How to test, debug SMTP with SSL using telnet

Document ID:7014827
Creation Date:01-Apr-2014
Modified Date:04-Apr-2014
- Micro Focus Products:
  GroupWise
- SUSE Products:
  SUSE Linux Enterprise Server

Environment

Novell GroupWise 2014
Novell GroupWise 2012
Novell GroupWise 8
SUSE Linux Enterprise Server 11

Situation

How to test and debug SMTP with SSL or TLS using telnet (manually)

Resolution

From a terminal window, verify an SMTP connection works with SSL:

Enter the following (replace mail.example.com with the server address of GWIA or SMTP agent):
openssl s_client -CApath /etc/ssl/certs/ -starttls smtp -connect mail.example.com:25
Note: Certificate information will be dumped and may be useful for diagnostic information about the SSL protocol.
To verify if it is working properly, see how the SMTP agent responds to the following command:
ehlo
Note: If the SMTP agent responds with available commands, then it is working properly.

Additionally, Digicert's SSL Installation Diagnostics Tool - SSL Certificate Checker can be used.

Additional Information

Here is an example of the entire sequence working properly for a self-signed certificate:

tharris3:~ # openssl s_client -CApath /etc/ssl/certs/ -starttls smtp -connect tharris3.lab.novell.com:25
CONNECTED(00000003)
depth=0 /C=US/ST=UT/L=Provo/O=tharris/CN=tharris3.lab.novell.com/emailAddress=tharris@novell.com
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=US/ST=UT/L=Provo/O=tharris/CN=tharris3.lab.novell.com/emailAddress=tharris@novell.com
verify return:1
---
Certificate chain
0 s:/C=US/ST=UT/L=Provo/O=tharris/CN=tharris3.lab.novell.com/emailAddress=tharris@novell.com
   i:/C=US/ST=UT/L=Provo/O=tharris/CN=tharris3.lab.novell.com/emailAddress=tharris@novell.com
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDgDCCAmgCCQCTWYuG5obPojANBgkqhkiG9w0BAQUFADCBgTELMAkGA1UEBhMC
VVMxCzAJBgNVBAgTAlVUMQ4wDAYDVQQHEwVQcm92bzEQMA4GA1UEChMHdGhhcnJp
czEgMB4GA1UEAxMXdGhhcnJpczMubGFiLm5vdmVsbC5jb20xITAfBgkqhkiG9w0B
CQEWEnRoYXJyaXNAbm92ZWxsLmNvbTAeFw0xMzA2MTIxNjE0MzZaFw0xNTA2MTIx
NjE0MzZaMIGBMQswCQYDVQQGEwJVUzELMAkGA1UECBMCVVQxDjAMBgNVBAcTBVBy
b3ZvMRAwDgYDVQQKEwd0aGFycmlzMSAwHgYDVQQDExd0aGFycmlzMy5sYWIubm92
ZWxsLmNvbTEhMB8GCSqGSIb3DQEJARYSdGhhcnJpc0Bub3ZlbGwuY29tMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAspZLbTeTVaAv6dbGy+KXEssn3ioq
AmtylPdbSw512oLhgkiClbAvJktU8WhT7xOCgnO8tfJ5+AAubuEBJmHGm6rORAnM
HYR6xRjwDxKORTuSqbMIdA/NBUofWg5oWKqCtPZ2EvNRWSABJaYwEGGzBL3p7rwp
lF0I7I/7NMQvLDjlDVm6IGgvr9SzGLGDG+pjA/RaSZvk2rJDrMpNIaD1q1e22EmM
77Lk2SgKlGGByVQJKZ12zipzyCd1Su2CuYbGR6owhU7k2iyQQjS2fvWWs2WReF/f
koayCKJE+1x9ac9x2HU2rxxwqO3T9/R0rb4yAGEP7kHfkNBaFygfgy2dKwIDAQAB
MA0GCSqGSIb3DQEBBQUAA4IBAQBu3yzedEy+XSY61PtySlM/gpjiGH+fORCmi/I6
13Nwv7xJBwVeIIMho3vnHh0byrJcabloa+KLQNlC95BgcQkg2DM+/EvObf7nwA+s
ckr7FIsz2CMA9vuStO+/lewK9+jz8GBFGPqqOTaN4L751hdzBSlkgQm5wF4c5lSk
olrpIgOIHvPlse/hZrVbD10hANd/gRxQAJulCtXob3ofkMurllrjm42vPSoih2xX
1jqEhMtAvynSp5ahT5xgIDKHlcamnb9x0r8jVyJfjExciZ+en56u2NVheNzJmJuu
qptAxahoCLehm2ehqdf6c5HEk3CFHOpnjrpUV3t3FQTg+K6B
-----END CERTIFICATE-----
subject=/C=US/ST=UT/L=Provo/O=tharris/CN=tharris3.lab.novell.com/emailAddress=tharris@novell.com
issuer=/C=US/ST=UT/L=Provo/O=tharris/CN=tharris3.lab.novell.com/emailAddress=tharris@novell.com
---
No client certificate CA names sent
---
SSL handshake has read 1188 bytes and written 500 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol : TLSv1
    Cipher    : AES256-SHA
    Session-ID:
    Session-ID-ctx:
    Master-Key: 14571D4DB48655838F1AB9D5CB0A3ED7B226E852201C7AD00CDCDD3F8288F967CCD63B3B94EDBF3ED3083C715432F808
    Key-Arg   : None
    Start Time: 1396366584
    Timeout   : 300 (sec)
    Verify return code: 18 (self signed certificate)
---
250 STARTTLS
ehlo
250-tharris3.lab.novell.com
250-AUTH LOGIN
250-8BITMIME
250-SIZE
250 DSN