Last update to this page was in: 2019-06-18.
*Note*: This page has only a few notes about Postfix. If you want to read a more detailed guide on how to install and configure it (along with Dovecot and other servers) see:
NetBSD mail server with Postfix, BIND (for DNS), Dovecot, Pigeonhole (Sieve), SSL, DKIM and SPF
- Shows messages that are queued. This is the same as
- postcat -vq file
- Shows the content of the enqueued message.
fileis the code of the message used by Postfix, as shown by mailq.
- postqueue -p
- Same as
- postqueue -f
- Resend enqueued messages.
- Displays values of
- postconf -d
- Displays default values instead of the ones user configured.
- postsuper -d ID
- Delete queued message with ID
ID. To delete all messages, run
postsuper -d ALL.
Testing SMTP port 25
The purpose to test port 25 is to simulate one mail server sending email to
another mail server (without the need of authentication). Realize that this
example will only work if: 1. You are self testing the mail server (i.e.,
myself.com are the same server) or 2. you are
connecting from a valid mail server with reverse DNS correctly configured. If
none of this conditions are satisfied, the target server will probably not
accept the connection.
Testing SMTP (*without* SSL) is very simple. One should just use telnet to connect to the port 25::
$ telnet mail.example.com 25 Trying 18.104.22.168... Connected to mail.example.com. Escape character is '^]'. 220 example.com ESMTP Postfix
The first command to the SMTP server is the
HELO, for the old
version of SMTP without extensions). As a parameter to the
we need to tell the server who we are::
EHLO myself.com 250-example.com 250-PIPELINING 250-SIZE 31457280 250-VRFY 250-ETRN 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN
The server will tell us different extension it has. Note it listed STARTTLS, which is always used nowadays, but in this case we will let it turned off.
We now have to tell who is the sender, with the
MAIL FROM command::
MAIL FROM: email@example.com 250 2.1.0 Ok
And who we are going to send the email to with the
RCPT TO command::
RCPT TO: firstname.lastname@example.org 250 2.1.5 Ok
Finally, we start to send email data with the
DATA 354 End data with <CR><LF>.<CR><LF>
Now we can type the headers and the email body::
From: email@example.com To: firstname.lastname@example.org Subject: hi Hello. . 250 2.0.0 Ok: queued as 37DC91109BF QUIT 221 2.0.0 Bye
When you finish typing the email, tell the server you finished by inserting a
single dot in a line. The email will be queued for delivering. To close the
connection to the mail server, just type the
Note that the headers can be forged! A good mail solution will have some kind of antispam solution to deal with phishing, spams and problems related to forged emails.
Testing SMTP port 25 with STARTTLS
Testing SMTP port 25 with STARTTLS is straightforward as well, you just need
openssl instead of
$ openssl s_client -connect smtp.example.com:25 -starttls smtp
Testing SMTP authentication (submission port - 587)
Test SMTP authentication is a bit more complicated. For a more complete guide, see:
How to test SMTP Authentication and STARTTLS
We first need to format our user/password string in order to send it to the
SMTP server. Depending on the authentication method, we should pass this
string differently to the server. For the
PLAIN method, the correct form
PLAIN is the method supported everywhere, but there are others.
For different methods of authentication, see:
0 is the null byte. Also, note we are also escaping
make things more complicated, you cannot pass it this way, but you should
encode it using Base64. To do this, we can use different tools, but in this
example we are going to use Perl:
$ perl -MMIME::Base64 -e 'print encode_base64("\000username\@example.com\000password")' AHVzZXJuYW1lQGV4YW1wbGUuY29tAHBhc3N3b3Jk
It will echo the string in the Base64 form.
*Note*: Base64_ is not encryption! It is just a way to encode any string (or any
binary) with printable characters. In the
PLAIN method, we pass the
username together with the password, encoded in Base64. The
authentication method does not encrypt anything! But the different SSL
layers, like STARTTLS, do. That is why we should always use SSL, no
matter how you use it.
Once we have our Base64 string, we can start logging in the server::
$ openssl s_client -connect smtp.example.com:587 -starttls smtp
It will output some lines and, at the end (just after line
250 DSN), you
can insert commands::
EHLO example.com 250-smtp.example.com 250-PIPELINING 250-SIZE 36700160 250-ETRN 250-AUTH LOGIN PLAIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN
We can now insert our login credentials::
AUTH PLAIN AHVzZXJuYW1lQGV4YW1wbGUuY29tAHBhc3N3b3Jk 235 2.7.0 Authentication successful
At this time you can start sending commands like told in "Testing SMTP port 25".
Note that, when inserting the
MAIL FROM command, we should use the same
username that we just logged in (or else the SMTP server will complain as far
as it is well configured).