How to Check Mail Server for SMTP Over TLS

By | 2012/03/19

Q. How can I check a server for SMTP over TLS?

It is possible to have an SMTP connection use TLS from the sending server to the receiving server to add a pinch of security. Many banks and other security-minded corporations require this to send and receive email.

To check the TLS capability of an SMTP server, telnet will not work as it does not support TLS. However you can use the command line app stunnel!


Firstly, on Debian or Ubuntu, install stunnel:

$ sudo apt-get install stunnel

Now make an SMTP connection with stunnel which will use TLS.

Type:

$ stunnel -n smtp -c -r host:25

Followed by anything that is in the format of a FQDN:

ehlo example.com

(Debian: you may have to use stunnel4 as the binary instead of stunnel)


If the connection is successful with SMTP over TLS, you will see a standard dialog to follow:

$ stunnel -n smtp -c -r 192.168.1.15:25
220 smtp.example.com ESMTP Sendmail 8.13.1/8.14.5/it-rhel5-mimedefang-smtp-1.4; Mon, 19 Mar 2012 06:29:59 -0700
ehlo example.com
250-smtp.example.com Hello xxxxxx [xxxxxx], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE 600000000
250-DSN
250-ETRN
250-AUTH LOGIN PLAIN
250-DELIVERBY
250 HELP

If the server does not allow SMTP over TLS, or is having other configuration problems, you will not be presented with an SMTP dialog:

$ stunnel -n smtp -c -r 192.168.1.24:25
220 SMTP Server Ready
ehlo example.com

this does not appear to be working...

^C
$


PS The following site has excellent tests as well: http://www.checktls.com/tests.html

Cool!