How to Check Mail Server for SMTP Over TLS

By | 2012/03/19

Q. How can I check a server for SMTP over TLS?

It is possible to have an SMTP connection use TLS from the sending server to the receiving server to add a pinch of security. Many banks and other security-minded corporations require this to send and receive email.

To check the TLS capability of an SMTP server, telnet will not work as it does not support TLS. However you can use the command line app stunnel!

Firstly, on Debian or Ubuntu, install stunnel:

$ sudo apt-get install stunnel

Now make an SMTP connection with stunnel which will use TLS.


$ stunnel -n smtp -c -r host:25

Followed by anything that is in the format of a FQDN:


(Debian: you may have to use stunnel4 as the binary instead of stunnel)

If the connection is successful with SMTP over TLS, you will see a standard dialog to follow:

$ stunnel -n smtp -c -r
220 ESMTP Sendmail 8.13.1/8.14.5/it-rhel5-mimedefang-smtp-1.4; Mon, 19 Mar 2012 06:29:59 -0700
ehlo Hello xxxxxx [xxxxxx], pleased to meet you
250-SIZE 600000000
250 HELP

If the server does not allow SMTP over TLS, or is having other configuration problems, you will not be presented with an SMTP dialog:

$ stunnel -n smtp -c -r
220 SMTP Server Ready

this does not appear to be working...


PS The following site has excellent tests as well:


Leave a Reply

Your email address will not be published. Required fields are marked *

Notify me of followup comments via e-mail. You can also subscribe without commenting.