The Penguin's Practical Network Troubleshooting Guide, Part 2 - page 2
Tracking Down Network Congestion
mtr shows a clear path to your server, but performance is still bad? Then it's time to fire up
tcpdump to see what the heck is going on. (See Resources for
Another useful tool in your server troubleshooting kit is
telnet. No, really! With
telnet you can query mail, Web, and FTP servers directly and actually capture useful messages that you don't see with ordinary clients. A related command is
openssl s_client, part of the OpenSSL package, for testing TLS/SSL-enabled servers.
This is how to telnet to your SMTP server and send a test message. The lines in bold are commands that you type:
$ telnet yourserver.com 25 Trying 220.127.116.11... Connected to yourserver.com. Escape character is '^]'. 220-host6.someserver.com ESMTP Exim 4.52 #1 Wed, 03 May 2006 19:33:34 -0400 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail. ehlo yourserver 250-yourserver.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-XVERP 250 8BITMIME mail from: firstname.lastname@example.org 250 Ok rcpt to: email@example.com 250 Ok data 354 End data with
. Date: Wed 03, 2006 From: foober Reply-to: firstname.lastname@example.org Message-ID: six Subject: telnet test Hi Carla, Did you get this? . 250 Ok: queued as 6069F2290C quit 221 Bye Connection closed by foreign host.
This shows a number of interesting things: a successful SMTP session, all the response codes, and how easy it is to spoof mail headers. See RFC 821 for an explanation of all response and error codes.
What about SSL/TLS encrypted mail sessions? No problem, just use the
openssl s_client command:
$ openssl s_client -connect yourserver.com:995
It will connect, then spit out trainloads of SSL certificate information. When it gets to
+OK POP3 host6 [cppop 20.0] at [127.0.0.1]
it is ready to accept commands. Some typical session commands are:
user [username] pass [password] list (lists the number of messages) retr 1 (display message number 1) quit
You may use the same commands for an unencrypted POP3 session,
telnet yourserver.com 110.
Test your non-SSL IMAP server like this:
$ telnet yourserver.com 143
Then use these commands to login and read mail:
login [username] [password] examine inbox logout
Test your SSL-enable IMAP server with this command:
$ openssl s_client -connect yourserver.com:993