Debugging SMTP issues with openssl
Last updated:
The openssl s_client utility is an SSL/TLS client that connects to remote hosts. It is primarily a diagnostic tool, and it has a very large number of options. I won’t go through all the utility’s bells and whistles – to properly learn OpenSSL you can use the documentation or read the OpenSSL Cookbook. Instead I will show how useful the utility is by connecting to a mail server and sending an email.
Prepare the base64 username and password
I will use openssl s_client to connect to our Strawberry server and log in as mail@example.net. If the connection succeeds the server advertises what mechanisms you can use to log in. Usually, one of the authentication options is AUTH PLAIN. To log in using AUTH PLAIN you need to provide our username and password as a base64 encoded string.
As we need an encoded string it makes sense to get your ducks in a row before connecting to a server. You can generate the base64 string on the command line. Note that both the email address and password are prefixed with a NULL byte (\0).
$ echo -ne "\0mail@example.net\0wI8#dS5_yG8@iS" | base64 AG1haWxAZXhhbXBsZS5uZXQAd0k4I2RTNV95RzhAaVM=
Most servers also support the AUTH LOGIN mechanism. To authenticate using AUTH LOGIN you need to provide your username and password separately. You can again generate the base64 strings via the command line:
$ echo -ne "mail@example.net" | base64 bWFpbEBleGFtcGxlLm5ldA== $ echo -ne "wI8#dS5_yG8@iS" | base64 d0k4I2RTNV95RzhAaVM=
Connect to the mail server
You can now connect to the mail server. In the below command I connect using port 465. I have also added the -quiet option. This prevents session and certificate information is printed and that the session is renegotiated when we enter a command starting with the letter R. The latter is useful, as one of the commands you need to enter later is RCPT TO. Without the -quiet option your session will get in a muddle.
Often, you actually want the output to be verbose. Among others, the session and certificate information include the TLS protocol and cypher, which can be useful for debugging. If you want to see that information then you need to leave out the -quiet option. To prevent that the session is renegotiated when you enter the enter the RCPT TO command you can simply type the command in lowercase (i.e. rcpt to).
$ openssl s_client -connect strawberry.active-ns.com:465 -quiet ... 220-strawberry.active-ns.com ESMTP Exim 4.93 #2 Mon, 08 Mar 2021 18:20:41 +0000 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
If you want to test SMTP over port 587 then you can use the -starttls option and change the port number:
$ openssl s_client -starttls smtp -connect strawberry.active-ns.com:587
And you can even test port 25. There is no need to install telnet:
$ openssl s_client -starttls smtp -connect strawberry.active-ns.com:25
Sending an email
Once you have established a connection the server waits for input. To start, say EHLO to the server. The EHLO (or HELO) command identifies us. You can either enter a domain name or IP address.
EHLO example.net 250-strawberry.active-ns.com Hello cpc123456-lndn12-2-0-cust111-isp [12.34.56.78] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-AUTH PLAIN LOGIN 250 HELP
Note that the server responds with the allowed authentication methods. The output shows that you can use AUTH PLAIN. So, we can now give the server the base64 string we created earlier:
AUTH PLAIN AG1haWxAZXhhbXBsZS5uZXQAd0k4I2RTNV95RzhAaVM= 235 Authentication succeeded
The server responded with “Authentication succeeded”. To send an email, start with the MAIL FROM: command:
MAIL FROM: mail@example.net 250 OK
The recipient of the email is specified with the above-mentioned RCPT TO: command. If you didn’t run openssl s_client with the -quiet option then you need to enter the command in lowercase (to prevent the session is renegotiated):
RCPT TO: support@catalyst2.com 250 Accepted
And you can now compose your email using the DATA command. I recommend entering the From, To and Subject fields. You don’t have to do so, but if you don’t the recipient will not see these fields – they will be blank. Other than that, simply compose your message. To let the server know that you are done with your email you can enter a full stop on a line by itself (and hit the enter key). This is exactly how you exit input mode in the ed editor (though it is possible you don’t use ed on a day-to-day basis!).
DATA 354 Enter message, ending with "." on a line by itself From: mail@example.net To: support@catalyst2.com Subject: Email client recommendation I'm currently using openssl to send emails. Do you know if there are any good desktop applications that can send emails? . 250 OK id=1lJKVY-0008BF-2l
And finally, issue the QUIT command to close the session:
QUIT DONE
Featured Blogs
Flexible Servers; Your Short Term Solution
There’s no predicting what the future will hold and sometimes we have to be flexible with our work. This is why we’ve put together an amazing flexible service for our customers, offering short term managed servers available at a moment’s notice. But why might you need this? Well, imagine for a moment, it’s around 2pm …
What we’re doing about rising costs
Costs across the UK are rising for every business and household. From increasing costs of energy to changes in local economies, many businesses are feeling the strain. Companies like ours that rely on large quantities of power to run our service have been significantly impacted by these differences. We think it’s important to talk about …
Breaking Down Everything you Need to Know About Dedicated Servers
Finding the right server for your business can be a challenge. You have to balance the needs of your online presence with that ever so important budget. But there are so many available these days, it can be hard deciding which caters for your needs best. Here at catalyst2, we specialise in web hosting, offering …
Reasons to Invest in Disaster Recovery Service
The business world runs at a fast pace and while this can bring extraordinary highs and many successes, it can also bring incredible risks. Disaster can strike at any time and the impact of these disasters can be catastrophic for your company, they can even cause you to declare bankruptcy. This has only gotten worse …
An Introduction to AWS Management
One of the many excellent solutions that we can offer you here at catalyst2 is our AWS management. AWS stands for Amazon Web Services and it is a scalable public cloud that we can help you to set up, manage, monitor, maintain and grow. We have years of experience working with different servers and hosting …
How We Protect your Data on our Servers
The care of your customer’s data is a legal requirement but it’s also important to take care of your own data, which is why having the right security is incredibly important. Security is a vital part of our service here at catalyst2. We often get asked about how we properly protect your server data and …
Why you Should Be Upgrading to a Managed Dedicated Server
Finding the right server for your business can be a challenge. You need to find the one that meets all of your needs without compromising your budgetary restrictions. This can seem like a lot of criteria to fill, but fortunately for you, you’re here with us at catalyst2 and we can help introduce you to …
Managed vs Unmanaged Servers; Which is your Best Option?
Having an entire server dedicated to your internet presence is a great choice for your business. Our most popular solution, the dedicated server allows you a whole server to be dedicated to your business, unlike the other options available, which only offer a partial server that may be congested by other businesses. If you’re experiencing …
VPS: An Introduction to Private Servers
There is a lot to say about VPS. This Virtual Private Server from the team at catalyst 2 is designed to offer you the infrastructure that you need to build a strong online presence. All of our VPS’s are fully managed by our team at catalyst2, ensuring that they are tailored to the needs of …
Dedicated, Private or Shared; Which Server is Right for your Business?
Getting your business online is a big step forward and you don’t want to make a wrong decision right at the start. Starting off on the wrong foot with your internet presence can take a really long time for you to rectify, which will be costly and frustrating. But there’s no need to panic about …
What our clients say
catalyst2 support people know their environment and how to manipulate it to the customers advantage.
