Reading CURL logs
This shows the URL we really connect to. This URL may be rewritten/fixed by CURL from what you passed.Rebuilt URL to: smtp://sslout.df.eu/
We got an IP for the domain and now try to connect. Depending if your OS prefers IPv4 or IPv6, it may be the preferred IP type.Trying 134.119.18.24...
We are connected. Here you see the IP and port we did connect to.Connected to sslout.df.eu (134.119.18.24) port 587 (#0)
The server is greeting us, shows the name it's configured with.220 smtprelay01.ispgateway.de ESMTP dfex
The client greets back using the host name.EHLO MacbookPro-Christian
Server greets back and we see our own IP here.250-smtprelay01.ispgateway.de Hello MacbookPro-Christian [89.26.38.13]
The server reports here the maximum size of an encoded email. So if you want to show the user how big the emails can be, make a smtp connection without email content, username and password and just get this value from the debug log. Than multiple by 6 and divide by 8. Than you have the actual data size. Minus a few Kilobytes for email text gives the size of maximum attachment. In this case about 75 MB.250-SIZE 104857600
For sending MIME encoded emails, the server supports 8-bit. Not all servers do that.250-8BITMIME
Sending several emails over one connection is supported.250-PIPELINING
Authenticated SMTP is supported with plain login.250-AUTH PLAIN LOGIN
Using Transport layer security is supported.250-STARTTLS
Helpful messages are provided.250 HELP
The plugin starts TLS upgrade.STARTTLS
The server replies success and we discuss now the SSL parameters:220 TLS go ahead
We offer to use HTTP 1.1 (not needed here)ALPN, offering http/1.1
We offer all ciphers, but please not 40 or 56-bit encryption and please no RC4. We want something strong!Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
We set to use this certificate file only. The SSL connection will now only work with that specific certificate and if the server doesn't use this one, the connection will fail. This is called certificate pinning. Any intermediate proxy certificate will not be accepted.successfully set certificate verify locations:
CAfile: /Users/cs/Library/Preferences/sslout.df.eu.cer
CApath: none
We talk with server to find out what certificate the server has, exchange keys for client and server.TLSv1.2 (OUT), TLS header, Certificate Status (22):
TLSv1.2 (OUT), TLS handshake, Client hello (1):
TLSv1.2 (IN), TLS handshake, Server hello (2):
TLSv1.2 (IN), TLS handshake, Certificate (11):
TLSv1.2 (IN), TLS handshake, Server key exchange (12):
TLSv1.2 (IN), TLS handshake, Server finished (14):
TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
TLSv1.2 (OUT), TLS change cipher, Client hello (1):
TLSv1.2 (OUT), TLS handshake, Finished (20):
TLSv1.2 (IN), TLS change cipher, Client hello (1):
TLSv1.2 (IN), TLS handshake, Finished (20):
This is the result for the TLS negation. We use DHE to find keys, RSA for key exchange, AES for encryption and SHA for hashes.SSL connection using TLSv1.2 / DHE-RSA-AES256-GCM-SHA384
HTTP 1.1 is not used for sending email.ALPN, server did not agree to a protocol
This shows details on the server certificate. You can use option CertInfo to get here a more verbose output. So 2018 I will have to change mine to the new certificate.Server certificate:
subject: C=DE; OU=Domain Control Validated; CN=sslout.df.eu
start date: 2015-02-03 10:43:22 GMT
expire date: 2018-02-03 10:43:22 GMT
subjectAltName: sslout.df.eu matched
issuer: C=BE; O=GlobalSign nv-sa; CN=AlphaSSL CA - SHA256 - G2
SSL certificate verify ok.
We greet again, now over the SSL connection.EHLO MacbookPro-Christian
Server greets back like above.250-smtprelay01.ispgateway.de Hello MacbookPro-Christian [89.26.38.13]
250-SIZE 104857600
250-8BITMIME
250-PIPELINING
250-AUTH PLAIN LOGIN
250 HELP
We start authentication process.AUTH LOGIN
Server sends question for username. (base64 encoded)334 VXNlcm5hbWU6
We send username. (base64 encoded)c2V34uZGlu3451Z0Btb25r43ZYlic34mVhZH4N
Server now asks for password. (base64 encoded)334 UGFz24535mQ6
We send password. (base64 encoded)ZC23452345WRmFoYTg2
Server accepts the credentials.235 Authentication succeeded
Plugin sends from address for email. This is also included later in the email itself. Server accepts us as sender. Some servers only allow people to send with using right sender address for the given account or server.MAIL FROM:
250 OK
The recipient is also accepted.RCPT TO:
250 Accepted
Now we ask to send data.DATA
Server accepts data and tells use to end data with a line with a dot.
The email was accepted and is hopefully queued for sending.250 OK id=1b0PsA-0008Kw-6i
By default the plugin keeps connection open to reuse it for sending another email.Connection #0 to host sslout.df.eu left intact
If something here goes wrong, you will see an error message in the log.