Debugging SMTP issues with openssl
Last updated:
The openssl s_client utility is an SSL/TLS client that connects to remote hosts. It is primarily a diagnostic tool, and it has a very large number of options. To give you an idea of how useful the utility is I will show how you can connect to a mail server and send an email.
Prepare the base64 username and password
I will use openssl s_client to connect to our Strawberry server and log in as mail@example.net. If the connection succeeds the server advertises what mechanisms you can use to log in. Usually, one of the authentication options is AUTH PLAIN. To log in using AUTH PLAIN you need to provide our username and password as a base64 encoded string.
It makes sense to get your ducks in a row before connecting to a server. You can generate the base64 string on the command line. Note that both the email address and password are prefixed with a NULL byte (\0).
$ echo -ne "\0mail@example.net\0wI8#dS5_yG8@iS" | base64 AG1haWxAZXhhbXBsZS5uZXQAd0k4I2RTNV95RzhAaVM=
Most servers also support the AUTH LOGIN mechanism. To authenticate using AUTH LOGIN you need to provide your username and password separately. You can again generate the base64 strings via the command line:
$ echo -ne "mail@example.net" | base64 bWFpbEBleGFtcGxlLm5ldA== $ echo -ne "wI8#dS5_yG8@iS" | base64 d0k4I2RTNV95RzhAaVM=
Connect to the mail server
You can now connect to the mail server. In the below command I connect using port 465. I have also added the -quiet option. This prevents session and certificate information is printed and that the session is renegotiated when we enter a command starting with the letter R. The latter is useful, as one of the commands you need to enter is RCPT TO. Without the -quiet option your session will get in a muddle.
Often, you actually want the output to be verbose. Among others, the session and certificate information include the TLS protocol and cypher, which can be useful for debugging. If you want to see that information then you need to leave out the -quiet option. To prevent that the session is renegotiated when you enter the enter the RCPT TO command you can simply type the command in lowercase.
$ openssl s_client -connect strawberry.active-ns.com:465 -quiet ... 220-strawberry.active-ns.com ESMTP Exim 4.93 #2 Mon, 08 Mar 2021 18:20:41 +0000 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
If you want to test SMTP over port 587 then you can use the -starttls option and change the port number:
$ openssl s_client -starttls smtp -connect strawberry.active-ns.com:587
And you can even test port 25. There is no need to install telnet:
$ openssl s_client -starttls smtp -connect strawberry.active-ns.com:25
Sending an email
Once you have established a connection the server waits for input. To start, say EHLO to the server. The EHLO (or HELO) command identifies us. You can either enter a domain name or IP address.
EHLO example.net 250-strawberry.active-ns.com Hello cpc123456-lndn12-2-0-cust111-isp [12.34.56.78] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-AUTH PLAIN LOGIN 250 HELP
Note that the server responds with the allowed authentication methods. The output shows that you can use AUTH PLAIN. So, you can now give the server the base64 string we created earlier:
AUTH PLAIN AG1haWxAZXhhbXBsZS5uZXQAd0k4I2RTNV95RzhAaVM= 235 Authentication succeeded
The server responded with “Authentication succeeded”. To send an email, start with the MAIL FROM: command:
MAIL FROM: mail@example.net 250 OK
The recipient of the email is specified with the above-mentioned RCPT TO: command. If you didn’t run openssl s_client with the -quiet option then you need to enter the command in lowercase (to prevent the session is renegotiated):
RCPT TO: support@catalyst2.com 250 Accepted
You can now compose your email using the DATA command. I recommend entering the From, To and Subject fields. You don’t have to do so, but if you don’t the recipient will not see these fields – they would be blank. Other than that, simply compose your message. To let the server know that you are done with your email you can enter a full stop on a line by itself (and hit the enter key). This is exactly how you exit input mode in the ed editor (though it is possible you don’t use ed on a day-to-day basis!).
DATA 354 Enter message, ending with "." on a line by itself From: mail@example.net To: support@catalyst2.com Subject: Email client recommendation I'm currently using openssl to send emails. Do you know if there are any good desktop applications that can send emails? . 250 OK id=1lJKVY-0008BF-2l
And finally, issue the QUIT command to close the session:
QUIT DONE
Featured Blogs
Virtual servers vs. physical dedicated servers: key differences you should know
To make your website visible to internet users, you must host it on a server. Choosing a server is not easy. You need to consider cost, resources, site performance, and the power of the hardware. To decide which server is right for your website, you should first familiarise yourself with different types of servers based …
Why All Small Businesses Need Email Hosting
If you’re launching your small business and require an online presence there are several things that you have to think about. You’ll want to make sure that you’re making the most of every post and ad that you create, and there are so many different ways for you to do this. First, you have to …
What is causing the global computer chip shortage (and how is it impacting prices)?
Certain types of chips, such as GPUs, have been in short supply for a long time – ever since the rise of cryptocurrency mining. However, now we’re seeing limitations hitting other parts of the market, affecting practically all semiconductors. To outside observers, the causes of the current chip shortage seem mysterious. Shortages do happen on …
What is Web 3.0?
Media personalities and tech gurus are now talking about the next evolution of the internet, dubbed web 3.0. But what exactly is it? In this post, you’ll find out. We discuss how web 3.0 relates to previous iterations of the web and how it will impact practically everything that you do online, from shopping to …
Why You Need to Purchase Your Domain Name
So you’ve started a small business. You’ve got the best selection of products and services, a well-executed business plan, and a dream of success. So now all you need is a website, a domain name and a full-proof marketing pitch. Your domain name is one of the most important. And there are so many different …
Web Hosting Rumours: Some Much-Needed Clarity
The world of IT is one that is notoriously complex, which goes some-way in explaining why there are few people that truly understand what is going on. Take, for instance, websites – although you might appreciate the need for this, there is a strong likelihood that you are clueless in relation to the way that …
Can Free Hosting Ever Topple Paid Packages?
Anyone that is trying to get their business to the next level will no-doubt appreciate the important role that their website has to play in proceedings. Irrespective of the industry that you operate in, this is a tool that, to put it simply, you cannot do without. First-and-foremost, this is the platform that prospective customers …
Factors to Consider Before Choosing a Web Hosting Service
If you’re looking to get your business off the ground, the first thing that you need is a high-quality website. Having an online presence is incredibly important to reach your target audience. Your website is a key platform for you to interact with your customer and offer a platform for your customers to make a …
Finding The Best Dedicated Server Hosting For Your Website
In this digital day and age, it is incredibly important to have a website. Regardless of which industry sector your business falls under, having an online presence will directly influence your success by providing you with the opportunity to reach more prospective customers. More so than ever before, digital marketing is something that no business …
VPS Hosting: 4 Reasons to Make the Switch Now
As a business-owner, we are sure that you will agree that there are various different tools in your possession that are crucial to the day-to-day operations that you preside over. Depending on your line-of-work, it might be the telephone system that your employees make-use of to reach out to prospective clients. Other firms might argue …
What our clients say
catalyst2 support people know their environment and how to manipulate it to the customers advantage.
