Checking IMAP for a Pulse

When you don't trust your mail client to tell you everything.

I have been having trouble receiving email from Gmail via IMAP today. The Google Apps status dashboard does not reveal anything is wrong, so lets go spelunking!

We use openssl to make the connection to transparently handle the TLS connection:

$ openssl s_client -crlf -connect imap.gmail.com:993
* OK Gimap ready for requests from 172.218.163.116 zh1mb199258645pbc

We have a connection! The -crlf is critical for Gmail as the line endings are important to the "Gimap" server (and the protocol in general, but other servers I have tested are more accepting). If you weren't using encryption, you would nc imap.gmail.com 143 instead of using OpenSSL.

Lets poke the server a little.


IMAP commands are generally a single line of space-separated arguments. The first is a "tag", which is only echoed at the start of the response for identification purposes. The second is the command, and anything remaining is an argument. (See RFC 1730 for more.)

So first, lets send an invalid request (because we can):

invalidrequest
* BAD invalid tag zh1mb199258645pbc

So we can see the server is responding a little. Let's see if the server can describe itself:

a1 CAPABILITY
* CAPABILITY IMAP4rev1 UNSELECT IDLE NAMESPACE QUOTA ID XLIST CHILDREN X-GM-EXT-1 XYZZY SASL-IR AUTH=XOAUTH AUTH=XOAUTH2 AUTH=PLAIN AUTH=PLAIN-CLIENTTOKEN
a1 OK Thats all she wrote! zh1mb199258645pbc

Ok. Let's try to login:

a2 LOGIN example@gmail.com Pa55word
a2 NO [ALERT] Too many simultaneous connections. (Failure)

That explains that.

Posted . Categories: .