Debugging SMTP issues with openssl
Last updated:
The openssl s_client utility is an SSL/TLS client that connects to remote hosts. It is primarily a diagnostic tool, and it has a very large number of options. I won’t go through all the utility’s bells and whistles – to properly learn OpenSSL you can use the documentation or read the OpenSSL Cookbook. Instead I will show how useful the utility is by connecting to a mail server and sending an email.
Prepare the base64 username and password
I will use openssl s_client to connect to our Strawberry server and log in as mail@example.net. If the connection succeeds the server advertises what mechanisms you can use to log in. Usually, one of the authentication options is AUTH PLAIN. To log in using AUTH PLAIN you need to provide our username and password as a base64 encoded string.
As we need an encoded string it makes sense to get your ducks in a row before connecting to a server. You can generate the base64 string on the command line. Note that both the email address and password are prefixed with a NULL byte (\0).
$ echo -ne "\0mail@example.net\0wI8#dS5_yG8@iS" | base64 AG1haWxAZXhhbXBsZS5uZXQAd0k4I2RTNV95RzhAaVM=
Most servers also support the AUTH LOGIN mechanism. To authenticate using AUTH LOGIN you need to provide your username and password separately. You can again generate the base64 strings via the command line:
$ echo -ne "mail@example.net" | base64 bWFpbEBleGFtcGxlLm5ldA== $ echo -ne "wI8#dS5_yG8@iS" | base64 d0k4I2RTNV95RzhAaVM=
Connect to the mail server
You can now connect to the mail server. In the below command I connect using port 465. I have also added the -quiet option. This prevents session and certificate information is printed and that the session is renegotiated when we enter a command starting with the letter R. The latter is useful, as one of the commands you need to enter later is RCPT TO. Without the -quiet option your session will get in a muddle.
Often, you actually want the output to be verbose. Among others, the session and certificate information include the TLS protocol and cypher, which can be useful for debugging. If you want to see that information then you need to leave out the -quiet option. To prevent that the session is renegotiated when you enter the enter the RCPT TO command you can simply type the command in lowercase (i.e. rcpt to).
$ openssl s_client -connect strawberry.active-ns.com:465 -quiet ... 220-strawberry.active-ns.com ESMTP Exim 4.93 #2 Mon, 08 Mar 2021 18:20:41 +0000 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
If you want to test SMTP over port 587 then you can use the -starttls option and change the port number:
$ openssl s_client -starttls smtp -connect strawberry.active-ns.com:587
And you can even test port 25. There is no need to install telnet:
$ openssl s_client -starttls smtp -connect strawberry.active-ns.com:25
Sending an email
Once you have established a connection the server waits for input. To start, say EHLO to the server. The EHLO (or HELO) command identifies us. You can either enter a domain name or IP address.
EHLO example.net 250-strawberry.active-ns.com Hello cpc123456-lndn12-2-0-cust111-isp [12.34.56.78] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-AUTH PLAIN LOGIN 250 HELP
Note that the server responds with the allowed authentication methods. The output shows that you can use AUTH PLAIN. So, we can now give the server the base64 string we created earlier:
AUTH PLAIN AG1haWxAZXhhbXBsZS5uZXQAd0k4I2RTNV95RzhAaVM= 235 Authentication succeeded
The server responded with “Authentication succeeded”. To send an email, start with the MAIL FROM: command:
MAIL FROM: mail@example.net 250 OK
The recipient of the email is specified with the above-mentioned RCPT TO: command. If you didn’t run openssl s_client with the -quiet option then you need to enter the command in lowercase (to prevent the session is renegotiated):
RCPT TO: support@catalyst2.com 250 Accepted
And you can now compose your email using the DATA command. I recommend entering the From, To and Subject fields. You don’t have to do so, but if you don’t the recipient will not see these fields – they will be blank. Other than that, simply compose your message. To let the server know that you are done with your email you can enter a full stop on a line by itself (and hit the enter key). This is exactly how you exit input mode in the ed editor (though it is possible you don’t use ed on a day-to-day basis!).
DATA 354 Enter message, ending with "." on a line by itself From: mail@example.net To: support@catalyst2.com Subject: Email client recommendation I'm currently using openssl to send emails. Do you know if there are any good desktop applications that can send emails? . 250 OK id=1lJKVY-0008BF-2l
And finally, issue the QUIT command to close the session:
QUIT DONE
Featured Blogs
How Managed Dedicated Servers Can Impact Your Website’s ROI
Having a good online presence is crucial for businesses of all sizes. A high-performing website not only acts as a virtual storefront but also provides a powerful tool for marketing and revenue generation. Although there are costs associated with website development, maintenance and online marketing campaigns, your return on investment (ROI) can be significant if …
The Importance of Regular Server Backups
Without a server, your website wouldn’t be visible on the internet. A server provides the infrastructure and resources you need to deliver your website pages to visitors, and it’s key to ensure you’re choosing the right server for your needs. From Virtual Private Servers and cloud servers to dedicated servers, there is a wide range …
Useful Server Advice for Start-Up Businesses
In today’s digitally driven world, a website is a key marketing tool for start-up businesses. As you venture into new and exciting markets, a well-designed website is crucial for helping you to establish an online presence and engage with potential customers. It acts as a platform to showcase your products, services and USPs. Not to …
What is Server Downtime and How Can it be Avoided?
More so than ever before, people are reliant on the internet to find the products or services they need. So, server downtime can have a significant impact on businesses of all sizes. It is particularly detrimental to e-commerce businesses and those who operate solely online, and the importance of finding a reliable hosting solution can’t …
Maximising Website Performance With a Dedicated Server
More so than ever before, a website is a crucial aspect of any business. It’s often the first point of contact between a company and prospective customers, and it can have a direct impact on whether or not someone chooses to invest in their products or services. Therefore, it’s essential to ensure that any website …
Why VPS Hosting is the Perfect Solution for Growing Websites
In today’s digital age, having a good online presence is essential if you want to grow your business and expand into new markets. With more and more people relying on the internet to find products and services, having a website is no longer optional, but a necessity. Arguably, websites are even more important for smaller, …
The Importance of Server Security
With the increasing importance of the internet in our lives, websites have become the online faces of businesses, providing a platform for customers to learn more about brands and their products or services. A website is often the first point of contact between a potential customer and a business, and it’s become a critical component …
Common Misconceptions About Dedicated Server Hosting
Dedicated servers are becoming an increasingly popular solution for businesses that are looking for enhanced reliability for their websites or applications. With dedicated server hosting, businesses have an entire server dedicated to their needs, providing them with full control and flexibility over their hosting environment. Unlike shared hosting, where multiple users share the resources of …
Finding the Best Server Solution for a High-Traffic Website
High-traffic websites are websites that attract a large volume of visitors. These websites often have large user bases, provide a wide range of services and generate significant revenue. Examples of common high-traffic websites include online retail stores, news websites, social media channels and video-streaming services. When you have a high-traffic website, it’s incredibly important to …
What to Look For in a Dedicated Server Hosting Provider
Dedicated website servers are the ultimate solution for businesses looking for the highest level of performance and reliability. When compared to shared hosting solutions, they offer more control, flexibility and scalability, and they can be tailored to meet the needs of any website. They provide dedicated resources to ensure that websites run efficiently and securely, …
What our clients say
We really rate catalyst2. We get a great response from the team… really happy with the service.
