August 28, 2014
 
 
RSSRSS feed

The Penguin's Practical Network Troubleshooting Guide, Part 2 - page 2

Tracking Down Network Congestion

  • June 13, 2006
  • By Carla Schroder

What if mtr shows a clear path to your server, but performance is still bad? Then it's time to fire up tcpdump to see what the heck is going on. (See Resources for tcpdump howtos.)

Another useful tool in your server troubleshooting kit is telnet. No, really! With telnet you can query mail, Web, and FTP servers directly and actually capture useful messages that you don't see with ordinary clients. A related command is openssl s_client, part of the OpenSSL package, for testing TLS/SSL-enabled servers.

This is how to telnet to your SMTP server and send a test message. The lines in bold are commands that you type:

$ telnet yourserver.com 25
Trying 77.88.100.222...
Connected to yourserver.com.
Escape character is '^]'.
220-host6.someserver.com ESMTP Exim 4.52 #1 Wed, 03 May 2006 19:33:34 -0400
220-We do not authorize the use of this system to transport unsolicited,

220 and/or bulk e-mail.
ehlo yourserver
250-yourserver.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-XVERP
250 8BITMIME

mail from: foober@test.net
250 Ok
rcpt to: carla@test.net
250 Ok
data
354 End data with .

Date: Wed 03, 2006
From: foober
Reply-to: foober@test.net
Message-ID: six
Subject: telnet test
Hi Carla,
Did you get this?
.
250 Ok: queued as 6069F2290C

quit
221 Bye
Connection closed by foreign host.

This shows a number of interesting things: a successful SMTP session, all the response codes, and how easy it is to spoof mail headers. See RFC 821 for an explanation of all response and error codes.

What about SSL/TLS encrypted mail sessions? No problem, just use the openssl s_client command:

$ openssl s_client -connect yourserver.com:995 

It will connect, then spit out trainloads of SSL certificate information. When it gets to

+OK POP3 host6 [cppop 20.0] at [127.0.0.1]

it is ready to accept commands. Some typical session commands are:

user [username]
pass [password]

list (lists the number of messages)
retr 1 (display message number 1)
quit

You may use the same commands for an unencrypted POP3 session, telnet yourserver.com 110.

Test your non-SSL IMAP server like this:

$ telnet yourserver.com 143

Then use these commands to login and read mail:

login [username] [password]
examine inbox
logout

Test your SSL-enable IMAP server with this command:

$ openssl s_client -connect yourserver.com:993
Sitemap | Contact Us