Access IMAP server from the command line using OpenSSL

In this post, we’ll use OpenSSL to gain access to an IMAP mail server. The mail server we’ll use is Google’s GMail. If you are running Linux, you should have openssl installed. On Windows, obtain and install the Win32 version of OpenSSL. If your IMAP server does not support SSL, you can use the excellent netcat utility on Linux, Ncat utility that comes with Nmap on Windows or regular telnet.


Issue the following command to begin an SSL session with the IMAP server:

openssl s_client -crlf -connect

You’ll get an output such as the following, which you can suppress using the -quiet option to the command above.

depth=1 /C=US/O=Google Inc/CN=Google Internet Authority
verify error:num=20:unable to get local issuer certificate
verify return:0
Certificate chain
 0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/
   i:/C=US/O=Google Inc/CN=Google Internet Authority
 1 s:/C=US/O=Google Inc/CN=Google Internet Authority
   i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
Server certificate
subject=/C=US/ST=California/L=Mountain View/O=Google Inc/
issuer=/C=US/O=Google Inc/CN=Google Internet Authority
No client certificate CA names sent
SSL handshake has read 1866 bytes and written 281 bytes
New, TLSv1/SSLv3, Cipher is RC4-SHA
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
    Protocol  : TLSv1
    Cipher    : RC4-SHA
    Session-ID: 2410BB675CA16A65B740B559BC10C0B406D3C48F48EB94DE48555F1E704D7A4E
    Master-Key: 5E51885143B7A320EA7EE1C5AFAA9160A716C453792C213D76FC85AADDAA89AC2C3BF1D29F567E648F5A460D8B558DFA
    Key-Arg   : None
    TLS session ticket lifetime hint: 100800 (seconds)
    TLS session ticket:
    0000 - b3 1f ec 8d cd bd 28 2e-4a 7d 78 92 d5 71 ff ef   ......(.J}x..q..
    0010 - b3 fe dd bf 03 eb 49 42-5f d5 0f 5e 5f 04 65 be   ......IB_..^_.e.
    0020 - 05 9e 6b 1c 4c d3 6b 05-1b ce 32 e4 2a 90 1b b0   ..k.L.k...2.*...
    0030 - df 8a 2b 4b e3 91 88 45-c1 97 d0 76 8a 5c b3 f2   ..+K...E...v.\..
    0040 - 0e 83 f7 d5 5c 52 44 c6-b1 bf b0 f3 42 73 5b 81   ....\RD.....Bs[.
    0050 - f4 bd d6 98 cb d5 eb a1-cb bb 51 9e 47 2e f1 0e   ..........Q.G...
    0060 - d3 2d 02 91 0d a6 f0 00-e0 0e a3 e2 68 f0 1a 13   .-..........h...
    0070 - f7 06 c2 a4 2b 8a 4a 6c-55 e9 5d ff 94 f0 45 8f   ....+.JlU.]...E.
    0080 - 2c 07 d9 04 d1 3b 7b ef-e4 ef 78 f6 48 1d 82 8d   ,....;{...x.H...
    0090 - 8b bb 67 a0 a8 d2 78 99-66 e3 44 b2 6c 75 81 b9
    00a0 - 2d ba 77 34                                       -.w4

    Start Time: 1305041542
    Timeout   : 300 (sec)
    Verify return code: 20 (unable to get local issuer certificate)
* OK Gimap ready for requests from o16if3544685ybc.111


To login, issue the following command. The character sequence before login is a tag required before each IMAP command.

tag login password

If that works you’ll see an output such as:

tag OK User authenticated (Success)

List Mailboxes

Issue the following command:

tag LIST "" "*"

This produce an output such as:

* LIST (\HasNoChildren) "/" "INBOX"
* LIST (\HasNoChildren) "/" "Notes"
* LIST (\Noselect \HasChildren) "/" "[Gmail]"
* LIST (\HasNoChildren) "/" "[Gmail]/All Mail"
* LIST (\HasNoChildren) "/" "[Gmail]/Drafts"
* LIST (\HasNoChildren) "/" "[Gmail]/Sent Mail"
* LIST (\HasNoChildren) "/" "[Gmail]/Spam"
* LIST (\HasNoChildren) "/" "[Gmail]/Starred"
* LIST (\HasChildren \HasNoChildren) "/" "[Gmail]/Trash"

Select a mailbox

Next, issue the following command to select the INBOX:


This produces the following output:

* FLAGS (\Answered \Flagged \Draft \Deleted \Seen)
* OK [PERMANENTFLAGS (\Answered \Flagged \Draft \Deleted \Seen \*)]
* 6385 EXISTS
* OK [UIDNEXT 29210]
tag OK [READ-WRITE] INBOX selected. (Success)

Mailbox status

Execute the following command to get the total number of messages in the selected Mailbox:


The result is an output such as:


Fetch header of last ten message

Execute the command:

tag FETCH 6378:6388 (BODY[HEADER])

Fetch details regarding body of the last message

Execute the following command. The number 6388 corresponds to the number of the last message above, the first message would be 1.

tag FETCH 6388 (BODY)

Message bodies are usually multipart, you can retrieve a particular part using (n is a zero-indexed part number):

tag FETCH 6388 (BODY[n])

Finally, to leave the IMAP session:

Posted in Linux, Network
17 comments on “Access IMAP server from the command line using OpenSSL
  1. Chrissss says:

    Thanks for this blog posting! I’m trying to figure out a problem with a simple script, and accessing gmail via openssl helped me to analyze the problem :)


  2. Marina says:

    Thank you! It helps figure to rule out network settings as a possible reason why an application fails. Clear and concise!

  3. I’m trying this with Google Mail and can log in – tag login me password reports authenticated success but I get no response at all from tag LIST “” “*” or tag SELECT “INBOX”
    Any suggestions?

    • Devendra says:

      I can’t think of anything in particular, Alex. I went through all the commands above with my Google Mail account and all of them worked. I used a Windows 7 laptop and the openssl command installed with the MinGW Shell.

  4. Michael deTreville says:

    I am having the same experience as Alex….tag login works, but no other tag gives any response. I have tried from several Linux distros…

  5. Jake Dylan says:

    Everything works for me. I’m using Windows 7 64bit.

    Also, you should broaden this article by adding more complex commands such as fetching attachments and messages with a particular subject.

  6. To all those who have problems performing any action other than login, the linked Superuser thread holds the answer ( Use the -crlf switch with openssl s_client if you run an operating system that doesn’t translate newlines into carriage return + linefeed: Windows users don’t need the switch, but everyone on Unixes / Linux / OS X does.

  7. Amit Gupta says:

    I need to debug COMPRESS=DEFLATE. Once I give this command google server doesn’t accept any command ?

    • Devendra says:

      I think that after you issue the COMPRESS command the communication between server and client will NOT be clear text. That may be the reason you think the server is unresponsive. If I am right, you’ll have to write a program to debug with COMPRESS.

  8. Mathieu says:

    Thanks, very useful post! There isn’t a lot of help about how to proceed with IMAP connection to GMail around.

  9. […] rescue. Devendra Tewari posted a great blog article on just this topic which I found very helpful: Ah, just what I was looking for! Now I could verify the credentials I was passing directly to […]

  10. Anonymous says:

    Thanks, it helped.

  11. Charlie says:

    Receive below error using W7:

    $ openssl s client -crlf -connect
    /usr/bin/openssl.exe: error while loading shared libraries: cygssl-1.0.0.dll: cannot open shared object file: No such file or directory

  12. Anonymous says:

    man, this is awesome, so I do not need any external mail client. you made my day

  13. onkar shedge says:

    How to download email attachments to local machine? I found the python script but is it possible to do via commandline?

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


Get every new post delivered to your Inbox.

Join 82 other followers

%d bloggers like this: