Debugging SMTP issues with openssl
Last updated: 23 March 2022
The openssl s_client utility is an SSL/TLS client that connects to remote hosts. It is primarily a diagnostic tool, and it has a very large number of options. I won’t go through all the utility’s bells and whistles – to properly learn OpenSSL you can use the documentation or read the OpenSSL Cookbook. Instead I will show how useful the utility is by connecting to a mail server and sending an email.
Prepare the base64 username and password
I will use openssl s_client to connect to our Strawberry server and log in as mail@example.net. If the connection succeeds the server advertises what mechanisms you can use to log in. Usually, one of the authentication options is AUTH PLAIN. To log in using AUTH PLAIN you need to provide our username and password as a base64 encoded string.
As we need an encoded string it makes sense to get your ducks in a row before connecting to a server. You can generate the base64 string on the command line. Note that both the email address and password are prefixed with a NULL byte (\0).
$ echo -ne "\0mail@example.net\0wI8#dS5_yG8@iS" | base64 AG1haWxAZXhhbXBsZS5uZXQAd0k4I2RTNV95RzhAaVM=
Most servers also support the AUTH LOGIN mechanism. To authenticate using AUTH LOGIN you need to provide your username and password separately. You can again generate the base64 strings via the command line:
$ echo -ne "mail@example.net" | base64 bWFpbEBleGFtcGxlLm5ldA== $ echo -ne "wI8#dS5_yG8@iS" | base64 d0k4I2RTNV95RzhAaVM=
Connect to the mail server
You can now connect to the mail server. In the below command I connect using port 465. I have also added the -quiet option. This prevents session and certificate information is printed and that the session is renegotiated when we enter a command starting with the letter R. The latter is useful, as one of the commands you need to enter later is RCPT TO. Without the -quiet option your session will get in a muddle.
Often, you actually want the output to be verbose. Among others, the session and certificate information include the TLS protocol and cypher, which can be useful for debugging. If you want to see that information then you need to leave out the -quiet option. To prevent that the session is renegotiated when you enter the enter the RCPT TO command you can simply type the command in lowercase (i.e. rcpt to).
$ openssl s_client -connect strawberry.active-ns.com:465 -quiet ... 220-strawberry.active-ns.com ESMTP Exim 4.93 #2 Mon, 08 Mar 2021 18:20:41 +0000 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
If you want to test SMTP over port 587 then you can use the -starttls option and change the port number:
$ openssl s_client -starttls smtp -connect strawberry.active-ns.com:587
And you can even test port 25. There is no need to install telnet:
$ openssl s_client -starttls smtp -connect strawberry.active-ns.com:25
Sending an email
Once you have established a connection the server waits for input. To start, say EHLO to the server. The EHLO (or HELO) command identifies us. You can either enter a domain name or IP address.
EHLO example.net 250-strawberry.active-ns.com Hello cpc123456-lndn12-2-0-cust111-isp [12.34.56.78] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-AUTH PLAIN LOGIN 250 HELP
Note that the server responds with the allowed authentication methods. The output shows that you can use AUTH PLAIN. So, we can now give the server the base64 string we created earlier:
AUTH PLAIN AG1haWxAZXhhbXBsZS5uZXQAd0k4I2RTNV95RzhAaVM= 235 Authentication succeeded
The server responded with “Authentication succeeded”. To send an email, start with the MAIL FROM: command:
MAIL FROM: mail@example.net 250 OK
The recipient of the email is specified with the above-mentioned RCPT TO: command. If you didn’t run openssl s_client with the -quiet option then you need to enter the command in lowercase (to prevent the session is renegotiated):
RCPT TO: support@catalyst2.com 250 Accepted
And you can now compose your email using the DATA command. I recommend entering the From, To and Subject fields. You don’t have to do so, but if you don’t the recipient will not see these fields – they will be blank. Other than that, simply compose your message. To let the server know that you are done with your email you can enter a full stop on a line by itself (and hit the enter key). This is exactly how you exit input mode in the ed editor (though it is possible you don’t use ed on a day-to-day basis!).
DATA 354 Enter message, ending with "." on a line by itself From: mail@example.net To: support@catalyst2.com Subject: Email client recommendation I'm currently using openssl to send emails. Do you know if there are any good desktop applications that can send emails? . 250 OK id=1lJKVY-0008BF-2l
And finally, issue the QUIT command to close the session:
QUIT DONE
Featured Blogs
Why Choose UK Dedicated Server Hosting for Your Business?
As companies scale their operations and seek to maintain a seamless online presence, many consider upgrading to a dedicated server. This option offers greater control, enhanced security, and improved performance; all crucial elements for growing businesses. Given these advantages, it’s no surprise that dedicated server hosting has become a popular choice. Deciding if it’s worth …
Managed Dedicated Server Hosting for eCommerce Businesses in the UK
As more UK shoppers increasingly turn to online platforms to make their purchases, having a good online platform as an eCommerce business is essential. As your eCommerce operation grows, you may encounter challenges such as higher traffic, slower loading times, and potential security issues, all of which can negatively impact the visitor experience on the …
How Managed Dedicated Servers Can Elevate Your Online Security
Businesses today are confronted with an increasing array of online threats that can compromise sensitive data, disrupt operations, and harm reputation. As cyber threats continue to grow in both frequency and sophistication, the potential for online breaches can pose a significant risk to any business. Failing to implement robust security measures can lead to data …
Managed vs Unmanaged Dedicated Servers; Which is Right for Your Business?
Many businesses rely on hosting providers for dedicated servers to ensure optimal performance, security, and control. Unlike shared hosting, where resources are divided among multiple users, a dedicated server offers exclusive access to all of the server’s resources. This makes it ideal for businesses that experience high traffic, require substantial resources, or operate in data-sensitive …
Dedicated Server Basics; Everything You Need to Know
With businesses receiving more traffic on their websites than ever before, as more people engage online, the need for a dedicated server has become vital. While smaller businesses can often use shared hosting and virtual private servers, larger businesses with high traffic typically require more advanced and comprehensive hosting solutions; dedicated servers emerge as the …
Tips for Creating a User-Friendly Website
When designing a website, prioritising user-friendliness is crucial for success, especially for businesses offering products or services. A user-friendly website is not just nice-to-have; it’s a necessity. It ensures that visitors can easily navigate your site, enjoy a visually appealing interface, experience fast loading times, and seamlessly interact with the content. However, creating a user-friendly …
Discussing the Importance of Server Scalability for Business Growth
For business growth, meeting the increasing demands of customers can be challenging. It’s essential to keep pace with these demands without compromising on performance. As a business expands, it typically encounters higher traffic volumes, larger data storage needs, and the requirement to support more complex applications which is where server scalability becomes crucial. Server scalability …
Effective Ways to Improve the Credibility of Your Website
Now, more than ever, the credibility of a business’s website is crucial for building trust with the target audience and achieving business goals. A credible website not only attracts visitors but also keeps them engaged, encourages conversions, and encourages long-term relationships. A strong online presence is essential for businesses to thrive and compete effectively. Investing …
Best Practices and Strategies for Server Backups.
Ultimately, data is essential for businesses. Whether it’s customer information, transaction records, or proprietary business data, safeguarding this information is crucial for any organisation. One of the most effective ways to protect your data is through regular and robust server backups. By implementing a comprehensive backup strategy, businesses can mitigate the risks associated with data …
The Benefits of a Proactive Approach to Securing Your Website
In the digital age, website security is more than just a technical requirement; it’s a fundamental aspect of business strategy. With the rising incidence of cyber threats, protecting online assets has become crucial for businesses of all sizes. By implementing proactive security measures, such as secure dedicated server hosting, automated security patching, and continuous monitoring, …
What our clients say
Everything is fine, thank you. The queries I had were dealt with in a prompt, professional and truly friendly manner! I have never experienced such superb service from any other supplier!
You guys and Catalyst2 are awesome!
