN), TLS handshake, Server finished (14):
TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
TLSv1.2 (OUT), TLS change cipher, Client hello (1):
TLSv1.2 (OUT), TLS handshake, Finished (20):
TLSv1.2 (IN), TLS change cipher, Client hello (1):
TLSv1.2 (IN), TLS handshake, Finished (20):

We talk with server to find out what certificate the server has, exchange keys for client and server.

SSL connection using TLSv1.2 / DHE-RSA-AES256-GCM-SHA384

This is the result for the TLS negation. We use DHE to find keys, RSA for key exchange, AES for encryption and SHA for hashes.

ALPN, server did not agree to a protocol

HTTP 1.1 is not used for sending email.

Server certificate:
subject: C=DE; OU=Domain Control Validated; CN=sslout.df.eu
start date: 2015-02-03 10:43:22 GMT
expire date: 2018-02-03 10:43:22 GMT
subjectAltName: sslout.df.eu matched
issuer: C=BE; O=GlobalSign nv-sa; CN=AlphaSSL CA - SHA256 - G2
SSL certificate verify ok.

This shows details on the server certificate. You can use option CertInfo to get here a more verbose output. So 2018 I will have to change mine to the new certificate.

EHLO MacbookPro-Christian

We greet again, now over the SSL connection.

250-smtprelay01.ispgateway.de Hello MacbookPro-Christian [89.26.38.13]
250-SIZE 104857600
250-8BITMIME
250-PIPELINING
250-AUTH PLAIN LOGIN
250 HELP

Server greets back like above.

AUTH LOGIN

We start authentication process.

334 VXNlcm5hbWU6

Server sends question for username. (base64 encoded)

c2V34uZGlu3451Z0Btb25r43ZYlic34mVhZH4N

We send username. (base64 encoded)

334 UGFz24535mQ6

Server now asks for password. (base64 encoded)

ZC23452345WRmFoYTg2

We send password. (base64 encoded)

235 Authentication succeeded

Server accepts the credentials.

MAIL FROM:
250 OK

Plugin sends from address for email. This is also included later in the email itself. Server accepts us as sender. Some servers only allow people to send with using right sender address for the given account or server.

RCPT TO:
250 Accepted

The recipient is also accepted.

DATA

Now we ask to send data.
Server accepts data and tells use to end data with a line with a dot.

250 OK id=1b0PsA-0008Kw-6i

The email was accepted and is hopefully queued for sending.

Connection #0 to host sslout.df.eu left intact

By default the plugin keeps connection open to reuse it for sending another email.
If something here goes wrong, you will see an error message in the log.
11 05 16 - 11:24