In certain situations it can be very helpful to be able to quickly check if a SMTP server is online and reachable, has support for TLS and that it’s working, test user authentication and measure transaction delays and throughput. All of this and more can be done quickly using the command-line. Here’s your guide!
The first step is to find out which SMTP server(s) is responsible for the domain that you want to test, if you already know this you can skip this step. There are several command-line tools that can be used for this but here I’m using nslookup as well as dig as examples.
# nslookup -type=mx example.local
(cut)
example.local mail exchanger = 10 vsp1.example.local.
example.local mail exchanger = 10 vsp2.example.local.
# dig example.local mx
(cut)
;; ANSWER SECTION:
example.local. 3600 IN MX 10 vsp1.example.local.
example.local. 3600 IN MX 10 vsp2.example.local.
(cut)
To verify if it’s possible to connect to the SMTP server you can use for example telnet or netcat.
# nc vsp1.example.local 25
# telnet vsp1.example.local 25
220 vsp1.example.local ESMTP
If you receive a SMTP banner similar to the one above you’re good to go, if you do not see any response from the server that can mean a lot of different things and troubleshooting this is beyond the scope of this article. A few examples of what could be wrong is that the server is down, that it’s rate-limiting your connections, that it’s behind a closed off firewall or that there are routing issues.
If you need to test TLS connections you can use the OpenSSL
s_client
tool for this. Below you can see one example of a server that is not supporting TLS and another one that does.
# openssl s_client -connect vsp1.example.local:25 -starttls smtp
(cut)
CONNECTED(00000003)
didn't found starttls in server response, try anyway...
139702030079656:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:774:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 177 bytes and written 325 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
# openssl s_client -connect vsp2.example.local:25 -starttls smtp
(cut)
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 140C627F8364C06E74204CEBA31057415B1A24EC2E5D9B996C6F3277DB18F364
Session-ID-ctx:
Master-Key: C565114C052EDA50B176EA7962F415C3E2BD8A0FC62E243C592BB72164AAAE9625CE80EE81BF88FD8C480EAC4E20A74C
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - 73 04 63 bd 84 16 fd e4-a0 93 26 e0 71 3c 08 0b s.c.......&.qV)v.........
0070 - 19 08 d1 c2 14 ee da 69-cc 85 77 f6 13 39 3c f9 .......i..w..9<.
0080 - 8b 60 38 67 3c e9 f3 18-08 20 f6 1c 10 16 77 7f .`8gV.../..
Start Time: 1474028496
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
Note that if you see messages like the ones below when inputing commands while connected using this tool it’s because it’s looking for lines beginning with an upper-case R
or Q
and either renegotiates or closes the TLS connection if it does. You can avoid this by either using a lower-case letter instead (when possible) or using the -quiet
flag when connecting to the server.
(cut)
RCPT TO: <admin@example.local>
RENEGOTIATING
(cut)
DATA
354 End data with .
Subject: I have some questions!
Question 1: ...
DONE
Setting up email clients just to verify that authentication is working can be a hassle, so it’s usually much quicker to test it using the command-line, but there are some things you need to be aware of.
First, you need to base64 encode the username and password that you want to test before connecting to the server. If you’re using a *NIX system you most likely have access to the base64 tool which you can use for this.
# echo -n "username" | base64
dXNlcm5hbWU=
# echo -n "password" | base64
cGFzc3dvcmQ=
After that, you most likely need to connect over TLS (see previous section for how to do this) for the server to allow you to authenticate. You can then send the AUTH LOGIN
command and then first the username and then the password.
(cut)
250 8BITMIME
AUTH LOGIN
334 VXNlcm5hbWU6
dXNlcm5hbWU=
334 UGFzc3dvcmQ6
cGFzc3dvcmQ=
235 2.7.0 Authentication successful
We at Halon have created a tool called smtpping which can be used to measure transaction delays as well as throughput of SMTP servers. Installation instructions for *NIX systems are provided on the link above. In the example below I’m measuring transaction delays against the mx record of the domain but you can also manually specify the server with the @
prefix (For an example of this see the next section).
# smtpping admin@example.local
PING admin@example.local ([vsp1.example.local]:25): 10300 bytes (SMTP DATA)
seq=1, connect=0.11 ms, helo=14.94 ms, mailfrom=15.06 ms, rcptto=38.12 ms, datasent=41.75 ms, quit=42.10 ms
seq=2, connect=0.15 ms, helo=15.12 ms, mailfrom=15.25 ms, rcptto=17.98 ms, datasent=21.80 ms, quit=22.02 ms
seq=3, connect=0.15 ms, helo=14.96 ms, mailfrom=15.15 ms, rcptto=17.23 ms, datasent=21.64 ms, quit=21.85 ms
--- 10.2.59.99 SMTP ping statistics ---
3 e-mail messages transmitted
connect min/avg/max = 0.11/0.14/0.15 ms
banner min/avg/max = 14.79/14.84/14.92 ms
helo min/avg/max = 14.94/15.00/15.12 ms
mailfrom min/avg/max = 15.06/15.15/15.25 ms
rcptto min/avg/max = 17.23/24.44/38.12 ms
data min/avg/max = 17.34/24.57/38.29 ms
datasent min/avg/max = 21.64/28.40/41.75 ms
quit min/avg/max = 21.85/28.66/42.10 ms
Like I mentioned in the previous section about measuring transaction delays, it’s also possible to use our smtpping tool to measure throughput of an SMTP server. In the following example I’m using the -r
flag to display the rate instead of the transaction delays and I also specify that I want to use 5 parallel worker processes instead on one. I also manually specify the server I want to check against rather than using the MX record by using the @
prefix.
# smtpping -r -w 0 -P 5 admin@example.local @vsp1.example.local
0/s
134/s
203/s
187/s
202/s
194/s
So these were just a few examples of different things you can test on SMTP servers using command-line tools, but it’s of course possible to do even more than that. Contact Halon today to discover more.