Table of Contents

Ubuntu - Email - Test SMTP

The commands used here are covered in section 4.1 of RFC 2821 [http://www.ietf.org/rfc/rfc2821.txt].

Obtain the DNS MX record for a domain

Issue the following command:

Linux: 

nslookup -type=mx sharewiz.net
 
Non-authoritative answer:
sharewiz.net      mail exchanger = 10 mail.sharewiz.net.
 
Authoritative answers can be found from:
mail.sharewiz.net	internet address = 5.42.134.35

Windows: 

nslookup -type=mx sharewiz.net
 
Non-authoritative answer:
sharewiz.net      MX preference = 10, mail exchanger = mail.sharewiz.net.

Get the DNS PTR for the IP

This requires to know the IP address.

With the IP address run the following command, where A.B.C.D is the IP address.

Linux: 

nslookup -type=ptr A.B.C.D
Non-authoritative answer:  D.C.B.A.in-addr.arpa  name = server.example.com

Windows: 

nslookup -type=ptr A.B.C.D
Non-authoritative answer:  D.C.B.A.in-addr.arpa  name = server.example.com

So now that we have the MX record for example.com and the PTR for the IP we are going to use, it is time to login to the SMTP server.

Connect to server

For non-secure SMTP, you can use 

telnet example.com 25

For secure SMTP, you can use one of following: 

openssl s_client -starttls smtp -connect example.com:25
openssl s_client -starttls smtp -connect example.com:465
openssl s_client -starttls smtp -connect example.com:587

As soon as you connect to the server, run: 

ehlo example.com

You will get output like below as reply: 

250-test.example.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN

If you do not see line like 250-AUTH … line, then your server may not support authentication. Most likely you will see this when trying with telnet or openssl without startls.

Authentication

For admin@example.com and password, generate base64 encoded string like below: 

echo -ne '\0admin@example.com\0password' | base64

Please note use of \0 before username and password. It must be used as it is. Also, use single-quotes to avoid escaping special characters in your password.

It will output a string like below: 

AGFkbWluQGV4YW1wbGUuY29tAHBhc3N3b3Jk

Use above string with AUTH command: 

AUTH PLAIN AGFkbWluQGV4YW1wbGUuY29tAHBhc3N3b3Jk

SMTP Commands to send test email

Type/paste following commands 1-by-1. They are interactive and needs input. 

ehlo example.com
mail from: admin@example.com
rcpt to: admin@other.com
data
quit

For more SMTP Tests, check http://www.stat.ufl.edu/system/mailtesting.shtml.

Open-Relay Test

Worst thing that could happen to your SMTP server is – it becomes open-relay (accidentally). An open-relay allows anybody to connect and send email using your server. It can lead to your server being blacklisted. I am not sure if it can result in legal hassles!

There are many tools available online which can check if your smtp server is acting as open relay.

swaks utility

This is a small package which can make it easy to test your smtp server. 

apt-get install swaks

Example usage: 

swaks --server example.com --to admin@example.com

Please note that SpamAssassin marks, swaks generated email as spam.

Example

openssl s_client -starttls smtp -connect mail.sharewiz.net:25
CONNECTED(00000003)
depth=0 C = UK, ST = Jersey, L = St. Helier, O = ShareWiz, OU = Tech, CN = mail.sharewiz.net, emailAddress = admin@sharewiz.net
verify error:num=18:self signed certificate
verify return:1
depth=0 C = UK, ST = Jersey, L = St. Helier, O = ShareWiz, OU = Tech, CN = mail.sharewiz.net, emailAddress = admin@sharewiz.net
verify return:1
---
Certificate chain
 0 s:/C=UK/ST=Jersey/L=St. Helier/O=ShareWiz/OU=Tech/CN=mail.sharewiz.net/emailAddress=admin@sharewiz.net
   i:/C=UK/ST=Jersey/L=St. Helier/O=ShareWiz/OU=Tech/CN=mail.sharewiz.net/emailAddress=admin@sharewiz.net
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIF/TCCA+WgAwIBAgIJAMDVKowLC7NQMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD
VQQGEwJVSzEPMA0GA1UECAwGSmVyc2V5MRMwEQYDVQQHDApTdC4gSGVsaWVyMREw
DwYDVQQKDAhTaGFyZVdpejENMAsGA1UECwwEVGVjaDEaMBgGA1UEAwwRbWFpbC5z
aGFyZXdpei5uZXQxITAfBgkqhkiG9w0BCQEWEmFkbWluQHNoYXJld2l6Lm5ldDAe
Fw0xNjExMDYxOTMwNTZaFw00MTA2MjgxOTMwNTZaMIGUMQswCQYDVQQGEwJVSzEP
MA0GA1UECAwGSmVyc2V5MRMwEQYDVQQHDApTdC4gSGVsaWVyMREwDwYDVQQKDAhT
aGFyZVdpejENMAsGA1UECwwEVGVjaDEaMBgGA1UEAwwRbWFpbC5zaGFyZXdpei5u
ZXQxITAfBgkqhkiG9w0BCQEWEmFkbWluQHNoYXJld2l6Lm5ldDCCAiIwDQYJKoZI
hvcNAQEBBQADggIPADCCAgoCggIBAKY1Smx6HoH7QvC4pLvmS8jcVqLfR81IJc0+
D/N3VfTrz6DFJ4fkkzyDGipHDZCSbg++K8AxWvCSIkH69Cdpa6PcfD0f07dKLNCd
t4S+dUPbSwwOXcnttlE974eJBqgtRsQs96BXqdF4Lny+6LDLolV3uwyrnASgV3xX
CHAc5hbnJaj8ArxPhXa7ZKKDP04SJ+5U9J47eW/pedUc89O7NeKuaSNQ4ZlnAEbu
aBiHocgk9hPUhLV1i+85IKck7xf9v/bzEdX7pkFdLRu16jJUbZXxmI8zj1ZlZhix
5NfC8+l6NX5PIaJqYhXjGFLiD72178mlLMUSQFTgZF//tfqtccQNI6oPl2xhY2iq
TUFUmSf1efvJvBQhK3vWCCpVhnvBBgABxQOV/ydzsuY91Meu+r8OiQlHiTYofKTt
C1zfCZrIIU+O9NhpgSWoxpO9OLjFTo+xf5t8D3PP7soH1T+W0m0ygkvNBNTVAGYS
rzUAmnvQho7Rk/QrdWQ1x6wLVXqaAQe9E7ICPpr8IqIC9Wtd03kilPtOJcwX8Jbc
W+Im224O+qClT55IDOdeEG5PouNOLJEBNDUbco7eo8qJL1L6dlgOGI5a3vn9Ha+r
uSD3KjElvgnzZGcyGOwEybU+PEvZ4Fw6v3RhIBoogKkSaiU2TGAg8nC/PMUJuf7p
O4DnuJP9AgMBAAGjUDBOMB0GA1UdDgQWBBTXgStBGVqML4FnPwZSkP7brXT8wzAf
BgNVHSMEGDAWgBTXgStBGVqML4FnPwZSkP7brXT8wzAMBgNVHRMEBTADAQH/MA0G
CSqGSIb3DQEBCwUAA4ICAQBVaSDMRoB0tjHVJPSpBQmvVw4KyhN1eHf7Pe/gLNaZ
MzXxzt7USxSXXcUYb6mzn1KuQozXr0cTF2Mqg9oUxJWp/IE6uyCKkJ1DM8EnATOC
wkySwS3eZ73HnpeofNY9V7t8rdHE8uMD/AgCnaYztgnC/AxD4xcZaBBvbD1AnHuz
IlPc6KaRTtV3PQM+Za0zfJ4ukxR2YwPU68Df8T50whp1eJnj7Tg1Z7ZUkL5iRkLO
ALdtlGI1qhVBZzstjL11rOUQH5zFHtu+hcAHM5UWqy04M4fFW6A3Fk/+TT0Mrlpa
bxbMvMTn85juoOkPYexhkQmLULqRmYgTR9YjqsPdmYi9OWBjciuoB9xePsR4U82k
o0WlztvY2XLCZh0DERaT6cLp0N+KIKOrjhO5eqSPOyQnGaTDZOokBGKUVUbRiF+1
L4xdF4rNyOo9anLrLjA+VBsTH8Ff3M50+VkQi/IpqswwTn90XudJxjoG9ZJ3Hput
Jj112fy6V7xN5zszxTi2ZLQ8lIFYsb36GSOrJLiTm4QS4NffvN53XTfoJTKu4Qlj
oQY3tI4QETunbFZxQF39wrgzvfwoFjw66ZczWuu2sQ8V1uhe5pe++YY/Dmc793zF
xuBv8Fx1CPR9oFBJnpZ61YGP08aRRsucsjwpC5RneTkxXSUSFC0ZS+SBVU4ar1tP
lg==
-----END CERTIFICATE-----
subject=/C=UK/ST=Jersey/L=St. Helier/O=ShareWiz/OU=Tech/CN=mail.sharewiz.net/emailAddress=admin@sharewiz.net
issuer=/C=UK/ST=Jersey/L=St. Helier/O=ShareWiz/OU=Tech/CN=mail.sharewiz.net/emailAddress=admin@sharewiz.net
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 2483 bytes and written 466 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 4096 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: B687474275FE380364B1CB8510743A4EB39898D34E85AC4137B5C29FB190E2F7
    Session-ID-ctx: 
    Master-Key: E999FFA4C1791FBAA6442D546EF59BE650FED80C96D3EDF4A078473CD5BB86D934079514BFC840DDACA900D46721241A
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1478819857
    Timeout   : 300 (sec)
    Verify return code: 18 (self signed certificate)
---
250 HELP
ehlo sharewiz.net
250-server1.sharewiz.net Hello gateway.sharewiz.net [192.168.1.1]
250-SIZE 52428800
250-8BITMIME
250-PIPELINING
250-AUTH PLAIN LOGIN PLAIN2 LOGIN2
250 HELP
AUTH PLAIN Base64EncodedUsernameAndPassword==
235 Authentication succeeded
ehlo sharewiz.net
250-server1.sharewiz.net Hello gateway.sharewiz.net [192.168.1.1]
250-SIZE 52428800
250-8BITMIME
250-PIPELINING
250 HELP
mail from:peter@sharewiz.net
250 OK
rcpt to:mail@peterroux.com
250 Accepted
data
354 Enter message, ending with "." on a line by itself
This is a test
.
250 OK id=1c4yeV-000NPI-HC
quit
221 server1.sharewiz.net closing connection
closed