What are some tests you can run directly on your SMTP server to see if it is working correctly? You want to eliminate as many variables as you can, and talk directly to the server, if that's possible.
Good old telnet does the job. You also needthe mailx package installed, and Netstat.
First, run telnet on your SMTP server to see if you can talk to it. This example creates and sends a test message:
$ telnet localhost 25Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 xena.alrac.net ESMTP Postfix (Ubuntu)ehlo xena250-xena.alrac.net 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSNmail from: carla@testing.net250 2.1.0 Okrcpt to: carla@xena250 2.1.5 Okdata354 End data with <CR><LF>.<CR><LF>Date: July 4, 2007 From: testcarla Reply-to: testcarla@testing.net Message-ID: one Subject: SMTP testing Hi Carla, If you can read this, the SMTP server works. .250 2.0.0 Ok: queued as B2A033FBA quit 221 2.0.0 Bye Connection closed by foreign host.
Now, run mail to read your
message:
& tMessage 1: From carla@testing.net Sun Jul 15 10:46:21 2007 X-Original-To: carla@xena.alrac.net Date: July 4, 2007 From: testcarla@xena.alrac.net Reply-to: testcarla@testing.net Subject: SMTP testing To: undisclosed-recipients:; Hi Carla, If you can read this, the SMTP server works.& qSaved 1 message in /home/carla/mbox
This shows you that your name services are working, and that the SMTP server is working. If you see this instead:
$ telnet localhost 25
Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refusedThat means the server is not running, which you can confirm with Netstat:
# netstat -pant|grep :25If it returns nothing, your SMTP server is not running. This example shows a running Postfix server:
# netstat -pant|grep :25
tcp 0 127.0.0.1:25 0.0.0.0:* LISTEN 8000/masterOnce you get it running on localhost, you can test it remotely:
terry@uberpc:~$ telnet xena 25
Trying 192.168.1.10...
telnet: Unable to connect to remote host: Connection refusedNetstat already showed why you can't connect remotely—Postfix is only listening on localhost. So, you need to configure it to also listen on the LAN interface, which means you need two lines like this in main.cf:
mynetworks = 127.0.0.0/8, 192.168.1.0/24 inet_interfaces = 127.0.0.1, 192.168.1.10
Restart Postfix, and now Netstat should report this:
# netstat -pant|grep :25
tcp 0 0 192.168.1.10:25 0.0.0.0:* LISTEN 8324/master
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 8324/masterFollowing along with tcpdump as you run your other tests is helpful:
# tcpdump -pi eth0 port 25And, always check logfiles.
Other SMTP servers are configured differently, so you'll need the documentation for your own server.
To exit a telnet session early, hit Ctrl-], then Q.
Why use telnet? Because it can talk directly to the server and find out quickly if the server is operating correctly. Bypassing intermediaries is always a good first step.
This recipe also shows you how easy it is to spoof mail headers, and how careful you must be with access controls. The SMTP protocol is completely insecure as spammers discovered many years ago, so make sure that you are not providing SMTP services to the world. As with all services, it's a two-pronged approach: careful configuration of the server's own access controls, and careful firewalling. You should also consider using smtp-auth, which requires your SMTP users to authenticate themselves to your server.
Chapter 20, "Building a Postfix Mail Server," in Linux Cookbook, by Carla Schroder (O'Reilly)
Chapter 21, "Managing Spam and Malware," in Linux Cookbook
man1telnet