Tag Archives: SMTP server reply codes

SMTP server reply codes

SMTP Test and Troubleshooting Tool

Home
Leave a comment

SMTP Console Tool for Easy Tast and Troubleshooting SMTP connections

The free SMTP-Console Tool help for diagnostc and makes it easy to troubleshoot and test SMTP connections without having to enter Telnet commands. It supports both open and secure (SSL/TLS) SMTP server connections.

SMTP Test and troubleshooting Tool

The SMTP tool includes a built-in library of commands such as EHLO, MAIL FROM, RCPT TO, DATA. The free software SMTP-Console from SocketLabs for Windows can be downloaded here.

If there are problems establishing a connection or sending e-mails with an SMTP server, the error can be quickly diagnosed, the connection to the SMTP relay server can be checked and tested as follows.

SMTP errors with a mail server can be!

  • The SMTP server does not send ?
  • Communication to the SMTP server is blocked, firewall ?
  • Why did the connection to the SMTP server fail?
  • SMTP server with SMTP-Auth authentication ?
  • How to set up SSL/TLS or STARTTLS encryption ?
  • Does the server respond with the correct hostname ?
  • The SMTP server responds with an error ?

SMTP Console is a test troubleshooting tool

SMTP Console is a test troubleshooting tool

First you go to Actions – Connect in the menu to establish the connection to the SMTP server.

Actions - Connect connects to the SMTP server.

After the connection to the SMTP server has been established, a dialog can be launched by choose the EHLO or HELO command.

The SMTP server commands in the following order:

EHLO example.com
MAIL FROM:<hostmaster@example.com>
RCPT TO:<recipient@domain.net>
DATA
Body Message i.e. hello this is s test message!
.
RSET
QUIT

  After DATA enter the body message, by ending with dot (.) on a line by itself, the email proceed to sent.

Use SMTP Test and troubleshooting Tool

Use SMTP Test and troubleshooting Tool

If the SMTP server requires authentication via STARTTLS, first open a connection to the server then go to ActionsConnect, then select StartTls and choose CommandsHelo with enter eg. HELO domain.com, now go to ActionsLogin wille enter a valid user account in the User field and the password into the Password field, select AUTH-LOGIN as type. A test message can now send with run first Mail From then Rcpt To followed with Data. Enter the message and ending with dot “.” on a line by itself, finaly it appers the SMTP status code 200 Ok queued as <queue id>.

  You’ll notice that the email doesn’t have sender’s email address in it.

How to Test SMTP Server using Telnet on Port 25

The Telnet client is available in Windows, but not activated by default from Windows 10 (not installed as a feature). The Telnet Client feature is easy installed from PowerShell.

Install-WindowsFeature "Telnet-Client"

Open PowerShell as administrator to add features.

Add-WindowsFeature -Name Telnet-Client

  The earlier PowerShell command may be required.

Alternatively, the Windows CPL module can be used, this is done via the keys Win+R and enter control appwiz.cpl,,2

Telnet will use port 23 by default, you need enter a port number at the end of the open command. SMTP Server uses commonly the ports 25, 465, and 587.

Once you are connected to the SMTP server, Backspace and Delete do not work, which is unfortunate because getting the SMTP server to accept your instructions requires you to type in those Base64 values. If you make a mistake, press Return and start again.

C:\> telnet
Microsoft Telnet> set localecho
Microsoft Telnet> set logfile c:\temp\telnetlog.txt
Microsoft Telnet> OPEN smtp.server.net 25
220 smtp.server.net ESMTP
EHLO example.com
250-smtp.server.net
250-PIPELINING
250-SIZE
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN CRAM-MD5 DIGEST-MD5
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
MAIL FROM:<hostmaster@example.com>
250 2.1.0 Ok
RCPT TO:<recipient@domain.net> NOTIFY=success,failure
250 2.1.5 Ok
DATA
354 End data with <CR><LF>.<CR><LF>
Subject: test message from console

hello this is a test message!
.
250 2.0.0 Ok: queued as 98FCE1766
QUIT
221 2.0.0 Bye

You will see the message OK followed by an ID code. Your email has been sent. Check the Inbox of the email account that you sent the email to in order to confirm that the process worked.

  A blank line is needed between the Subject and the message body. Enter the message and ending with dot (.) on a line by itself, finaly it appers the SMTP status code 200 Ok queued as .

  The optional NOTIFY command specifies the particular delivery status notification (DSN) messages (also known as bounce messages, nondelivery reports, or NDRs) that the SMTP is required to provide. In this example, you’re requesting a DSN message for successful or failed message delivery.

How to use policyd-spf with Postfix

Home
Leave a comment

Sender Policy Framework (SPF) is a service deployed to avoid being identified as a spam sender

postfix-policyd-spf is a fully functional engine for SPF verification under Postfix. The daemon includes a variety of mechanisms and policy options to meet a wide variety of system requirements. postfix-policyd-spf-perl was implemented on Perl, further available on Python there is postfix-policyd-spf-python, the Python SPF module (spf) is used. As a Postfix module, it supports RFC 7208 of the Sender Policy Framework (SPF).

How to use policyd-spf with Postfix

Additional information is stored in the DNS (Domain Name System) in the form of an SPF record. This TXT-based SPF record contains specific information about authorized mail servers, Mail Transfer Agent (MTA).

How to install Postfix policyd-spf

The installation on Debian 10 and Debian 11 starts as root as follows:

$ apt install postfix-policyd-spf-python

If the Perl module is preferred, the Perl SPF-Milter can be installed as root as follows.

$ apt install postfix-policyd-spf-perl

Edit Postfix SPF master.cf for policyd-spf

After postfix-policyd-spf-python, or postfix-policyd-spf-perl is installed, we edit the configuration file of the postfix master process.

$ vi /etc/postfix/master.cf

To launch the Postfix statement with the Python SPF policy checker, add the following lines to the end of the master.cf file.

policyd-spf  unix  -       n       n       -       0       spawn
   user=policyd-spf argv=/usr/bin/policyd-spf

Use the SPF policy verification on the Perl implementation is as follows.

policyd-spf  unix  -       n       n       -       0       spawn
   user=policyd-spf argv=/usr/sbin/postfix-policyd-spf-perl

Save and close the file.

Edit Postfix SPF main.cf for policyd-spf

Next, edit the Postfix main configuration file.

$ vi /etc/postfix/main.cf

Add the following lines to the end of the main.cf file. The first line specifies the timeout setting for the Postfix Policy Agent. The following lines restrict incoming emails by checking the SPF record and rejecting unauthorized emails.

policyd-spf_time_limit = 3600
smtpd_recipient_restrictions =
   permit_mynetworks,
   permit_sasl_authenticated,
   reject_unauth_destination,
   check_policy_service unix:private/policyd-spf

Note! if check_policy_service is not the last line below the section smtpd_recipient_restrictions, then there must be a comma (,) at the end of the line. No comma on the last entry.

Save and close the file.

  Ensure that the user id policyd-spf exist by run id policyd-spf, if not exist, the system account is created as follows.

$ useradd -r -M policyd-spf -s /usr/sbin/nologin

Then restart the Postfix using systemctl. 

$ systemctl restart postfix

The next time receive an email by a domain with an SPF record in DNS. You can see the results of the SPF verification in the RAW email header. The following header indicates that the sender sent the email from an authorized host.

policyd-spf[733750]: prepend Received-SPF: Pass

The output appers when using the Perl module.

postfix/policy-spf[735983]: Policy action=PREPEND Received-SPF: pass

Verify Python and SPF

When using postfix-policyd-spf-python, Python must be available on the server, as well as the Python SPF module. The verification can be carried out as follows.

$ python3
Python 3.9.2 (default, Feb 28 2021, 17:03:44)
[GCC 10.2.1 20210110] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> help('modules')

If Python is installed on the system, the help('modules') command displays multiple modules in columns. The spf and spf_engine module is required. The Python module can be added as follows.

pip install pypolicyd-spf

Verify SPF Record

To verify the SPF TXT Record for a specific domain, run the lookup command out from linux terminal.

$ dig TXT mydomain.net +short
 "v=spf1 a mx ~all"

Using windows then run this command in the command prompt (cmd).

C:\> nslookup -type=TXT mydomain.net
 "v=spf1 a mx ~all"