Debugging SMTP issues with openssl
The openssl s_client utility is an SSL/TLS client that connects to remote hosts. It’s primarily a diagnostic tool, and it has a very large number of options. To give you an idea of how useful the utility is I’ll show you how you can connect to a mail server and send an email.
Prepare the base64 username and password
I’ll use openssl s_client to connect to our Strawberry server and log in as mail@example.net. If the connection succeeds the server advertises what mechanisms you can use to log in. Usually, one of the authentication options is AUTH PLAIN. To log in using AUTH PLAIN you need to provide our username and password as a base64 encoded string.
It makes sense to get your ducks in a row before connecting to a server. You can generate the base64 string on the command line. Note that both the email address and password are prefixed with a NULL byte (\0).
$ echo -ne "\0mail@example.net\0wI8#dS5_yG8@iS" | base64 AG1haWxAZXhhbXBsZS5uZXQAd0k4I2RTNV95RzhAaVM=
Most servers also support the AUTH LOGIN mechanism. To authenticate using AUTH LOGIN you need to provide your username and password separately. You can again generate the base64 strings via the command line:
$ echo -ne "mail@example.net" | base64 bWFpbEBleGFtcGxlLm5ldA== $ echo -ne "wI8#dS5_yG8@iS" | base64 d0k4I2RTNV95RzhAaVM=
Connect to the mail server
You can now connect to the mail server. In the below command I’m connecting to port 465. I’ve also added the -quiet option. This prevents session and certificate information is printed and that the session is renegotiated when we enter a command starting with the letter R. The latter is useful, as one of the commands you need to enter is RCPT TO.
Often, you actually want the output to be verbose. The session and certificate information include the TLS protocol and cypher, for instance. If you want to see that information then leave out the -quiet option. To prevent the session is renegotiated when you enter the enter the RCPT TO command you can simply type the command in lowercase.
$ openssl s_client -connect strawberry.active-ns.com:465 -quiet ... 220-strawberry.active-ns.com ESMTP Exim 4.93 #2 Mon, 08 Mar 2021 18:20:41 +0000 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
If you want to test SMTP over port 587 then you can use the -starttls option and change the port number:
$ openssl s_client -starttls smtp -connect strawberry.active-ns.com:587
And you can even test port 25. There’s no need to install telnet:
$ openssl s_client -starttls smtp -connect strawberry.active-ns.com:25
Sending an email
Once you have established a connection the server waits for input. To start, say EHLO to the server. The EHLO (or HELO) command identifies us. You can either enter a domain name or IP address.
EHLO example.net 250-strawberry.active-ns.com Hello cpc123456-lndn12-2-0-cust111-isp [12.34.56.78] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-AUTH PLAIN LOGIN 250 HELP
Note that the server responds with the allowed authentication methods. The output shows that you can use AUTH PLAIN. So, you can now give the server the base64 string:
AUTH PLAIN AG1haWxAZXhhbXBsZS5uZXQAd0k4I2RTNV95RzhAaVM= 235 Authentication succeeded
The server responded with “Authentication succeeded”. To send an email, start with the MAIL FROM: command:
MAIL FROM: mail@example.net 250 OK
The recipient of the email is specified with the above-mentioned RCPT TO: command. If you didn’t run openssl s_client with the -quiet option you want to enter the command in lowercase to prevent the session is renegotiated:
RCPT TO: support@catalyst2.com 250 Accepted
You can now compose your email using the DATA command. I recommend entering the From, To and Subject fields. You don’t have to do so, but if you don’t the recipient will not see these fields – they would be blank. Other than that, simply compose your message. To let the server know that you’re done with your email you can enter a full stop on a line by itself (and hit the enter key). This is exactly how you exit input mode in the ed editor (though it’s possible you don’t use ed on a day-to-day basis).
DATA 354 Enter message, ending with "." on a line by itself From: mail@example.net To: support@catalyst2.com Subject: Email client recommendation I'm currently using openssl to send emails. Do you know if there are any good desktop applications that can send emails? . 250 OK id=1lJKVY-0008BF-2l
And finally, issue the QUIT command to close the session:
QUIT DONE
Featured Blogs
The Importance Of Server Maintenance For Businesses
When you have a website, which all businesses should these days, it goes without saying that your server is essential. Simply put, your server will store, process and deliver your website to anyone who is visiting your URL. So, without your server, your website wouldn’t be ‘live’ or visible to anyone who is trying to …
Everything you need to know about ISO27001 managed servers and hosting
In today’s competitive marketplace for managed servers and hosting, it can be difficult to differentiate between providers and their service offerings. At catalyst2, we mark ourselves out in the managed IT services marketplace by our quality. By quality, we don’t just mean our ISPA awards and nominations, including winning the Best Customer Service Award and …
What is a private cloud?
A virtual private cloud provides a secure environment for a company’s shared resources, accessible only by the business and not from a third party. Businesses may use this for a variety of reasons, such as storing (and sharing) data, hosting websites, or running code. Regardless of how it’s used, using a virtual private cloud server …
What To Take Into Consideration When Choosing Your Virtual Server Hosting
In this digital day and age, having an online presence is more important than ever before and when they don’t have a website, businesses will be hindering their own success. In order to have a website that is ‘live’ and visible to anyone using the internet, you will require web hosting services and whilst there …
What are VPNs and why are they important?
Virtual private networks are essential tools for anyone who values their privacy and security online. Whether you want to prevent your ISP from looking at what you’re doing online or you want to ensure your connection is secure when using public Wi-Fi, VPNs have a lot to offer. What is a VPN? Usually, when a …
We’ve been shortlisted for two awards at the ISPA’s 23rd Annual Awards!
At catalyst2, we’re proud to put our customers and clients at the forefront of everything that we do. Our customer service levels are always a key consideration, regardless of the service we’re providing. As a result of our efforts, we’re proud to announce that we’ve been shortlisted for two awards at the 23rd Annual ISPA …
Encryption at rest: Its purpose and benefits/setbacks
In any organisation, the data held within your system is the most crucial and precious aspect of your business. Whether it be credit card information, transaction histories, or client intel, the data you hold is the core foundation of what your company runs on. This is why it must be safeguarded and protected with the …
What are the CIS Controls?
The CIS controls, previously known as the SANS Critical Security Controls, are a recommended set of actions developed by the Center for Internet Security to enable organisations to thwart the most pervasive cybersecurity threats they are likely to face. The latest version of these controls, version 8, reduces their number from 20 to 18 and …
Everything you need to know about Galera Cluster
Galera Cluster is a synchronous multi-master database cluster developed by Codership of Finland. This open-source software operates as a patch for MySQL and MariaDB and offers its own command-line interface. It provides a range of features including certification-based replication, which uses individual nodes to certify the replicated write set against other write sets. Database reads …
How To Utilise Tech Services To Enhance Your Firm’s Professionalism
In the twenty-first century, regardless of the industry that you find yourself in, the likelihood is that you are constantly fighting for the attention of your audience. With more-and-more firms popping up on a yearly basis, it is imperative that you take action to try and retain a professional reputation – this can help to …
What our clients say
Everything is fine, thank you. The queries I had were dealt with in a prompt, professional and truly friendly manner! I have never experienced such superb service from any other supplier!
You guys and Catalyst2 are awesome!