Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More

Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More

Services
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Security
Unlock the full power of Microsoft Security
Offensive Security
Solutions to maximize your security ROI
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats
Loading...
Loading...

INFO: How can I test email connectivity to a server?

Expand / Collapse


Question:

  • What is TELNET?
  • How can I test email connectivity to a server?
  • Are there Telnet commands specific for testing Trustwave SEG/MailMarshal?

Information:

The first step in troubleshooting protocol problems is to verify that you can establish a successful TCP connection to the host. The easiest way to test this is by using the telnet command to connect to the required port. Pinging a host is not a reliable test. The Ping utility does not tell you that the host is listening on a specific port. It is only an indication that a lower-level packet was able to find its way to the correct IP address. In addition, many companies block ping or ICMP packets from entering their networks. Telnet allows you to test exactly the same type of connection that is used to send email.

Note: With recent versions of Windows, the Telnet client is not installed by default. If necessary, use Server Manager to add the feature "Telnet Client".

You can use a Telnet utility to test the basic operation of the SEG Receiver. To get a feel for how Telnet works, try to use Telnet to connect to your SEG computer on port 25. The syntax is:

    telnet <ip_address> <port>

For example:

    telnet 127.0.0.1 25
    telnet mail.domain.tld 25 (.tld represents "top level domain")

Both of the examples above can be used (with the correct values); however, the first example is the most reliable. When addressing systems by their IP address, you eliminate the possibility of name resolution problems. The example above should bring up a Telnet window and a successful connect message indicating that you are ready to send to the host. This indicates that the host is listening on port 25, and that you can probably send an SMTP message to the host. The example above is similar to what the SEG Sender does when it connects to send email. At this point, the Sender starts sending SMTP commands to the host to initiate message transfer.

Many other protocols including POP3, IMAP4, and NNTP (Net News) work in a similar way. They include commands that are sent to the host and the replies that are expected. After you have concluded that a successful connection can be made to the correct port, you can start reviewing the actual responses given to a host when commands are issued.

The best testing method is to actually issue the commands to the host by using a Telnet command. This method is effective if you know exactly what you need to send and how to do it, or if you know what your client/server program is trying to send.

Tip: If you find you are making mistakes when typing commands in a command window, you might want to use a script file to enter the set of commands. A simple Windows Scripting File example is attached to this article. Unzip the archive, modify the WSF file as required, and then simply double-click it to run the script. The progress will display in a command window.

Basic Mail and News Protocol Command and Response Overview

All commands are terminated with a carriage return/line feed (CR/LF).

(.tld stands for top level domain, for instance "com".)

SMTP Commands

Expected Response

Description

HELO

250 OK

Initiates the conversation between hosts.

MAIL FROM: <user@domain.tld>

250 OK

Identifies who is sending the message. Include the email address between angle brackets (the brackets are required).

RCPT TO: <user@domain.tld>

250 OK

Identifies whom the message is to. Include the email address between angle brackets (the brackets are required).

DATA

354 Send Data

Identifies the start point for message data.

. (a single period)

250 OK

Identifies the end point for message data.

QUIT

221

Terminates the session.

  • The HELO command is issued and the server responds, indicating that it understands and accepts the command.
  • MAIL FROM tells the host who is sending the message. Again, the server responds successfully.
  • RCPT TO tells the host whom to deliver this message to.

POP3 Commands

Expected Response

Description

USER ntdomain/ntaccount/alias

+OK

Initiates the authentication process.

PASS password

+OK

Specifies the password for the user's account.

LIST

+OK

Lists available messages to download.

RETR Message#

The Message Text

Retrieves the message text of Message#.

DELE Message#

+OK

Deletes Message#.

QUIT

+OK

Terminates the session.

  • The USER command, followed by the appropriate logon credentials, is used to log on to the POP3 mailbox.
  • The PASS command issues the password to gain access.
  • Exchange Server returns "+OK User successfully logged on."

IMAP4 Commands

Expected Response

Description

LOGIN ntdomain/ntaccount/alias password

OK LOGIN

Logs on to the mailbox.

SELECT folder

Folder mode & OK SELECT

Selects a folder to view.

FETCH Message#

Message text & OK FETCH

Retrieves the message by Message#.

STORE Message Flags/flag

OK STORE

Marks a message for deletion or read/unread.

EXPUNGE

OK

Deletes all marked messages.

LOGOUT

OK

Terminates the session.

  • All commands issued to an IMAP4 server must be prefixed with a command identifier. The client can interpret that to keep track of command and response pairs.
  • For example, when your IMAP client issues local SELECT inbox, the server responds with local OK.
  • A NO response is given when a command is denied.

NNTP Commands

Expected Response

Description

AUTHINFO USER ntdomain/ntaccount/username

381 More Info Needed

Supplies authentication information.

AUTHINFO PASS password

281 Accepted.

Supplies password for authentication.

LIST

List Of Groups

Lists all groups available.

GROUP group

Group Specifications

Sets the current group.

ARTICLE #

Article Text

Retrieves an article by #.

QUIT

205

Terminates the session.

There are two modes of NNTP access: authenticated and anonymous. Authentication requires the first two commands listed (AUTHINFO USER and AUTHINFO PASS).

This article was previously published as:
NETIQKB2699
NETIQKB35161

 

 

 

 

 

 

 

 

 

 

 


To contact Trustwave about this article or to request support:


Rate this Article:
     

Attachments


TestReceiver.zip TestReceiver.zip (512 bytes, 1,165 views)

Add Your Comments


Comment submission is disabled for anonymous users.
Please send feedback to Trustwave Technical Support or the Webmaster
.