Ever wanted to check your POP3 email from the command line?

I have an article titled debugging SSL in the December issue of SysAdmin magazine. The article covers techniques to debug SSL communications, and includes several useful examples. One of the examples shows how openssl can be used to check the operational status of a POP3s server. This is accomplished by feeding POP3 commands to openssl ( or telnet if you want eavesdroppers to learn your username and password ):

$ openssl s_client -connect prefetch.net:995
CONNECTED(00000003)

[ … ]

user ME@my.domain < ---- This is the username you login as ---->
+OK Name is a valid mailbox

pass SOMETHING_OR_ANOTHER < ---- This is your POP3 password ---->
+OK Mailbox locked and ready

list
+OK scan listing follows
1 1518

retr 1
+OK Message follows

dele 1
+OK message deleted

quit
+OK

This allows you to open an SSL connection to your mail server, “list” the messages in your inbox, “retr” message number 1, and “dele” it after you are done reviewing it’s contents. This also has the awesome feature of dumping the complete headers from the message (most email clients provide this capability as well). The headers can help you get an idea of which path a message took to get to you (when the headers have not been modified).

Encrypting data with OpenSSL

I often find myself needing to protect sensitive data, and usually turn to OpenSSL for help. OpenSSL support a plethora of symmetric key encryption algorithms (AES, DES3, Blowfish, RC4), and comes with a variety of Operating Systems. To encrypt a file named private, we can pass one of the available symmetric key algorithms to OpenSSL:

$ openssl aes-256-ecb -in private -out private.aes256
enter aes-256-ecb encryption password:
Verifying – enter aes-256-ecb encryption password:

$ ls private*
private private.aes256

To decrypt the file private.aes256, the symmetric key algorithm and decryption option can be passed to OpenSSL:

$ openssl aes-256-ecb -d -in private.aes256 | tail -5
enter aes-256-ecb decryption password:
pop 109/tcp
pop3 110/tcp
imap 143/tcp
imaps 993/tcp
pop3s 995/tcp

As you can see, private wasn’t so private after all :) You can get a full list of available symmetric key ciphers by appending the help flag to openssl. If you are interesting in learning about more practical uses for OpenSSL, check out my article Real World Uses For OpenSSL.