The openssl s_client -connect command can be used to determine if you are able to connect to your Postfix / Dovecot email server using SMTP (port 25) or IMAP (port 143). The connection can be attempted using the IP address and port.

openssl s_client -connect 10.6.45.12:143

Or using the DNS hostname and protocol.

openssl s_client -connect mail.example.com:imap

If the connection is successful, something like this should be returned.

~]$ openssl s_client -connect mail.example.com:imap
CONNECTED(00000004)
139809003595584:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:331:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 5 bytes and written 309 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---

On the other hand, if the connection times out, something like this should be returned.

140637841643328:error:0200206E:system library:connect:Connection timed out:crypto/bio/b_sock2.c110
140637841643328:error:2008A067:BIO routines:BIO_connect:connect error:crypto/bio/b_sock2.c:111:
connect:errno=110

If the connection is successful, you can then also test the connection using the -starttls option, if the email server is configured to support SSL / TLS connections, to see if the connection can be made using SSL / TLS.

openssl s_client -connect mail.example.com:smtp -starttls smtp

Or using the IMAP protocol.

openssl s_client -connect mail.example.com:imap -starttls imap

You can also try including the -cert and -key options (if you have the public certificate and private key) although this really only makes sense as part of debugging/troubleshooting SSL/TLS issues from an IT perspective.

openssl s_client -connect mail.example.com:smtp -starttls smtp -cert /path/to/example.com.pem -key /path/to/example.com.key

If the connection is successful, you should be get the 250 STARTTLS prompt.

250 STARTTLS

Next type ehlo <your mail server hostname> and press enter. If the EHLO (server hello) packet is successful, something like this should be returned.

250-mail.example.com
250-8BITMIME
250 SIZE 31457280

Next enter mail from: <senders email address> and press enter. If the sender email address is accepted, something like this should be returned.

250 sender <john.doe@example.com> ok

Next enter rcpt to: <recipient email address> and press enter. If the recipient email address is accepted, something like this should be returned.

AVOID TROUBLE

Ensure rcpt to is in lower case, not upper case. If upper case is used, renegotiating may be returned.

250 recipient <jane.doe@example.com> ok

Next type data and press enter and then type a message, such as Hello World, enter a single period, and press enter.

354 go ahead
Hello World
.
250 ok:  Message 144890778 accepted