Q. How can I check a server for SMTP over TLS?
It is possible to have an SMTP connection use TLS from the sending server to the receiving server to add a pinch of security. Many banks and other security-minded corporations require this to send and receive email.
To check the TLS capability of an SMTP server, telnet will not work as it does not support TLS. However you can use the command line app stunnel!
Firstly, on Debian or Ubuntu, install stunnel:
$ sudo apt-get install stunnel
Now make an SMTP connection with stunnel which will use TLS.
$ stunnel -n smtp -c -r host:25
Followed by anything that is in the format of a FQDN:
(Debian: you may have to use stunnel4 as the binary instead of stunnel)
If the connection is successful with SMTP over TLS, you will see a standard dialog to follow:
$ stunnel -n smtp -c -r 192.168.1.15:25 220 smtp.example.com ESMTP Sendmail 8.13.1/8.14.5/it-rhel5-mimedefang-smtp-1.4; Mon, 19 Mar 2012 06:29:59 -0700 ehlo example.com 250-smtp.example.com Hello xxxxxx [xxxxxx], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 600000000 250-DSN 250-ETRN 250-AUTH LOGIN PLAIN 250-DELIVERBY 250 HELP
If the server does not allow SMTP over TLS, or is having other configuration problems, you will not be presented with an SMTP dialog:
$ stunnel -n smtp -c -r 192.168.1.24:25 220 SMTP Server Ready ehlo example.com this does not appear to be working... ^C $
PS The following site has excellent tests as well: http://www.checktls.com/tests.html