SMTP 协议抓包理解

代码

下面是一个使用 Python 自带模块进行 smtp 发信的程序(记忆中之前有某个的 ssl 库有问题,会导致smtplib.SMTP_SSL() 报错)

import smtplib
from email.mime.text import MIMEText
from email.header import Header
from email.utils import formataddr


def localSMTP():
    smtpObj = smtplib.SMTP('localhost')
    return smtpObj


def thirdSMTP(_host, _user, _password, _port=25):
    smtpObj = smtplib.SMTP(_host, _port)
    # 如果是 SSL 需要用下面的端口建立通信
    # smtpObj = smtplib.SMTP_SSL(_host, _port)
    print("connecting...")
    smtpObj.connect(_host, _port)
    print("loging...")
    smtpObj.login(_user, _password)
    return smtpObj


def sendEmail(_from, _fromname, _to, _toname, _subject, _message, _smtp):
    message = MIMEText(_message, 'html', 'utf-8')
    message['From'] = formataddr([_fromname, _from])  # 括号里的对应发件人邮箱昵称、发件人邮箱账号
    message['To'] = formataddr([_toname, _to])
    message['Subject'] = Header(_subject, 'utf-8')

    print('\n【sendemail】 from:%s(%s) to:%s(%s) subject:%s message:%s'
          % (_from, _fromname, _to, _toname, _subject, _message))
    try:
        _smtp.sendmail(_from, _to, message.as_string())
        print("邮件发送成功")
    except smtplib.SMTPException as e:
        print("Error: 无法发送邮件", e)


def Email(_to, _subject, _message):
    config = getSiteConfigDict()
    if config['smtp']['value'] == '1':
        sendEmail(config['smtpemail']['value'], config['smtpemail']['value'],
                  _to,  _to,
                  _subject, _message,
                  thirdSMTP(config['smtpservice']['value'], config['smtpuser']['value'],
                            config['smtppassword']['value'], config['smtpport']['value']))


if __name__ == '__main__':
    ThirdSMTP = thirdSMTP(
        "smtp.exmail.qq.com",
        "oyohyee@oyohyee.com",
        "密码",
        25,
    )
    sendEmail(
        "oyohyee@oyohyee.com",
        "sender",
        "oyohyee@oyohyee.com",
        "OhYee",
        "测试",
        "<a href='www.oyohyee.com'>OhYee</a>",
        ThirdSMTP,
    )

发信参数如下:

  • SMTP 服务器: smtp.exmail.qq.com:25
  • 发信验证账户: oyohyee@oyohyee.com
  • 发信人: oyohyee@oyohyee.com,名称为 sender
  • 收信人: oyohyee@oyohyee.com,名称为 OhYee
  • 邮件标题: 测试
  • 邮件正文: <a href='www.oyohyee.com'>OhYee</a>

抓包结果

简单的抓包结果如下,其中密码部分被删去

$ tcpdump port 25 -A -t -ns 0 -X -r smtp.pcap
reading from file 2.pcap, link-type EN10MB (Ethernet), snapshot length 262144
IP 172.21.33.204.41510 > 198.18.3.220.25: Flags [S], seq 1632763960, win 64240, options [mss 1460,sackOK,TS val 3567091067 ecr 0,nop,wscale 7], length 0
        0x0000:  4500 003c e969 4000 4006 b982 ac15 21cc  E..<.i@.@.....!.
        0x0010:  c612 03dc a226 0019 6152 0038 0000 0000  .....&..aR.8....
        0x0020:  a002 faf0 97fe 0000 0204 05b4 0402 080a  ................
        0x0030:  d49d 7d7b 0000 0000 0103 0307            ..}{........
IP 198.18.3.220.25 > 172.21.33.204.41510: Flags [S.], seq 456810032, ack 1632763961, win 28960, options [mss 1460,sackOK,TS val 4209887556 ecr 3567091067,nop,wscale 5], length 0
        0x0000:  4500 003c 0000 4000 3f06 a3ec c612 03dc  E..<..@.?.......
        0x0010:  ac15 21cc 0019 a226 1b3a 5e30 6152 0039  ..!....&.:^0aR.9
        0x0020:  a012 7120 ab80 0000 0204 05b4 0402 080a  ..q.............
        0x0030:  faed c944 d49d 7d7b 0103 0305            ...D..}{....
IP 172.21.33.204.41510 > 198.18.3.220.25: Flags [.], ack 1, win 502, options [nop,nop,TS val 3567091068 ecr 4209887556], length 0
        0x0000:  4500 0034 e96a 4000 4006 b989 ac15 21cc  E..4.j@.@.....!.
        0x0010:  c612 03dc a226 0019 6152 0039 1b3a 5e31  .....&..aR.9.:^1
        0x0020:  8010 01f6 97f6 0000 0101 080a d49d 7d7c  ..............}|
        0x0030:  faed c944                                ...D
IP 198.18.3.220.25 > 172.21.33.204.41510: Flags [P.], seq 1:39, ack 1, win 905, options [nop,nop,TS val 4209887659 ecr 3567091068], length 38: SMTP: 220 smtp.qq.com Esmtp QQ Mail Server
        0x0000:  4500 005a cf71 4000 3f06 d45c c612 03dc  E..Z.q@.?..\....
        0x0010:  ac15 21cc 0019 a226 1b3a 5e31 6152 0039  ..!....&.:^1aR.9
        0x0020:  8018 0389 f263 0000 0101 080a faed c9ab  .....c..........
        0x0030:  d49d 7d7c 3232 3020 736d 7470 2e71 712e  ..}|220.smtp.qq.
        0x0040:  636f 6d20 4573 6d74 7020 5151 204d 6169  com.Esmtp.QQ.Mai
        0x0050:  6c20 5365 7276 6572 0d0a                 l.Server..
IP 172.21.33.204.41510 > 198.18.3.220.25: Flags [.], ack 39, win 502, options [nop,nop,TS val 3567091172 ecr 4209887659], length 0
        0x0000:  4500 0034 e96b 4000 4006 b988 ac15 21cc  E..4.k@.@.....!.
        0x0010:  c612 03dc a226 0019 6152 0039 1b3a 5e57  .....&..aR.9.:^W
        0x0020:  8010 01f6 97f6 0000 0101 080a d49d 7de4  ..............}.
        0x0030:  faed c9ab                                ....
IP 172.21.33.204.41512 > 198.18.3.220.25: Flags [S], seq 1644386066, win 64240, options [mss 1460,sackOK,TS val 3567091179 ecr 0,nop,wscale 7], length 0
        0x0000:  4500 003c dbfc 4000 4006 c6ef ac15 21cc  E..<..@.@.....!.
        0x0010:  c612 03dc a228 0019 6203 5712 0000 0000  .....(..b.W.....
        0x0020:  a002 faf0 97fe 0000 0204 05b4 0402 080a  ................
        0x0030:  d49d 7deb 0000 0000 0103 0307            ..}.........
IP 198.18.3.220.25 > 172.21.33.204.41512: Flags [S.], seq 2824916353, ack 1644386067, win 28960, options [mss 1460,sackOK,TS val 4209887668 ecr 3567091179,nop,wscale 5], length 0
        0x0000:  4500 003c 0000 4000 3f06 a3ec c612 03dc  E..<..@.?.......
        0x0010:  ac15 21cc 0019 a228 a860 cd81 6203 5713  ..!....(.`..b.W.
        0x0020:  a012 7120 569b 0000 0204 05b4 0402 080a  ..q.V...........
        0x0030:  faed c9b4 d49d 7deb 0103 0305            ......}.....
IP 172.21.33.204.41512 > 198.18.3.220.25: Flags [.], ack 1, win 502, options [nop,nop,TS val 3567091181 ecr 4209887668], length 0
        0x0000:  4500 0034 dbfd 4000 4006 c6f6 ac15 21cc  E..4..@.@.....!.
        0x0010:  c612 03dc a228 0019 6203 5713 a860 cd82  .....(..b.W..`..
        0x0020:  8010 01f6 97f6 0000 0101 080a d49d 7ded  ..............}.
        0x0030:  faed c9b4                                ....
IP 172.21.33.204.41510 > 198.18.3.220.25: Flags [F.], seq 1, ack 39, win 502, options [nop,nop,TS val 3567091181 ecr 4209887659], length 0
        0x0000:  4500 0034 e96c 4000 4006 b987 ac15 21cc  E..4.l@.@.....!.
        0x0010:  c612 03dc a226 0019 6152 0039 1b3a 5e57  .....&..aR.9.:^W
        0x0020:  8011 01f6 97f6 0000 0101 080a d49d 7ded  ..............}.
        0x0030:  faed c9ab                                ....
IP 198.18.3.220.25 > 172.21.33.204.41510: Flags [F.], seq 39, ack 2, win 905, options [nop,nop,TS val 4209887672 ecr 3567091181], length 0
        0x0000:  4500 0034 cf72 4000 3f06 d481 c612 03dc  E..4.r@.?.......
        0x0010:  ac15 21cc 0019 a226 1b3a 5e57 6152 003a  ..!....&.:^WaR.:
        0x0020:  8011 0389 46d4 0000 0101 080a faed c9b8  ....F...........
        0x0030:  d49d 7ded                                ..}.
IP 172.21.33.204.41510 > 198.18.3.220.25: Flags [.], ack 40, win 502, options [nop,nop,TS val 3567091185 ecr 4209887672], length 0
        0x0000:  4500 0034 e96d 4000 4006 b986 ac15 21cc  E..4.m@.@.....!.
        0x0010:  c612 03dc a226 0019 6152 003a 1b3a 5e58  .....&..aR.:.:^X
        0x0020:  8010 01f6 97f6 0000 0101 080a d49d 7df1  ..............}.
        0x0030:  faed c9b8                                ....
IP 198.18.3.220.25 > 172.21.33.204.41512: Flags [P.], seq 1:39, ack 1, win 905, options [nop,nop,TS val 4209887771 ecr 3567091181], length 38: SMTP: 220 smtp.qq.com Esmtp QQ Mail Server
        0x0000:  4500 005a 8c8c 4000 3f06 1742 c612 03dc  E..Z..@.?..B....
        0x0010:  ac15 21cc 0019 a228 a860 cd82 6203 5713  ..!....(.`..b.W.
        0x0020:  8018 0389 9d7d 0000 0101 080a faed ca1b  .....}..........
        0x0030:  d49d 7ded 3232 3020 736d 7470 2e71 712e  ..}.220.smtp.qq.
        0x0040:  636f 6d20 4573 6d74 7020 5151 204d 6169  com.Esmtp.QQ.Mai
        0x0050:  6c20 5365 7276 6572 0d0a                 l.Server..
IP 172.21.33.204.41512 > 198.18.3.220.25: Flags [.], ack 39, win 502, options [nop,nop,TS val 3567091284 ecr 4209887771], length 0
        0x0000:  4500 0034 dbfe 4000 4006 c6f5 ac15 21cc  E..4..@.@.....!.
        0x0010:  c612 03dc a228 0019 6203 5713 a860 cda8  .....(..b.W..`..
        0x0020:  8010 01f6 97f6 0000 0101 080a d49d 7e54  ..............~T
        0x0030:  faed ca1b                                ....
IP 172.21.33.204.41512 > 198.18.3.220.25: Flags [P.], seq 1:25, ack 39, win 502, options [nop,nop,TS val 3567091284 ecr 4209887771], length 24: SMTP: ehlo OhYee.localdomain
        0x0000:  4500 004c dbff 4000 4006 c6dc ac15 21cc  E..L..@.@.....!.
        0x0010:  c612 03dc a228 0019 6203 5713 a860 cda8  .....(..b.W..`..
        0x0020:  8018 01f6 980e 0000 0101 080a d49d 7e54  ..............~T
        0x0030:  faed ca1b 6568 6c6f 204f 6859 6565 2e6c  ....ehlo.OhYee.l
        0x0040:  6f63 616c 646f 6d61 696e 0d0a            ocaldomain..
IP 198.18.3.220.25 > 172.21.33.204.41512: Flags [.], ack 25, win 905, options [nop,nop,TS val 4209887774 ecr 3567091284], length 0
        0x0000:  4500 0034 8c8d 4000 3f06 1767 c612 03dc  E..4..@.?..g....
        0x0010:  ac15 21cc 0019 a228 a860 cda8 6203 572b  ..!....(.`..b.W+
        0x0020:  8010 0389 f1eb 0000 0101 080a faed ca1e  ................
        0x0030:  d49d 7e54                                ..~T
IP 198.18.3.220.25 > 172.21.33.204.41512: Flags [P.], seq 39:175, ack 25, win 905, options [nop,nop,TS val 4209887824 ecr 3567091284], length 136: SMTP: 250-smtp.qq.com
        0x0000:  4500 00bc 8c8e 4000 3f06 16de c612 03dc  E.....@.?.......
        0x0010:  ac15 21cc 0019 a228 a860 cda8 6203 572b  ..!....(.`..b.W+
        0x0020:  8018 0389 d0aa 0000 0101 080a faed ca50  ...............P
        0x0030:  d49d 7e54 3235 302d 736d 7470 2e71 712e  ..~T250-smtp.qq.
        0x0040:  636f 6d0d 0a32 3530 2d50 4950 454c 494e  com..250-PIPELIN
        0x0050:  494e 470d 0a32 3530 2d53 495a 4520 3733  ING..250-SIZE.73
        0x0060:  3430 3033 3230 0d0a 3235 302d 5354 4152  400320..250-STAR
        0x0070:  5454 4c53 0d0a 3235 302d 4155 5448 204c  TTLS..250-AUTH.L
        0x0080:  4f47 494e 2050 4c41 494e 0d0a 3235 302d  OGIN.PLAIN..250-
        0x0090:  4155 5448 3d4c 4f47 494e 0d0a 3235 302d  AUTH=LOGIN..250-
        0x00a0:  4d41 494c 434f 4d50 5245 5353 0d0a 3235  MAILCOMPRESS..25
        0x00b0:  3020 3842 4954 4d49 4d45 0d0a            0.8BITMIME..
IP 172.21.33.204.41512 > 198.18.3.220.25: Flags [.], ack 175, win 501, options [nop,nop,TS val 3567091337 ecr 4209887824], length 0
        0x0000:  4500 0034 dc00 4000 4006 c6f3 ac15 21cc  E..4..@.@.....!.
        0x0010:  c612 03dc a228 0019 6203 572b a860 ce30  .....(..b.W+.`.0
        0x0020:  8010 01f5 97f6 0000 0101 080a d49d 7e89  ..............~.
        0x0030:  faed ca50                                ...P
IP 172.21.33.204.41512 > 198.18.3.220.25: Flags [P.], seq 25:82, ack 175, win 501, options [nop,nop,TS val 3567091338 ecr 4209887824], length 57: SMTP: AUTH PLAIN XXXXXXXXX(账户密码)
        0x0000:  4500 006d dc01 4000 4006 c6b9 ac15 21cc  E..m..@.@.....!.
        0x0010:  c612 03dc a228 0019 6203 572b a860 ce30  .....(..b.W+.`.0
        0x0020:  8018 01f5 982f 0000 0101 080a d49d 7e8a  ...../........~.
        0x0030:  faed ca50 4155 5448 2050 4c41 494e 2041  ...PAUTH.PLAIN.A
		XXXXXXXXX(账户密码)
IP 198.18.3.220.25 > 172.21.33.204.41512: Flags [.], ack 82, win 905, options [nop,nop,TS val 4209887827 ecr 3567091338], length 0
        0x0000:  4500 0034 8c8f 4000 3f06 1765 c612 03dc  E..4..@.?..e....
        0x0010:  ac15 21cc 0019 a228 a860 ce30 6203 5764  ..!....(.`.0b.Wd
        0x0020:  8010 0389 f0bf 0000 0101 080a faed ca53  ...............S
        0x0030:  d49d 7e8a                                ..~.
IP 198.18.3.220.25 > 172.21.33.204.41512: Flags [P.], seq 175:206, ack 82, win 905, options [nop,nop,TS val 4209887989 ecr 3567091338], length 31: SMTP: 235 Authentication successful
        0x0000:  4500 0053 8c90 4000 3f06 1745 c612 03dc  E..S..@.?..E....
        0x0010:  ac15 21cc 0019 a228 a860 ce30 6203 5764  ..!....(.`.0b.Wd
        0x0020:  8018 0389 6882 0000 0101 080a faed caf5  ....h...........
        0x0030:  d49d 7e8a 3233 3520 4175 7468 656e 7469  ..~.235.Authenti
        0x0040:  6361 7469 6f6e 2073 7563 6365 7373 6675  cation.successfu
        0x0050:  6c0d 0a                                  l..
IP 172.21.33.204.41512 > 198.18.3.220.25: Flags [.], ack 206, win 501, options [nop,nop,TS val 3567091502 ecr 4209887989], length 0
        0x0000:  4500 0034 dc02 4000 4006 c6f1 ac15 21cc  E..4..@.@.....!.
        0x0010:  c612 03dc a228 0019 6203 5764 a860 ce4f  .....(..b.Wd.`.O
        0x0020:  8010 01f5 97f6 0000 0101 080a d49d 7f2e  ................
        0x0030:  faed caf5                                ....
IP 172.21.33.204.41512 > 198.18.3.220.25: Flags [P.], seq 82:124, ack 206, win 501, options [nop,nop,TS val 3567091507 ecr 4209887989], length 42: SMTP: mail FROM:<oyohyee@oyohyee.com> size=248
        0x0000:  4500 005e dc03 4000 4006 c6c6 ac15 21cc  E..^..@.@.....!.
        0x0010:  c612 03dc a228 0019 6203 5764 a860 ce4f  .....(..b.Wd.`.O
        0x0020:  8018 01f5 9820 0000 0101 080a d49d 7f33  ...............3
        0x0030:  faed caf5 6d61 696c 2046 524f 4d3a 3c6f  ....mail.FROM:<o
        0x0040:  796f 6879 6565 406f 796f 6879 6565 2e63  yohyee@oyohyee.c
        0x0050:  6f6d 3e20 7369 7a65 3d32 3438 0d0a       om>.size=248..
IP 198.18.3.220.25 > 172.21.33.204.41512: Flags [.], ack 124, win 905, options [nop,nop,TS val 4209887996 ecr 3567091507], length 0
        0x0000:  4500 0034 8c91 4000 3f06 1763 c612 03dc  E..4..@.?..c....
        0x0010:  ac15 21cc 0019 a228 a860 ce4f 6203 578e  ..!....(.`.Ob.W.
        0x0020:  8010 0389 ef24 0000 0101 080a faed cafc  .....$..........
        0x0030:  d49d 7f33                                ...3
IP 198.18.3.220.25 > 172.21.33.204.41512: Flags [P.], seq 206:214, ack 124, win 905, options [nop,nop,TS val 4209888090 ecr 3567091507], length 8: SMTP: 250 Ok
        0x0000:  4500 003c 8c92 4000 3f06 175a c612 03dc  E..<..@.?..Z....
        0x0010:  ac15 21cc 0019 a228 a860 ce4f 6203 578e  ..!....(.`.Ob.W.
        0x0020:  8018 0389 2fec 0000 0101 080a faed cb5a  ..../..........Z
        0x0030:  d49d 7f33 3235 3020 4f6b 0d0a            ...3250.Ok..
IP 172.21.33.204.41512 > 198.18.3.220.25: Flags [P.], seq 124:155, ack 214, win 501, options [nop,nop,TS val 3567091603 ecr 4209888090], length 31: SMTP: rcpt TO:<oyohyee@oyohyee.com>
        0x0000:  4500 0053 dc04 4000 4006 c6d0 ac15 21cc  E..S..@.@.....!.
        0x0010:  c612 03dc a228 0019 6203 578e a860 ce57  .....(..b.W..`.W
        0x0020:  8018 01f5 9815 0000 0101 080a d49d 7f93  ................
        0x0030:  faed cb5a 7263 7074 2054 4f3a 3c6f 796f  ...Zrcpt.TO:<oyo
        0x0040:  6879 6565 406f 796f 6879 6565 2e63 6f6d  hyee@oyohyee.com
        0x0050:  3e0d 0a                                  >..
IP 198.18.3.220.25 > 172.21.33.204.41512: Flags [.], ack 155, win 905, options [nop,nop,TS val 4209888092 ecr 3567091603], length 0
        0x0000:  4500 0034 8c93 4000 3f06 1761 c612 03dc  E..4..@.?..a....
        0x0010:  ac15 21cc 0019 a228 a860 ce57 6203 57ad  ..!....(.`.Wb.W.
        0x0020:  8010 0389 ee3d 0000 0101 080a faed cb5c  .....=.........\
        0x0030:  d49d 7f93                                ....
IP 198.18.3.220.25 > 172.21.33.204.41512: Flags [P.], seq 214:222, ack 155, win 905, options [nop,nop,TS val 4209888151 ecr 3567091603], length 8: SMTP: 250 Ok
        0x0000:  4500 003c 8c94 4000 3f06 1758 c612 03dc  E..<..@.?..X....
        0x0010:  ac15 21cc 0019 a228 a860 ce57 6203 57ad  ..!....(.`.Wb.W.
        0x0020:  8018 0389 2f28 0000 0101 080a faed cb97  ..../(..........
        0x0030:  d49d 7f93 3235 3020 4f6b 0d0a            ....250.Ok..
IP 172.21.33.204.41512 > 198.18.3.220.25: Flags [P.], seq 155:161, ack 222, win 501, options [nop,nop,TS val 3567091664 ecr 4209888151], length 6: SMTP: data
        0x0000:  4500 003a dc05 4000 4006 c6e8 ac15 21cc  E..:..@.@.....!.
        0x0010:  c612 03dc a228 0019 6203 57ad a860 ce5f  .....(..b.W..`._
        0x0020:  8018 01f5 97fc 0000 0101 080a d49d 7fd0  ................
        0x0030:  faed cb97 6461 7461 0d0a                 ....data..
IP 198.18.3.220.25 > 172.21.33.204.41512: Flags [.], ack 161, win 905, options [nop,nop,TS val 4209888153 ecr 3567091664], length 0
        0x0000:  4500 0034 8c95 4000 3f06 175f c612 03dc  E..4..@.?.._....
        0x0010:  ac15 21cc 0019 a228 a860 ce5f 6203 57b3  ..!....(.`._b.W.
        0x0020:  8010 0389 edb5 0000 0101 080a faed cb99  ................
        0x0030:  d49d 7fd0                                ....
IP 198.18.3.220.25 > 172.21.33.204.41512: Flags [P.], seq 222:259, ack 161, win 905, options [nop,nop,TS val 4209888202 ecr 3567091664], length 37: SMTP: 354 End data with <CR><LF>.<CR><LF>
        0x0000:  4500 0059 8c96 4000 3f06 1739 c612 03dc  E..Y..@.?..9....
        0x0010:  ac15 21cc 0019 a228 a860 ce5f 6203 57b3  ..!....(.`._b.W.
        0x0020:  8018 0389 bc7a 0000 0101 080a faed cbca  .....z..........
        0x0030:  d49d 7fd0 3335 3420 456e 6420 6461 7461  ....354.End.data
        0x0040:  2077 6974 6820 3c43 523e 3c4c 463e 2e3c  .with.<CR><LF>.<
        0x0050:  4352 3e3c 4c46 3e0d 0a                   CR><LF>..
IP 172.21.33.204.41512 > 198.18.3.220.25: Flags [P.], seq 161:412, ack 259, win 501, options [nop,nop,TS val 3567091714 ecr 4209888202], length 251: SMTP: Content-Type: text/html; charset="utf-8"
        0x0000:  4500 012f dc06 4000 4006 c5f2 ac15 21cc  E../..@.@.....!.
        0x0010:  c612 03dc a228 0019 6203 57b3 a860 ce84  .....(..b.W..`..
        0x0020:  8018 01f5 98f1 0000 0101 080a d49d 8002  ................
        0x0030:  faed cbca 436f 6e74 656e 742d 5479 7065  ....Content-Type
        0x0040:  3a20 7465 7874 2f68 746d 6c3b 2063 6861  :.text/html;.cha
        0x0050:  7273 6574 3d22 7574 662d 3822 0d0a 4d49  rset="utf-8"..MI
        0x0060:  4d45 2d56 6572 7369 6f6e 3a20 312e 300d  ME-Version:.1.0.
        0x0070:  0a43 6f6e 7465 6e74 2d54 7261 6e73 6665  .Content-Transfe
        0x0080:  722d 456e 636f 6469 6e67 3a20 6261 7365  r-Encoding:.base
        0x0090:  3634 0d0a 4672 6f6d 3a20 7365 6e64 6572  64..From:.sender
        0x00a0:  203c 6f79 6f68 7965 6540 6f79 6f68 7965  .<oyohyee@oyohye
        0x00b0:  652e 636f 6d3e 0d0a 546f 3a20 4f68 5965  e.com>..To:.OhYe
        0x00c0:  6520 3c6f 796f 6879 6565 406f 796f 6879  e.<oyohyee@oyohy
        0x00d0:  6565 2e63 6f6d 3e0d 0a53 7562 6a65 6374  ee.com>..Subject
        0x00e0:  3a20 3d3f 7574 662d 383f 623f 3572 574c  :.=?utf-8?b?5rWL
        0x00f0:  364b 2b56 3f3d 0d0a 0d0a 5047 4567 6148  6K+V?=....PGEgaH
        0x0100:  4a6c 5a6a 306e 6433 6433 4c6d 3935 6232  JlZj0nd3d3Lm95b2
        0x0110:  6835 5a57 5575 5932 3974 4a7a 3550 6146  h5ZWUuY29tJz5PaF
        0x0120:  6c6c 5a54 7776 5954 343d 0d0a 2e0d 0a    llZTwvYT4=.....
IP 198.18.3.220.25 > 172.21.33.204.41512: Flags [.], ack 412, win 939, options [nop,nop,TS val 4209888204 ecr 3567091714], length 0
        0x0000:  4500 0034 8c97 4000 3f06 175d c612 03dc  E..4..@.?..]....
        0x0010:  ac15 21cc 0019 a228 a860 ce84 6203 58ae  ..!....(.`..b.X.
        0x0020:  8010 03ab ec0e 0000 0101 080a faed cbcc  ................
        0x0030:  d49d 8002                                ....
IP 198.18.3.220.25 > 172.21.33.204.41512: Flags [P.], seq 259:279, ack 412, win 939, options [nop,nop,TS val 4209889083 ecr 3567091714], length 20: SMTP: 250 Ok: queued as
        0x0000:  4500 0048 8c98 4000 3f06 1748 c612 03dc  E..H..@.?..H....
        0x0010:  ac15 21cc 0019 a228 a860 ce84 6203 58ae  ..!....(.`..b.X.
        0x0020:  8018 03ab 1fc8 0000 0101 080a faed cf3b  ...............;
        0x0030:  d49d 8002 3235 3020 4f6b 3a20 7175 6575  ....250.Ok:.queu
        0x0040:  6564 2061 7320 0d0a                      ed.as...
IP 172.21.33.204.41512 > 198.18.3.220.25: Flags [F.], seq 412, ack 279, win 501, options [nop,nop,TS val 3567092603 ecr 4209889083], length 0
        0x0000:  4500 0034 dc07 4000 4006 c6ec ac15 21cc  E..4..@.@.....!.
        0x0010:  c612 03dc a228 0019 6203 58ae a860 ce98  .....(..b.X..`..
        0x0020:  8011 01f5 97f6 0000 0101 080a d49d 837b  ...............{
        0x0030:  faed cf3b                                ...;
IP 198.18.3.220.25 > 172.21.33.204.41512: Flags [F.], seq 279, ack 413, win 939, options [nop,nop,TS val 4209889093 ecr 3567092603], length 0
        0x0000:  4500 0034 8c99 4000 3f06 175b c612 03dc  E..4..@.?..[....
        0x0010:  ac15 21cc 0019 a228 a860 ce98 6203 58af  ..!....(.`..b.X.
        0x0020:  8011 03ab e506 0000 0101 080a faed cf45  ...............E
        0x0030:  d49d 837b                                ...{
IP 172.21.33.204.41512 > 198.18.3.220.25: Flags [.], ack 280, win 501, options [nop,nop,TS val 3567092605 ecr 4209889093], length 0
        0x0000:  4500 0034 dc08 4000 4006 c6eb ac15 21cc  E..4..@.@.....!.
        0x0010:  c612 03dc a228 0019 6203 58af a860 ce99  .....(..b.X..`..
        0x0020:  8010 01f5 97f6 0000 0101 080a d49d 837d  ...............}
        0x0030:  faed cf45                                ...E

解析

由于内容包含不需要讨论的 TCP 部分,因此单独将 SMTP 部分给选取出来

客户端服务端"220 smtp.qq.com Esmtp QQ Mail Server""ehlo OhYee.localdomain""250-smtp.qq.com""250-PIPELINING""250-SIZE 73400320""250->STARTTLS""250->AUTH LOGIN PLAIN""250->AUTH=LOGIN""250->MAILCOMPRESS""250->8BITMIME"par[一个 TCP 报文内发送]"AUTH PLAIN AG95......""235 Authentication successful""mail FROM:<oyohyee@oyohyee.com> size=248""250 Ok""rcpt TO:<oyohyee@oyohyee.com>""250 Ok""data""354 End data with <CR><LF>.<CRLF>""邮件内容(IMF 格式 )Content-Type: text/html; charset="utf-8"MIME-Version: 1.0Content-Transfer-Encoding: base64From: sender <oyohyee@oyohyee.com>To: OhYee <oyohyee@oyohyee.com>Subject: =?utf-8?b?5rWL6K+V?= PGEgaHJlZj0nd3d3Lm95b2h5ZWUuY29tJz5PaFllZTwvYT4= "250 Ok : queued as"客户端服务端

简单来说,实际上就是客户端连接到服务端后,服务端声明自己是一个 SMTP 服务器,且使用扩展 SMTP 协议(Esmtp)

双方交换自己的主机名,并且客户端给出自己支持的内容(如何验证身份,发信格式)

客户端使用 base64 编码自己的用户名和密码,发送给服务端进行验证。服务端验证成功后,返回成功码

客户端发送发件人信息、收件人信息,客户端确认接收

客户端申请发送邮件内容,服务端告知结束符,客户端以 IMF 格式发送邮件内容


在不使用加密的情况下, 通信内容是完全铭文传输的,仅仅只有一个简单的 base64 编码作为保护

如果选择使用 SSL 加密,那么只能看到加密后的应用数据,但是由于 SMTP 属于简单的一问一答形式的通信,因此仍然具有较为明显的时空特性

  • 由于一问一答的形式,因此每组对话都有明显的间隔与分割(不像一些支持全双工的协议,多组数据可能会混合到一起发送)
  • TLS 本身不对包长度进行加密(没有流量填充机制)

将上面的代码改为使用 SMTP over TLS 通信(修改端口为 465,并且把 smtplib.SMTP() 修改为 smtplib.SMTP_SSL(),则可以发现,尽管数据完全被加密了,但是数据包仍然为 13 个数据包,并且可以看到第 7 个数据包和第 9 个数据包长度都是 64(原本都是 8 字节的 "250 Ok\r\n")。借助于类似的特性,仍然可以将一个完全加密的协议,视为 SMTP 协议、

如果是老版本的 TLS,可以从 TLS 的 SNI 部分获取域名。但即使是新版本的 TLS,也可以借助 DNS 反向解析来获取域名结果

参考资料