Postfix - using Telnet to test postfix

So far, we have sent test emails using the command line.

However, there is no real feedback from these clients as to how our mail server responded - did it respond with the correct details? Note that it is possible to send/receive mail with details that are not 100% correct - leading to issues down the line.

Let's look at telnet to check the server responses to mail requests.


Telnet basics

Telnet is the most basic mail client. It does the same thing as the bigger clients you use on your workstation (such as Thunderbird, Outlook, Mail, etc) - it sends mail.

However, instead of being wrapped in a nice GUI it is a command line tool that can be used to diagnose our postfix installation (and to send mail!).

This is a primer for telnet. I won't be going into great detail of the why's and the how's of every aspect of telnet and the responses we (should) receive.

Setting up mail servers can be a complicated issue and there are some incredible large and detailed tomes and manuals available for those who need to get into the minute detail.

However, following the articles will allow you to understand the basics and know what to look for should you want more detail.

Email details

When you send an email you can use the analogy of physically posting a letter:

You greet the postman. You hand over the envelope which should have the address (recipient) and the sender's address - inside the envelope will be the actual letter, or the data.

Going with that analogy, we need a way of authenticating or confirming all those details.

Greeting

We'll start of the sequence by connecting to the mail server and greeting the postman.

On the Slice enter:

telnet mail.demoslice.com 25

This starts the telnet session on port 25.

You should receive a 220 response:

Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mail.demoslice.com ESMTP Postfix (Ubuntu)

Good.

Next we can greet the postman:

HELO test.demoslice.com

Note the test subdomain doesn't exist - it is simply a way of greeting the mail server.

The mail server should respond with a confirmation of who it is:

250 mail.demoslice.com

Envelope

Now we have greeted the postman and got the correct responses we can start to fill out the envelope for our letter.

We start by letting the server know who the sender is:

MAIL FROM:<paul@demoslice.com>

If the mail server accepts the sender address, you will get another '250' output:

250 2.1.0 Ok

Good.

Now we can sort out to whom we are sending the letter:

RCPT TO:<demo@demoslice.com>

We are hoping for a 250 response:

250 2.1.5 Ok

Again, good news.

You can add more recipients - unlike a physical letter, the same email can be sent to multiple recipients.

Data

Now we come to the 'meat' of the letter: the data.

To start the main body of the message:

DATA

The response is fairly sparse:

354 End data with <CR><LF>.<CR><LF>

Now you need to enter the subject and the body.

Note you need to physically type the word 'Subject:'

Subject: test message

Press enter/return and then you can type the body of the message:

This is the body of the message!

As when we used the 'mail' command in a previous article, we need to enter a single period (.) to indicate we have finished the body of the message.

As before, we are rather hoping for a 250 response:

.
250 2.0.0 Ok: queued as 9620FF0087

Nice.

Quit

Well, we're done with telnet for the moment so we can quit:

QUIT

This will dump you back at the bash prompt:

221 2.0.0 Bye
Connection closed by foreign host.
You have new mail in /var/mail/demo

Ooh!

I have new mail in /var/mail/demo

You have mail

Let's use the 'tail' command to read the end of the mail file:

tail -n 15 /var/mail/demo

That particular command parses the last 15 lines of the /var/mail/demo file (which is where our mail is kept).

If you don't see all of the mail as shown below, you can adjust the number of lines to, say, 20.

In my case, the output was as follows:

From paul@demoslice.com  Wed Aug  6 10:33:20 2008
Return-Path: <paul@demoslice.com>
X-Original-To: demo@demoslice.com
Delivered-To: demo@demoslice.com
Received: from test.demoslice.com (localhost [127.0.0.1])
        by mail.demoslice.com (Postfix) with SMTP id 9620FF0087
        for <demo@demoslice.com>; Wed,  6 Aug 2008 10:28:43 +0000 (UTC)
Subject: test message
Message-Id: <20080806103059.9620FF0087@mail.demoslice.com>
Date: Wed,  6 Aug 2008 10:28:43 +0000 (UTC)
From: paul@demoslice.com
To: undisclosed-recipients:;

This is the body of the message!

Well that's pretty cool.

Details

It goes without saying (even though I am going to say it) that there is far, far more to it than the basics shown above.

It is simply impossible to go into all the details of what is possible with email headers and messages, encodings and the details of telnet.

However, this introduction should show how mail works and what steps are taken when mail is sent and received.

Perhaps you can begin to see why some legitimate mail may be seen as spam email - if any of the steps above failed or gave the wrong response then warning flags are raised.

A wrong hostname will mean mail sent from the Slice does not identify itself properly. Improperly formatted addresses or message bodies can raise eyebrows and flags.

Summary

Telnet is a very simple mail client and can be used to diagnose our postfix install.

Controlled via the command line we can see if the responses from our installation are correct.

Once done, we were then able to read our mail.

Although that is well and good, it would be a bit of a annoyance having to read our mail from the command line. As such, we will look at pop and imap access in later articles.

PickledOnion

Article Comments:

danpar commented Mon Jan 19 03:07:41 UTC 2009:

Your example RCPT TO:demo@demoslice.com assumes that user demo@demoslice.com has been setup. However, in following through the tutorials, at this point, anyway, it appears that you have not indicated how to exactly setup a user on the slice.

axeman commented Thu Jan 29 10:14:58 UTC 2009:

@danpar seems like you didnt read the "preparing the slice" section; which clearly says that that you must've executed the initial slice setup under Main Menu-->Linux Distros--> Your distro name..

Ricardo Cervantes commented Thu Feb 12 21:29:32 UTC 2009:

I have a problem, i don't like receive the command messages by email,

for example: X-Cron-Env: <logname> Message-Id: <20090212212401.7982739E277@readix> Date: Thu, 12 Feb 2009 13:24:01 -0800 (PST)

ipsec_setup: Openswan IPsec apparently already running, start aborted ipsec restart 117 "SBNSV1-READIXCOL" #701: STATEQUICKI1: initiate ........

i need send email to some people, but when i active the email... this send thousand of email about command messages... How i can disable this option? Ubuntu

Joe Pum commented Sat Feb 14 02:42:41 UTC 2009:

After I tried "RCPT TO:demo@demoslice.com" using my own user and domain name I get a "Relay access denied".

Can someone tell me what is wrong?

Julien commented Fri Mar 27 02:54:57 UTC 2009:

I have the same problem than Joe Pum. Does anyone knows what can be the problem?

Andrew commented Thu Apr 02 19:20:41 UTC 2009:

Same problem as Joe Pum and Julien. (N.B. I am on CentOS, not Debian.) Any figure this out?

Andrew commented Thu Apr 02 20:37:43 UTC 2009:

Answer to Joe's & Julien's & my question: For whatever reason, postfix sees the inbound connection as coming from my external IP address rather than from localhost. Thus, because (in main.cf) mynetworks is set to 127.0.0.0/8, postfix won't allow the relay. Try adding your external IP address after 127.0.0.0/8. I have no idea whether this is secure or the correct solution, but it worked for me. Pickled Onion?

Wes G commented Mon Jul 13 01:57:39 UTC 2009:

I'm on Comcast and couldn't figure why my telnet to my server on port 25 wasn't connecting.

Comcast (and other ISPs) will block outgoing connections on port 25 and force you to use their SMTP server.

Just a heads up!

louie171 commented Tue Jul 21 10:49:32 UTC 2009:

i got to the last step but it didnt say anything about (you have mail). I set up the dns at the start of the tutorial.

I sent the mail from the domain i was on to the domain i was on.

Heres what i get at the end: 250 2.0.0 Ok: queued as 1EFF55800A QUIT 221 2.0.0 Bye Connection closed by foreign host.

koloa commented Sat Aug 22 19:16:37 UTC 2009:

hi, i was having problems earlier with telnet hanging, but after finally checking the mail logs and seeing that there were no aliases.db, all i needed to do was do newaliases. now telnet works and i get emails!

mabed commented Thu Sep 17 17:55:47 UTC 2009:

Very confused! Everything seems to work, including at the end I get

221 2.0.0 Bye Connection closed by foreign host.

But I don't get you have new mail and there is nothing under /var/mail?

Any help is appreciated.

macc commented Thu Oct 01 16:59:06 UTC 2009:

What about non-English characters?

I see error characters in spite of proper non-latin characters like ążść

brent commented Thu Oct 08 09:10:21 UTC 2009:

hi...what if there is error saying :25: No route to host) ???

can you help me please?

Teo commented Sun Jan 31 21:16:27 UTC 2010:

Very good explanation!!!

Newa commented Sun Apr 11 08:26:14 UTC 2010:

Thax dude, Its a great help for me ..!!

nice

stbn commented Thu May 20 13:07:35 UTC 2010:

great but, you forget disable telnet after finish? do you think?

Benjamin commented Tue Jul 13 00:00:19 UTC 2010:

I'm having the same 554 Relay access denied issue mentioned above. I will use the mentioned solution temporarily, but it doesn't seem that secure, as mentioned. If someone comes up with a more secure solution, please let me know.

Benjamin commented Tue Jul 13 00:18:35 UTC 2010:

Ah, nevermind, it was an issue with my myhostname setting in main.cf

Denesh commented Wed Sep 08 14:20:58 UTC 2010:

Thanks Worked for me .. Its just like you spoon fed me ;)

Lucas commented Tue Jul 05 03:44:59 UTC 2011:

I'm having the same problem with a Relay Access Denied error sending a test from telnet:

My main.cf

myhostname = myuser-slice.com alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = $mydomain mydestination = $mydomain, localhost.$mydomain, localhost relayhost = mynetworks = 127.0.0.0/8 mailboxsizelimit = 0 recipient_delimiter = + inet_interfaces = all

SSH output: telnet myuser-slice.com 25 Trying xx.xx.xx.xx... Connected to myuser-slice.com. Escape character is '^]'. 220 myuser-slice.com ESMTP Postfix (Ubuntu) HELO test.myuser-slice.com 250 myuser-slice.com MAIL TO:myuser@myuser-slice.com 501 5.5.4 Syntax: MAIL FROM:

MAIL FROM:myuser@myuser-slice.com 250 2.1.0 Ok RCPT TO:myuser@myuser-slice.com 554 5.7.1 myuser@myuser-slice.com: Relay access denied

mail.log NOQUEUE: reject: RCPT from myuser-slice.com[50.57.106.42]: 554 5.7.1 myuser@myuser-slice.com: Relay access denied; from=myuser@myuser-slice.com to=myuser@myuser-slice.com proto=SMTP helo=<demo>

I have my domains and DNS etc all set up and working.

Is there a solution for this? I couldn't find it in the forums

Jered commented Tue Jul 05 16:37:34 UTC 2011:

The "Relay access denied" message means that the mail server doesn't think you're telnetting from a server that has permission to send mail through it. Most likely your mail server is only set up to allow mail to be sent from the server itself. If that's the case and you're telnetting from your workstation, then you'll get that access denied message.

Try telnetting from the slice itself and see if that makes the error go away.

sadotmd commented Wed Aug 31 07:44:32 UTC 2011:

Another telnet uncommon usage examples are described in this whitepaper: http://www.sysadmin.md/whitepapers/Debugserverserviceswithtelnet.pdf

Jonathan commented Sun Apr 22 00:51:42 UTC 2012:

Alright, 2 hours of searching and I finally am breaking down and posting. I get

554 5.7.1 <validemailaddresshere>: Relay access denied

when I try the 'rcpt to:' command. This is part of an attempt to find out what made my dbmail/courier/postfix system stop working.

If I don't get a clue soon, I will have to attempt a complete re-install of the mail system... AAK~!, Bad responses from my customers expected!!!

Details, may not be related to this thread:

Connection refused when trying to get mail using thunderbird, with settings that worked last month.

I have not used autovaccuum on DBMail, like suggested by one post.

My DBMail database has data from recent, so perhaps it is receiving emails, but won't let me get to it?

Jered commented Tue Apr 24 20:54:30 UTC 2012:

Usually "Relay access denied" means it received mail intended for a domain it doesn't handle. That means that if the MX record for "example.com" pointed email to your server but it's not configured for that domain, any email it received "@example.com" would get that "Relay access denied" message back. You might check the "mydestination" setting in postfix to make sure it lists all domains it should received email for.

Imperdopejeda commented Wed May 08 12:30:09 UTC 2013:

Child Abuse Hotline Ad Uses Photographic Trick That Makes It Visible Only To Children

A Spanish organization called Fundación ANAR, or Aid to Children and Adolescents at Risk, created a bus-stop advertisement in April that features the group's hotline number for children to report abuse. But by using a process called lenticular photography, the company made the hotline number, and much of the ad's content, visible only to those under a certain height -- presumably children.

Lenticular photography allows companies to create an image in a way that lets viewers see one of several different photos, depending on where they're standing. In the case of ANAR's ad, anyone taller than 4 feet 5 inches -- the average height of a 10-year-old, according to the group -- would see a picture of a boy with an unmarked face and the following message: "Sometimes, child abuse is only visible to the child suffering it." Anyone under that height would see an image of the boy with a bruised face, the organization's hotline number (116-111) in white text, and the message, "If somebody hurts you, phone us and we'll help you."

Read more about it

Want to comment?


(not made public)

(optional)

(use plain text or Markdown syntax)