Testing an SMTP server with netcat
Occasionally someone will claim that some service for which I am responsible is faulty in some way. I want to be able to say "my tests suggest that everything is okay at the moment, what can you show me that suggests that it is misbehaving?".
The criterion for SMTP servers is: "Is this MTA accepting and transferring mail as it should?". So the strategy is to determine a list of origin/destination tuples for which the MTA should transfer messages and verify whether it does in fact accept them and then deliver them.
In choosing a test process for my MTA, I am guided by 2 factors:
- Ease/simplicity. The test should be as automated and simple as possible.
- Correctness. The test should accurately answer the question.
For maximum simplicity, I want to interface directly with the system in question, so ncat [1] is an excellent tool choice. Unlike a regular MUA, it allows me to use handcrafted SMTP and unlike telnet, it can be easily automated.
- ::
- ncat <hostname> <port> < /path/to/protocol/text
So if I'm attempting to assess whether mail.allgoodbits.org is accepting mail for www@allgoodbits.org, I can use the following command:
ncat -C mail.allgoodbits.org 25 < to_www_allgoodbits_org.txt
where to_www_allgoodbits_org.txt looks like:
EHLO hostname MAIL FROM: test@allgoodbits.org RCPT TO: www@allgoodbits.org DATA From: A tester <test@allgoodbits.org> To: <www@allgoodbits.org> Date: date Subject: A test message from hostname Delete me, please . QUIT
For more automation, run the test message through a perl script to substitute the placeholders. It might look like this:
#!/usr/bin/env perl
# call me subsitute.pl
use strict;
use warnings;
use Sys::Hostname;
while (<>) {
my $date = `date "+%a, %d %b %Y %H:%M:%S %z"`;
chomp($date);
$_ =~ s/date/$date/;
my $hostname = hostname();
$_ =~ s/hostname/$hostname/;
print $_;
}
Use it like this:
perl substitute.pl < message_template.txt | ncat -C mail.allgoodbits.org 25
Improvements
- If it's an MX for receiving messages, send a test message to each domain that it should receive for.
- Consider TLS/SSL
- Consider SMTP-Auth
- Consider connecting from multiple locations
| [1] | ncat comes with the network exploration and security auditing tool, nmap, and is an improved version of netcat. If ncat is not available netcat might be available as /usr/bin/nc on many Linux and BSD systems or possibly found as /usr/bin/netcat. |