Created at:

Modified at:

Postfix notes

Last update to this page was in: 2019-06-18.

*Note*: This page has only a few notes about Postfix. If you want to read a more detailed guide on how to install and configure it (along with Dovecot and other servers) see:

NetBSD mail server with Postfix, BIND (for DNS), Dovecot, Pigeonhole (Sieve), SSL, DKIM and SPF

Useful commands

General commands

Shows messages that are queued. This is the same as postqueue -p
postcat -vq file
Shows the content of the enqueued message. file is the code of the message used by Postfix, as shown by mailq.
postqueue -p
Same as mailq
postqueue -f
Resend enqueued messages.
Displays values of
postconf -d
Displays default values instead of the ones user configured.
postsuper -d ID
Delete queued message with ID ID. To delete all messages, run postsuper -d ALL.

Testing SMTP port 25


The purpose to test port 25 is to simulate one mail server sending email to another mail server (without the need of authentication). Realize that this example will only work if: 1. You are self testing the mail server (i.e., and are the same server) or 2. you are connecting from a valid mail server with reverse DNS correctly configured. If none of this conditions are satisfied, the target server will probably not accept the connection.

Testing SMTP (*without* SSL) is very simple. One should just use telnet to connect to the port 25::

    $ telnet 25
    Connected to
    Escape character is '^]'.
    220 ESMTP Postfix

The first command to the SMTP server is the EHLO (or HELO, for the old version of SMTP without extensions). As a parameter to the EHLO command, we need to tell the server who we are::

    250-SIZE 31457280
    250 DSN

The server will tell us different extension it has. Note it listed STARTTLS, which is always used nowadays, but in this case we will let it turned off.

We now have to tell who is the sender, with the MAIL FROM command::

    250 2.1.0 Ok

And who we are going to send the email to with the RCPT TO command::

    RCPT TO:
    250 2.1.5 Ok

Finally, we start to send email data with the DATA command::

    354 End data with <CR><LF>.<CR><LF>

Now we can type the headers and the email body::

    Subject: hi

    250 2.0.0 Ok: queued as 37DC91109BF
    221 2.0.0 Bye

When you finish typing the email, tell the server you finished by inserting a single dot in a line. The email will be queued for delivering. To close the connection to the mail server, just type the QUIT command.

Note that the headers can be forged! A good mail solution will have some kind of antispam solution to deal with phishing, spams and problems related to forged emails.

Testing SMTP port 25 with STARTTLS


Testing SMTP port 25 with STARTTLS is straightforward as well, you just need to use openssl instead of telnet::

    $ openssl s_client -connect -starttls smtp

Testing SMTP authentication (submission port - 587)


Test SMTP authentication is a bit more complicated. For a more complete guide, see:

How to test SMTP Authentication and STARTTLS

We first need to format our user/password string in order to send it to the SMTP server. Depending on the authentication method, we should pass this string differently to the server. For the PLAIN method, the correct form is::


*Note*: The PLAIN is the method supported everywhere, but there are others. For different methods of authentication, see:

SMTP Authentication

Where 0 is the null byte. Also, note we are also escaping @. To make things more complicated, you cannot pass it this way, but you should encode it using Base64. To do this, we can use different tools, but in this example we are going to use Perl:

    $ perl -MMIME::Base64 -e 'print encode_base64("\000username\\000password")'



It will echo the string in the Base64 form.

*Note*: Base64_ is not encryption! It is just a way to encode any string (or any binary) with printable characters. In the PLAIN method, we pass the username together with the password, encoded in Base64. The authentication method does not encrypt anything! But the different SSL layers, like STARTTLS, do. That is why we should always use SSL, no matter how you use it.

Once we have our Base64 string, we can start logging in the server::

    $ openssl s_client -connect -starttls smtp

It will output some lines and, at the end (just after line 250 DSN), you can insert commands::

    250-SIZE 36700160
    250 DSN

We can now insert our login credentials::

    235 2.7.0 Authentication successful

At this time you can start sending commands like told in "Testing SMTP port 25". Note that, when inserting the MAIL FROM command, we should use the same username that we just logged in (or else the SMTP server will complain as far as it is well configured).