Testing Email Protocols from the command line
Introduction and tools you will need to test email protocols
Have you ever wondered what sort of conversation occurs between mail servers? Here is a guide on MTA-Speak and how to see if your mail server is actually working or not, ordered by email protocols. You will need a telnet client installed to run these tests and some form of SSL for the SSL/TLS tests.
Simple Mail Transport Protocol ( SMTP)
The standard SMTP conversation is always a PUSH event (email is always SENT, never REQUESTED). It occurs when you send email from your Mail User Agent (MUA) such as Outlook or Thunderbird, and the mail server. SMTP exchanges also occur from mail server to mail server and can occur across multiple hops before the email reaches its final destination. The default ports on which we connect to SMTP are port 25 (usually for plaintext and/or non-authenticated) and port 995 for SSL. Other ports may be used and SSL/TLS can occur on any port.
Let’s see a typical SMTP session to a hypothetical server called ‘mailboss.lan’ . The italic sections are what we type, the rest is the SMTP server response.
telnet mailboss.lan 25 Trying 22.214.171.124... Connected to mailboss.lan. Escape character is '^]'. 220-mailboss.lan ESMTP Exim 4.29 #1 Mon, 28 Oct 2017 19:57:53 +0200 helo testsender.home.net 250 mailboss.lan Hello testsender.home.net [126.96.36.199] mail from:firstname.lastname@example.org 250 OK rcpt to:email@example.com 250 Accepted DATA 354 Enter message, ending with "." on a line by itself Subject: Test Testing SMTP . 250 OK id=1e9ELh-0003fA-6F quit 221 mailboss.lan closing connection Connection closed by foreign host.
If you want to test this via an SSL session, the procedure is almost the same, it just starts differently.
openssl s_client -starttls smtp -crlf -connect mailboss.lan:25 CONNECTED (followed by a lot of detail on the SSL cert - the important lines to look for are below) Server public key is 2048 bit Secure Renegotiation IS supported (the SMTP session starts after the following) Verify return code: 0 (ok) --- 250 helo testsender.home.net 250 mailboss.lan Hello testsender.home.net [188.8.131.52] ...etc.
Post Office Protocol version 3 (POP3)
telnet pop.mailboss.lan 110 Trying 184.108.40.206... Connected to pop.mailboss.lan. Escape character is '^]'. +OK The Microsoft Exchange POP3 service is ready. (this will differ according to the type of server used)
The same as for SMTP to test SSL.
openssl s_client -connect pop.mailboss.lan:995 <certificate verification output> +OK The Microsoft Exchange POP3 service is ready.
Internet Message Access Protocol (IMAP)
telnet imap.mailboss.lan 143 Trying 220.127.116.11... Connected to imap.mailboss.lan. Escape character is '^]'. +OK The Microsoft Exchange IMAP4 service is ready. (this will differ according to the type of server used)
Once again, SSL has the same syntax after the session has been secured by the certificate exchange.
openssl s_client -connect imap.mailboss.lan:993 <certificate verification output> * OK The Microsoft Exchange IMAP4 service is ready.
The commands above will work for both a Linux and a Windows mail server as the protocols are operating system agnostic and inter-system compatible. The tests are pretty simple and are a quick way to analyse server response. If you ever get a “Could not Connect/Failed to Connect” error, it means that the server OR the relevant service is not running. Conversely, if you should get a “Could not Resolve” error, it means that there is a potential DNS issue. If, however, you get a “Connection denied/refused”, this means that you are blocked by a firewall.