Bootstrap

OpenSSL - Test connection to an email server

by Jeremy Canfield | Updated: February 16 2022 | OpenSSL articles

The OpenSSL command with the s_client -connect option can be used to test connection to an email server. In this example, a connection to the email server with hostname mx1.example.com on port 25 (SMTP) is attempted.

If using Linux, the which command can be used to determine if OpenSSL is installed on the system. If not, refer to Install OpenSSL on Linux.

~]# which openssl
/usr/bin/openssl

If using Windows, let's say OpenSSL is installed at this location. Or, refer to Install OpenSSL on Windows.

cd "C:\program files\gnuwin32\bin\"

On Windows, you'll need to first start OpenSSL.

openssl.exe

The following examples are based on Linux, but will work the same with OpenSSL on Windows.

If the hostname is invalid, something like this should be returned.

~]# openssl s_client -connect bogus.example.com:25
140368544307008:error:2008F002:BIO routines:BIO_lookup_ex:system lib:crypto/bio/b_addr.c:730:Name or service not known
connect:errno=2

If the hostname is valid but connections to the host on the port are not allowed, something like this should be returned.

~]# openssl s_client -connect mx1.example.com:12345
140335663650624:error:02002071:system library:connect:No route to host:crypto/bio/b_sock2.c:110:
140335663650624:error:2008A067:BIO routines:BIO_connect:connect error:crypto/bio/b_sock2.c:111:
connect:errno=113

If the connection is successful, both CONNECTED and return code: 0 (ok) should be included in the output.

~]$ openssl s_client -connect mx1.example.com:25
CONNECTED(00000003)
Verify return code: 0 (ok)

If the email server is configured with SSL/TLS via starttls on SMTPS port 587, the -starttls smtp option will need to be included.

openssl s_client -starttls smtp -connect mx1.example.com:587

Once connected to the email server, you should get the following prompt.

250 DNS

At this point, type EHLO followed by the hostname of the email server.

EHLO mx1.example.com