Table of Contents
Ubuntu - Email - Test SMTP
The commands used here are covered in section 4.1 of RFC 2821 [http://www.ietf.org/rfc/rfc2821.txt].
Obtain the DNS MX record for a domain
Issue the following command:
Linux:
nslookup -type=mx sharewiz.net Non-authoritative answer: sharewiz.net mail exchanger = 10 mail.sharewiz.net. Authoritative answers can be found from: mail.sharewiz.net internet address = 5.42.134.35
Windows:
nslookup -type=mx sharewiz.net Non-authoritative answer: sharewiz.net MX preference = 10, mail exchanger = mail.sharewiz.net.
Get the DNS PTR for the IP
This requires to know the IP address.
With the IP address run the following command, where A.B.C.D is the IP address.
Linux:
nslookup -type=ptr A.B.C.D
Non-authoritative answer: D.C.B.A.in-addr.arpa name = server.example.com
Windows:
nslookup -type=ptr A.B.C.D
Non-authoritative answer: D.C.B.A.in-addr.arpa name = server.example.com
So now that we have the MX record for example.com and the PTR for the IP we are going to use, it is time to login to the SMTP server.
Connect to server
For non-secure SMTP, you can use
telnet example.com 25
For secure SMTP, you can use one of following:
openssl s_client -starttls smtp -connect example.com:25 openssl s_client -starttls smtp -connect example.com:465 openssl s_client -starttls smtp -connect example.com:587
As soon as you connect to the server, run:
ehlo example.com
You will get output like below as reply:
250-test.example.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN
If you do not see line like 250-AUTH … line, then your server may not support authentication. Most likely you will see this when trying with telnet or openssl without startls.
Authentication
For admin@example.com and password, generate base64 encoded string like below:
echo -ne '\0admin@example.com\0password' | base64
Please note use of \0 before username and password. It must be used as it is. Also, use single-quotes to avoid escaping special characters in your password.
It will output a string like below:
AGFkbWluQGV4YW1wbGUuY29tAHBhc3N3b3Jk
Use above string with AUTH command:
AUTH PLAIN AGFkbWluQGV4YW1wbGUuY29tAHBhc3N3b3Jk
SMTP Commands to send test email
Type/paste following commands 1-by-1. They are interactive and needs input.
ehlo example.com mail from: admin@example.com rcpt to: admin@other.com data quit
For more SMTP Tests, check http://www.stat.ufl.edu/system/mailtesting.shtml.
Open-Relay Test
Worst thing that could happen to your SMTP server is – it becomes open-relay (accidentally). An open-relay allows anybody to connect and send email using your server. It can lead to your server being blacklisted. I am not sure if it can result in legal hassles!
There are many tools available online which can check if your smtp server is acting as open relay.
swaks utility
This is a small package which can make it easy to test your smtp server.
apt-get install swaks
Example usage:
swaks --server example.com --to admin@example.com
Please note that SpamAssassin marks, swaks generated email as spam.
Example
openssl s_client -starttls smtp -connect mail.sharewiz.net:25 CONNECTED(00000003) depth=0 C = UK, ST = Jersey, L = St. Helier, O = ShareWiz, OU = Tech, CN = mail.sharewiz.net, emailAddress = admin@sharewiz.net verify error:num=18:self signed certificate verify return:1 depth=0 C = UK, ST = Jersey, L = St. Helier, O = ShareWiz, OU = Tech, CN = mail.sharewiz.net, emailAddress = admin@sharewiz.net verify return:1 --- Certificate chain 0 s:/C=UK/ST=Jersey/L=St. Helier/O=ShareWiz/OU=Tech/CN=mail.sharewiz.net/emailAddress=admin@sharewiz.net i:/C=UK/ST=Jersey/L=St. Helier/O=ShareWiz/OU=Tech/CN=mail.sharewiz.net/emailAddress=admin@sharewiz.net --- Server certificate -----BEGIN CERTIFICATE----- MIIF/TCCA+WgAwIBAgIJAMDVKowLC7NQMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD VQQGEwJVSzEPMA0GA1UECAwGSmVyc2V5MRMwEQYDVQQHDApTdC4gSGVsaWVyMREw DwYDVQQKDAhTaGFyZVdpejENMAsGA1UECwwEVGVjaDEaMBgGA1UEAwwRbWFpbC5z aGFyZXdpei5uZXQxITAfBgkqhkiG9w0BCQEWEmFkbWluQHNoYXJld2l6Lm5ldDAe Fw0xNjExMDYxOTMwNTZaFw00MTA2MjgxOTMwNTZaMIGUMQswCQYDVQQGEwJVSzEP MA0GA1UECAwGSmVyc2V5MRMwEQYDVQQHDApTdC4gSGVsaWVyMREwDwYDVQQKDAhT aGFyZVdpejENMAsGA1UECwwEVGVjaDEaMBgGA1UEAwwRbWFpbC5zaGFyZXdpei5u ZXQxITAfBgkqhkiG9w0BCQEWEmFkbWluQHNoYXJld2l6Lm5ldDCCAiIwDQYJKoZI hvcNAQEBBQADggIPADCCAgoCggIBAKY1Smx6HoH7QvC4pLvmS8jcVqLfR81IJc0+ D/N3VfTrz6DFJ4fkkzyDGipHDZCSbg++K8AxWvCSIkH69Cdpa6PcfD0f07dKLNCd t4S+dUPbSwwOXcnttlE974eJBqgtRsQs96BXqdF4Lny+6LDLolV3uwyrnASgV3xX CHAc5hbnJaj8ArxPhXa7ZKKDP04SJ+5U9J47eW/pedUc89O7NeKuaSNQ4ZlnAEbu aBiHocgk9hPUhLV1i+85IKck7xf9v/bzEdX7pkFdLRu16jJUbZXxmI8zj1ZlZhix 5NfC8+l6NX5PIaJqYhXjGFLiD72178mlLMUSQFTgZF//tfqtccQNI6oPl2xhY2iq TUFUmSf1efvJvBQhK3vWCCpVhnvBBgABxQOV/ydzsuY91Meu+r8OiQlHiTYofKTt C1zfCZrIIU+O9NhpgSWoxpO9OLjFTo+xf5t8D3PP7soH1T+W0m0ygkvNBNTVAGYS rzUAmnvQho7Rk/QrdWQ1x6wLVXqaAQe9E7ICPpr8IqIC9Wtd03kilPtOJcwX8Jbc W+Im224O+qClT55IDOdeEG5PouNOLJEBNDUbco7eo8qJL1L6dlgOGI5a3vn9Ha+r uSD3KjElvgnzZGcyGOwEybU+PEvZ4Fw6v3RhIBoogKkSaiU2TGAg8nC/PMUJuf7p O4DnuJP9AgMBAAGjUDBOMB0GA1UdDgQWBBTXgStBGVqML4FnPwZSkP7brXT8wzAf BgNVHSMEGDAWgBTXgStBGVqML4FnPwZSkP7brXT8wzAMBgNVHRMEBTADAQH/MA0G CSqGSIb3DQEBCwUAA4ICAQBVaSDMRoB0tjHVJPSpBQmvVw4KyhN1eHf7Pe/gLNaZ MzXxzt7USxSXXcUYb6mzn1KuQozXr0cTF2Mqg9oUxJWp/IE6uyCKkJ1DM8EnATOC wkySwS3eZ73HnpeofNY9V7t8rdHE8uMD/AgCnaYztgnC/AxD4xcZaBBvbD1AnHuz IlPc6KaRTtV3PQM+Za0zfJ4ukxR2YwPU68Df8T50whp1eJnj7Tg1Z7ZUkL5iRkLO ALdtlGI1qhVBZzstjL11rOUQH5zFHtu+hcAHM5UWqy04M4fFW6A3Fk/+TT0Mrlpa bxbMvMTn85juoOkPYexhkQmLULqRmYgTR9YjqsPdmYi9OWBjciuoB9xePsR4U82k o0WlztvY2XLCZh0DERaT6cLp0N+KIKOrjhO5eqSPOyQnGaTDZOokBGKUVUbRiF+1 L4xdF4rNyOo9anLrLjA+VBsTH8Ff3M50+VkQi/IpqswwTn90XudJxjoG9ZJ3Hput Jj112fy6V7xN5zszxTi2ZLQ8lIFYsb36GSOrJLiTm4QS4NffvN53XTfoJTKu4Qlj oQY3tI4QETunbFZxQF39wrgzvfwoFjw66ZczWuu2sQ8V1uhe5pe++YY/Dmc793zF xuBv8Fx1CPR9oFBJnpZ61YGP08aRRsucsjwpC5RneTkxXSUSFC0ZS+SBVU4ar1tP lg== -----END CERTIFICATE----- subject=/C=UK/ST=Jersey/L=St. Helier/O=ShareWiz/OU=Tech/CN=mail.sharewiz.net/emailAddress=admin@sharewiz.net issuer=/C=UK/ST=Jersey/L=St. Helier/O=ShareWiz/OU=Tech/CN=mail.sharewiz.net/emailAddress=admin@sharewiz.net --- No client certificate CA names sent Peer signing digest: SHA512 Server Temp Key: ECDH, P-256, 256 bits --- SSL handshake has read 2483 bytes and written 466 bytes --- New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Server public key is 4096 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384 Session-ID: B687474275FE380364B1CB8510743A4EB39898D34E85AC4137B5C29FB190E2F7 Session-ID-ctx: Master-Key: E999FFA4C1791FBAA6442D546EF59BE650FED80C96D3EDF4A078473CD5BB86D934079514BFC840DDACA900D46721241A Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None Start Time: 1478819857 Timeout : 300 (sec) Verify return code: 18 (self signed certificate) --- 250 HELP ehlo sharewiz.net 250-server1.sharewiz.net Hello gateway.sharewiz.net [192.168.1.1] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-AUTH PLAIN LOGIN PLAIN2 LOGIN2 250 HELP AUTH PLAIN Base64EncodedUsernameAndPassword== 235 Authentication succeeded ehlo sharewiz.net 250-server1.sharewiz.net Hello gateway.sharewiz.net [192.168.1.1] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250 HELP mail from:peter@sharewiz.net 250 OK rcpt to:mail@peterroux.com 250 Accepted data 354 Enter message, ending with "." on a line by itself This is a test . 250 OK id=1c4yeV-000NPI-HC quit 221 server1.sharewiz.net closing connection closed