Testing SMTP Authentication using Telnet

‎10-03-2010

SMTP authentication allows you to send email through our SMTP servers when you're not connected to our network e.g. when you're on holiday or when sending email from your smartphone. Without SMTP authentication you would *always* need to be connected via a Plusnet connection in order to send messages using our servers.
Plusnet allows customers to use SMTP authentication as long as they have a paid-for subscription account.
Your SMTP authentication credentials are either

the username and password you use to log into the Member Centre, or
a mailbox identifier of the form username+mailboxname with password for that mailboxname.

NB: You should *avoid* using secure authentication (SSL) or TLS as these features are not currently supported by our servers (although they will be in the future).
Using a mailbox identifier rather than account username is preferred from security considerations since the information is transmitted over an insecure connection.
If SMTP authentication isn't working for you then you can test it from a command line using a program called Telnet.
To do this, open a command prompt or terminal window and telnet to our SMTP server like this (note customers of vISPs other than Plusnet should amend the server address accordingly e.g. relay.force9.net if you're a Force9 customer, relay.free-online.net for Free Online):

C:\Documents and Settings\bpullen>telnet relay.plus.net 25

You should see something like this returned:

220 relay.plus.net ESMTP Exim Wed, 10 Mar 2010 12:58:17 +0000

If that doesn't connect it is possible your mobile service provider is blocking use of port 25. In this case try again replacing '25' by '587'.
Next type the following and press Enter:

ehlo relay

You should see something like this:

250-relay03.plus.net Hello relay [80.229.xxx.xxx]
250-SIZE 104857600
250-PIPELINING
250-AUTH PLAIN LOGIN
250 HELP

Next type:

auth login

You'll receive a response like this:

334 VXNlcm5hbWU6

You now need to enter your account username and password (the ones you use to log into our website), or mailbox identifier and its password (see above) but before you go ahead and do this you'll need to convert both the username and password into 'BASE64' format. This is easy to do using an online conversion tool like the one here. Simply enter your username or password and then press the 'Encode' button.
Now you've converted your login details let's enter the username in reply to the 334 response we've just received:

dXNlcm5hbWU=

You should get another 334 response:

334 UGFzc3dvcmQ6

Next enter your encoded password:

cGFzc3dvcmQ=

All being well you should get a 235 response as follows:

235 Authentication succeeded

If you receive a '535 Incorrect authentication data' response instead then there might be a problem with your account and you should raise a support ticket using the Help Assistant on our website.

RalphCorderoy · ‎12-01-2011

Given secure authentication isn't being used I think users that configure their SMTP sending to use this authentication should understand they're sending their member centre user name and password as plain text (albeit base 64 encoded) and it could be seen by a third-party and then used by them to log into the member centre.
(Logging into the member centre supplies these credentials using HTTPS so it isn't normally an issue.)

RalphCorderoy · ‎12-01-2011

On submitting the above comment I got "Your comment must be checked by a human to make sure it isn't spam. Nothing personal, we check all comments from users who are not logged in." yet I was logged in. And this comment box is again preceded by "Logged in as RalphCorderoy". Perhaps the wording needs adjusting?

Kelly · ‎12-01-2011

Yeah, it's a wording thing. I think the first couple by people who haven't had comments approved before are moderated too! Thanks for pointing that out.

bobpullen1 · ‎13-01-2011

@RalphCorderoy, we've offered SSL support in the past but it was using a self signed certificate and seemed to cause more problems for users than it was worth. That's not to say that we won't revisit the situation at some point in the future.

jelv1 · ‎01-12-2012

This needs updating to say that a mailbox user name and password can (and should) be used.

spraxyt · ‎07-12-2012

I've updated the document to provide that advice and also mentioned port 587.

HallHall · ‎17-10-2013

I am absolutely gobsmacked that a company as large as plus net put their users security at risk by having such an armature SMTP setup. Not allowing SSL/TLS encryption, and allowing plain text authentication is like something from the 1980's. It is so simple to set up a secure method of authentication, it should be the default position. There is no excuse for plain text authentication in this day and age.
Bob stated that they offered it using self signed certificates which caused problems. Of course it did. Buy a server certificate from a Trusted third party, and stop being such cheapskates, then you won't have problems. It's not like it is that expensive.
There is no excuse for poor security, especially from an ISP. Get your act together.

bobpullen1 · ‎17-10-2013

@HallHall, whilst I recognise your concerns, the SSL cert situation (of which we would need many BTW given the volume of hostnames we have) is not the sole stumbling block.
It's something we want to do but it needs prioritising against our current roadmap. Email is now optional during signup and not offered by default.
I can't imagine it will be too long before we need to revisit the email estate again. When we do, SSL/TLS will certainly be given consideration.
In the interim, you're better to use Webmail from an unsecured/public connection.