Archive | May, 2015

How to Validate SMTP TLS Support for Email Transmission

Web Tool:

  1. Check a Domain’s SMTP TLS Support
  2. TLS Email Tests
  3. MX Diagnostics

Additional Reading:

  1. How to Tell Who Supports SMTP TLS for Email Transmission
  2. Telnet to Port 25 to Test SMTP Communication

Steps to validate SMTP Server Support for STARTTLS Using Telnet:

1. Identify MX server

2. Validate STARTTLS

Windows:

C:>nslookup
Default Server: UnKnown
Address: 192.168.131.252

> set q=mx
> luxsci.com
Server: UnKnown
Address: 192.168.131.252

Non-authoritative answer:
luxsci.com MX preference = 10, mail exchanger = luxsci.com.inbound10.mxlogic.net
luxsci.com MX preference = 15, mail exchanger = luxsci.com.inbound15.mxlogicmx.net
luxsci.com MX preference = 20, mail exchanger = luxsci.com.inbound20.mxlogicmx.net
luxsci.com MX preference = 25, mail exchanger = luxsci.com.inbound25.mxlogic.net

C:> telnet luxsci.com.inbound10.mxlogic.net 25

Trying 208.65.144.2…

Connected to luxsci.com.inbound10.mxlogic.net.

Escape character is ‘^]’.

220 p01c11m033.mxlogic.net ESMTP mxl_mta-8.2.0-3 [2ac5dfc25940.177057.00-540]; Tue, 27 Jan 2015 08:42:14 -0700 (MST); NO UCE, INBOUND (p01c11m033.mxlogic.net)

Now type “ehlo” followed by a domain name, your own domain name will work fine, and press “Enter“. If you see within the results the line, “250-STARTTLS”, then that email server is configured to support use of TLS.

Steps to validate SMTP Server Support for STARTTLS Using OpenSSL:

[[email protected] ~]$ openssl s_client -starttls smtp -connect smtp.host.com:25
CONNECTED(00000003)
didn’t found starttls in server response, try anyway…
23362:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:591: