Access IMAP server from the command line using OpenSSL
In this post, we’ll use OpenSSL to gain access to an IMAP mail server. The mail server we’ll use is Google’s GMail. If you are running Linux, you should have openssl installed. On Windows, obtain and install the Win32 version of OpenSSL. If your IMAP server does not support SSL, you can use the excellent netcat utility on Linux, Ncat utility that comes with Nmap on Windows or regular telnet.
Connect
Issue the following command to begin an SSL session with the IMAP server:
openssl s_client -crlf -connect imap.gmail.com:993 |
IMAPS
openssl s_client -connect mail.example.com:995
USER amber
PASS foobar
LIST
STAT
RETR
QUIT
You’ll get an output such as the following, which you can suppress using the -quiet option to the command above.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
| CONNECTED(00000003) depth=1 /C=US/O=Google Inc/CN=Google Internet Authority verify error:num=20:unable to get local issuer certificate verify return:0 --- Certificate chain 0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=imap.gmail.com i:/C=US/O=Google Inc/CN=Google Internet Authority 1 s:/C=US/O=Google Inc/CN=Google Internet Authority i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority --- Server certificate -----BEGIN CERTIFICATE----- MIIDWzCCAsSgAwIBAgIKaNPuGwADAAAisjANBgkqhkiG9w0BAQUFADBGMQswCQYD VQQGEwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzEiMCAGA1UEAxMZR29vZ2xlIElu dGVybmV0IEF1dGhvcml0eTAeFw0xMTAyMTYwNDQzMDRaFw0xMjAyMTYwNDUzMDRa MGgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1N b3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgSW5jMRcwFQYDVQQDEw5pbWFw LmdtYWlsLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqfPyPSEHpfzv Xx+9zGUxoxcOXFrGKCbZ8bfUd8JonC7rfId32t0gyAoLCgM6eU4lN05VenNZUoCh L/nrX+ApdMQv9UFV58aYSBMU/pMmK5GXansbXlpHao09Mc8eur2xV+4cnEtxUvzp co/OaG15HDXcr46c6hN6P4EEFRcb0ccCAwEAAaOCASwwggEoMB0GA1UdDgQWBBQj 27IIOfeIMyk1hDRzfALz4WpRtzAfBgNVHSMEGDAWgBS/wDDr9UMRPme6npH7/Gra 42sSJDBbBgNVHR8EVDBSMFCgTqBMhkpodHRwOi8vd3d3LmdzdGF0aWMuY29tL0dv b2dsZUludGVybmV0QXV0aG9yaXR5L0dvb2dsZUludGVybmV0QXV0aG9yaXR5LmNy bDBmBggrBgEFBQcBAQRaMFgwVgYIKwYBBQUHMAKGSmh0dHA6Ly93d3cuZ3N0YXRp Yy5jb20vR29vZ2xlSW50ZXJuZXRBdXRob3JpdHkvR29vZ2xlSW50ZXJuZXRBdXRo b3JpdHkuY3J0MCEGCSsGAQQBgjcUAgQUHhIAVwBlAGIAUwBlAHIAdgBlAHIwDQYJ KoZIhvcNAQEFBQADgYEAxHVhW4aII3BPrKQGUdhOLMmdUyyr3TVmhJM9tPKhcKQ/ IcBYUev6gLsB7FH/n2bIJkkIilwZWIsj9jVJaQyJWP84Hjs3kus4fTpAOHKkLqrb IZDYjwVueLmbOqr1U1bNe4E/LTyEf37+Y5hcveWBQduIZnHn1sDE2gA7LnUxvAU= -----END CERTIFICATE----- subject=/C=US/ST=California/L=Mountain View/O=Google Inc/CN=imap.gmail.com issuer=/C=US/O=Google Inc/CN=Google Internet Authority --- No client certificate CA names sent --- SSL handshake has read 1866 bytes and written 281 bytes --- New, TLSv1/SSLv3, Cipher is RC4-SHA Server public key is 1024 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : RC4-SHA Session-ID: 2410BB675CA16A65B740B559BC10C0B406D3C48F48EB94DE48555F1E704D7A4E Session-ID-ctx: Master-Key: 5E51885143B7A320EA7EE1C5AFAA9160A716C453792C213D76FC85AADDAA89AC2C3BF1D29F567E648F5A460D8B558DFA Key-Arg : None TLS session ticket lifetime hint: 100800 (seconds) TLS session ticket: 0000 - b3 1f ec 8d cd bd 28 2e-4a 7d 78 92 d5 71 ff ef ......(.J}x..q.. 0010 - b3 fe dd bf 03 eb 49 42-5f d5 0f 5e 5f 04 65 be ......IB_..^_.e. 0020 - 05 9e 6b 1c 4c d3 6b 05-1b ce 32 e4 2a 90 1b b0 ..k.L.k...2.*... 0030 - df 8a 2b 4b e3 91 88 45-c1 97 d0 76 8a 5c b3 f2 ..+K...E...v.\.. 0040 - 0e 83 f7 d5 5c 52 44 c6-b1 bf b0 f3 42 73 5b 81 ....\RD.....Bs[. 0050 - f4 bd d6 98 cb d5 eb a1-cb bb 51 9e 47 2e f1 0e ..........Q.G... 0060 - d3 2d 02 91 0d a6 f0 00-e0 0e a3 e2 68 f0 1a 13 .-..........h... 0070 - f7 06 c2 a4 2b 8a 4a 6c-55 e9 5d ff 94 f0 45 8f ....+.JlU.]...E. 0080 - 2c 07 d9 04 d1 3b 7b ef-e4 ef 78 f6 48 1d 82 8d ,....;{...x.H... 0090 - 8b bb 67 a0 a8 d2 78 99-66 e3 44 b2 6c 75 81 b9 ..g...x.f.D.lu.. 00a0 - 2d ba 77 34 -.w4 Start Time: 1305041542 Timeout : 300 (sec) Verify return code: 20 (unable to get local issuer certificate) --- * OK Gimap ready for requests from 200.199.23.105 o16if3544685ybc.111 |
Login
To login, issue the following command. The character sequence before login is a tag required before each IMAP command.
1
| tag login user@gmail.com password |
If that works you’ll see an output such as:
1
2
| * CAPABILITY IMAP4rev1 UNSELECT IDLE NAMESPACE QUOTA ID XLIST CHILDREN X-GM-EXT-1 UIDPLUS COMPRESS=DEFLATE tag OK user@gmail.com User authenticated (Success) |
List Mailboxes
Issue the following command:
1
| tag LIST "" "*" |
This produce an output such as:
1
2
3
4
5
6
7
8
9
| * LIST (\HasNoChildren) "/" "INBOX" * LIST (\HasNoChildren) "/" "Notes" * LIST (\Noselect \HasChildren) "/" "[Gmail]" * LIST (\HasNoChildren) "/" "[Gmail]/All Mail" * LIST (\HasNoChildren) "/" "[Gmail]/Drafts" * LIST (\HasNoChildren) "/" "[Gmail]/Sent Mail" * LIST (\HasNoChildren) "/" "[Gmail]/Spam" * LIST (\HasNoChildren) "/" "[Gmail]/Starred" * LIST (\HasChildren \HasNoChildren) "/" "[Gmail]/Trash" |
Select a mailbox
Next, issue the following command to select the INBOX:
1
| tag SELECT INBOX |
This produces the following output:
1
2
3
4
5
6
7
| * FLAGS (\Answered \Flagged \Draft \Deleted \Seen) * OK [PERMANENTFLAGS (\Answered \Flagged \Draft \Deleted \Seen \*)] * OK [UIDVALIDITY 2] * 6385 EXISTS * 0 RECENT * OK [UIDNEXT 29210] tag OK [READ-WRITE] INBOX selected. (Success) |
Mailbox status
Execute the following command to get the total number of messages in the selected Mailbox:
1
| tag STATUS INBOX (MESSAGES) |
The result is an output such as:
1
| * STATUS "INBOX" (MESSAGES 6388) |
Fetch header of last ten message
Execute the command:
1
| tag FETCH 6378:6388 (BODY[HEADER]) |
Fetch details regarding body of the last message
Execute the following command. The number 6388 corresponds to the number of the last message above, the first message would be 1.
1
| tag FETCH 6388 (BODY) |
Message bodies are usually multipart, you can retrieve a particular part using (n is a zero-indexed part number):
1
| tag FETCH 6388 (BODY[n]) |
Finally, to leave the IMAP session:
1
| tag LOGOUT |