Debugging SMTP issues with openssl
The openssl s_client utility is an SSL/TLS client that connects to remote hosts. It’s primarily a diagnostic tool, and it has a very large number of options. To give you an idea of how useful the utility is I’ll show you how you can connect to a mail server and send an email.
Prepare the base64 username and password
I’ll use openssl s_client to connect to our Strawberry server and log in as mail@example.net. If the connection succeeds the server advertises what mechanisms you can use to log in. Usually, one of the authentication options is AUTH PLAIN. To log in using AUTH PLAIN you need to provide our username and password as a base64 encoded string.
It makes sense to get your ducks in a row before connecting to a server. You can generate the base64 string on the command line. Note that both the email address and password are prefixed with a NULL byte (\0).
$ echo -ne "\0mail@example.net\0wI8#dS5_yG8@iS" | base64 AG1haWxAZXhhbXBsZS5uZXQAd0k4I2RTNV95RzhAaVM=
Most servers also support the AUTH LOGIN mechanism. To authenticate using AUTH LOGIN you need to provide your username and password separately. You can again generate the base64 strings via the command line:
$ echo -ne "mail@example.net" | base64 bWFpbEBleGFtcGxlLm5ldA== $ echo -ne "wI8#dS5_yG8@iS" | base64 d0k4I2RTNV95RzhAaVM=
Connect to the mail server
You can now connect to the mail server. In the below command I’m connecting to port 465. I’ve also added the -quiet option. This prevents session and certificate information is printed and that the session is renegotiated when we enter a command starting with the letter R. The latter is useful, as one of the commands you need to enter is RCPT TO.
Often, you actually want the output to be verbose. The session and certificate information include the TLS protocol and cypher, for instance. If you want to see that information then leave out the -quiet option. To prevent the session is renegotiated when you enter the enter the RCPT TO command you can simply type the command in lowercase.
$ openssl s_client -connect strawberry.active-ns.com:465 -quiet ... 220-strawberry.active-ns.com ESMTP Exim 4.93 #2 Mon, 08 Mar 2021 18:20:41 +0000 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
If you want to test SMTP over port 587 then you can use the -starttls option and change the port number:
$ openssl s_client -starttls smtp -connect strawberry.active-ns.com:587
And you can even test port 25. There’s no need to install telnet:
$ openssl s_client -starttls smtp -connect strawberry.active-ns.com:25
Sending an email
Once you have established a connection the server waits for input. To start, say EHLO to the server. The EHLO (or HELO) command identifies us. You can either enter a domain name or IP address.
EHLO example.net 250-strawberry.active-ns.com Hello cpc123456-lndn12-2-0-cust111-isp [12.34.56.78] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-AUTH PLAIN LOGIN 250 HELP
Note that the server responds with the allowed authentication methods. The output shows that you can use AUTH PLAIN. So, you can now give the server the base64 string:
AUTH PLAIN AG1haWxAZXhhbXBsZS5uZXQAd0k4I2RTNV95RzhAaVM= 235 Authentication succeeded
The server responded with “Authentication succeeded”. To send an email, start with the MAIL FROM: command:
MAIL FROM: mail@example.net 250 OK
The recipient of the email is specified with the above-mentioned RCPT TO: command. If you didn’t run openssl s_client with the -quiet option you want to enter the command in lowercase to prevent the session is renegotiated:
RCPT TO: support@catalyst2.com 250 Accepted
You can now compose your email using the DATA command. I recommend entering the From, To and Subject fields. You don’t have to do so, but if you don’t the recipient will not see these fields – they would be blank. Other than that, simply compose your message. To let the server know that you’re done with your email you can enter a full stop on a line by itself (and hit the enter key). This is exactly how you exit input mode in the ed editor (though it’s possible you don’t use ed on a day-to-day basis).
DATA 354 Enter message, ending with "." on a line by itself From: mail@example.net To: support@catalyst2.com Subject: Email client recommendation I'm currently using openssl to send emails. Do you know if there are any good desktop applications that can send emails? . 250 OK id=1lJKVY-0008BF-2l
And finally, issue the QUIT command to close the session:
QUIT DONE
Featured Blogs
How To Utilise Tech Services To Enhance Your Firm’s Professionalism
In the twenty-first century, regardless of the industry that you find yourself in, the likelihood is that you are constantly fighting for the attention of your audience. With more-and-more firms popping up on a yearly basis, it is imperative that you take action to try and retain a professional reputation – this can help to …
The Cloud Hosting Rumours That Need To Be Forgotten
In the world of hosting, there are countless services that you are able to take advantage of, all of which possess their own distinct benefits. Shared hosting, for instance, may not run quite as quickly as some of the alternatives, but it helps to keep your firm’s expenses to a minimum. However, in recent years, …
What are the benefits of infrastructure-as-a-service for businesses?
The proliferation of on-demand cloud services represents one of the most significant technological advances of recent times. Businesses and organisations can now access highly specialised software and hardware remotely while paying a recurring subscription fee that is a fraction of the cost of bringing that same infrastructure in-house. Infrastructure as a service is a hot …
VMware under the spotlight – what to expect from a managed hosting platform
Some of the critical aspects you need to see from a managed hosting platform have to be a high level of reliability and flexibility so that you know you have options to upscale in line with your changing business needs. Here is a look at what a VMware server solution can offer Using a VMware …
Why Free Hosting Will Never Surpass Paid Hosting In Quality
As the years have gone on, you might have noticed a change in the number of companies that are investing heavily in their websites – this is not a coincidence. Far from it, this is actually a strategic plan which is in-line with the trends seen around the globe. With the incredible advances that have …
catalyst2’s Services, And How They Can Transform Your Business
If you are part of an organisation that would like to achieve success in the twenty-first century, it is imperative that you ensure that your firm, from a technical perspective, is immaculate. As you will have seen from the effects of the coronavirus-enforced lockdown, business is incredibly easy to conduct online. It is not difficult …
What are the benefits of fast DNS servers?
Fast, reliable browsing is paramount for all internet users. DNS servers facilitate the efficient and smooth utilisation of the web and efficiently route traffic to their intended destination. Struggling with a slow DNS server can significantly increase the loading time of web pages and make browsing websites a time-consuming and frustrating experience. To maximise browsing …
Why your business needs a managed IT service provider
If you’re in the market for IT services, you’ll have doubtless come across the phrase “managed service provider”. What actually is a managed service provider, what do they do, and why should your business think about investing in one? What is a managed service provider? A managed service provider oversees the implementation and integration of …
Keep things simple with managed server hosting
One of the first decisions you’ll need to make when choosing hosting for your new website is whether to choose a managed server hosting or DIY server infrastructure. If you’re not sure what the implications of these two choices are, it’s likely you’re going to want some kind of managed server hosting; this is for …
CloudLinux launches RHEL clone AlmaLinux
CentOS Linux’s parent company, Red Hat, caused consternation among many users recently when they announced they would be shifting focus away from CentOS Linux in favour of focussing on CentOS Stream. Shortly after the announcement, CentOS co-founder, Gregory Kurtzer, confirmed he was launching a clone of Red Hat Enterprise Linux, the distro that CentOS was …
What our clients say
We really rate catalyst2. We get a great response from the team… really happy with the service.