Exchange Microsoft Servers Intermediário

Como Verify You Can Connect to an SMTP Server: Complete Testing Guide

12 de maio de 2009

12 min de leitura

Recente

|---|---|---| | 25 | SMTP | None (or STARTTLS optional) | Server-to-server relay | | 465 | SMTPS | Implicit TLS/SSL | Authenticated submission (re-standardized in RFC 8314) | | 587 | SMTP Submission |” - name: “Method 1: Testes with Telnet” text: “Telnet provides the most direct way to test SMTP connectivity and manually walk through an SMTP conversation. It allows you to see the exact server responses at each step.” - name: “Enabling Telnet on Windows” text: “Telnet is not installed by default on modern Windows versions. Enable it first:” - name: “Basic SMTP Conversation via Telnet” text: “Once connected, you will see the server’s banner. Then manually type each SMTP command:” - name: “Key SMTP Commands Explained” text: ”| Command | Purpose | |---|---| | EHLO / HELO | Identifies the client to the server and requests supported extensions | | MAIL FROM: | Specifies the sender envelope address | | RCPT TO: | Specifies the recipient envelope address | | DATA | Begins the” - name: “Method 2: Testes with PowerShell” text: “PowerShell provides several built-in methods for SMTP testing that do not require telnet.” - name: “Test-NetConnection (Port Connectivity)” text: “The simplest test verifies that the TCP port is open and reachable:” - name: “Send-MailMessage (Full Email Test)” text: “Nota: Send-MailMessage is marked as obsolete in newer PowerShell versions. For production scripts, consider using the MailKit library or the System.Net.Mail.SmtpClient class directly.” - name: “Using .NET SmtpClient in PowerShell” text: “For more control over the SMTP conversation:” - name: “Raw TCP Socket Test with PowerShell” text: “For a telnet-like experience directly in PowerShell:”

When email delivery fails, the first diagnostic step is verifying that you can establish a connection to the SMTP server. Whether you are troubleshooting a broken mail flow, testing a new mail server configuration, or validating application email settings, you need reliable methods to test SMTP connectivity. This guide covers every practical approach, from basic port testing to full SMTP conversation simulations with TLS encryption.

Pré-requisitos

Before you begin testing, gather the following information:

SMTP server hostname or IP address (e.g., smtp.office365.com, mail.example.com)
SMTP port number (25, 465, or 587)
Authentication credentials if required (username and password)
TLS/SSL requirements (STARTTLS on port 587, implicit TLS on port 465, or plaintext on port 25)

Understanding SMTP Ports

Port	Protocol	Encryption	Common Use
25	SMTP	None (or STARTTLS optional)	Server-to-server relay
465	SMTPS	Implicit TLS/SSL	Authenticated submission (re-standardized in RFC 8314)
587	SMTP Submission	STARTTLS required	Authenticated client submission
2525	SMTP (alternate)	Varies	Alternative when port 25 is blocked by ISP

Method 1: Testes with Telnet

Telnet provides the most direct way to test SMTP connectivity and manually walk through an SMTP conversation. It allows you to see the exact server responses at each step.

Enabling Telnet on Windows

Telnet is not installed by default on modern Windows versions. Enable it first:

# Enable Telnet Client via PowerShell (run as Administrator)
Enable-WindowsOptionalFeature -Online -FeatureName TelnetClient

# Or via DISM
dism /online /Enable-Feature /FeatureName:TelnetClient

Basic SMTP Conversation via Telnet

# Connect to the SMTP server on port 25
telnet smtp.example.com 25

Once connected, you will see the server’s banner. Then manually type each SMTP command:

220 smtp.example.com ESMTP Postfix
EHLO testclient.local
250-smtp.example.com
250-PIPELINING
250-SIZE 10485760
250-STARTTLS
250-AUTH PLAIN LOGIN
250 8BITMIME
MAIL FROM:<sender@example.com>
250 2.1.0 Ok
RCPT TO:<recipient@example.com>
250 2.1.5 Ok
DATA
354 End data with <CR><LF>.<CR><LF>
Subject: Test Email
From: sender@example.com
To: recipient@example.com

This is a test email sent via telnet.
.
250 2.0.0 Ok: queued as ABC123DEF
QUIT
221 2.0.0 Bye

Key SMTP Commands Explained

Command	Purpose
`EHLO` / `HELO`	Identifies the client to the server and requests supported extensions
`MAIL FROM:`	Specifies the sender envelope address
`RCPT TO:`	Specifies the recipient envelope address
`DATA`	Begins the message body (end with a single `.` on a line)
`STARTTLS`	Upgrades the connection to TLS encryption
`AUTH LOGIN`	Initiates Base64-encoded authentication
`AUTH PLAIN`	Sends credentials in a single Base64-encoded string
`QUIT`	Closes the SMTP session
`RSET`	Resets the current transaction without disconnecting
`VRFY`	Verifies if a mailbox exists (often disabled for security)

Method 2: Testes with PowerShell

PowerShell provides several built-in methods for SMTP testing that do not require telnet.

Test-NetConnection (Port Connectivity)

The simplest test verifies that the TCP port is open and reachable:

# Test basic TCP connectivity to SMTP port 25
Test-NetConnection -ComputerName smtp.example.com -Port 25

# Test connectivity to submission port 587
Test-NetConnection -ComputerName smtp.office365.com -Port 587

# Test connectivity to SMTPS port 465
Test-NetConnection -ComputerName smtp.gmail.com -Port 465

# Test with detailed output
Test-NetConnection -ComputerName smtp.example.com -Port 25 -InformationLevel Detailed

Example output for a successful connection:

ComputerName     : smtp.example.com
RemoteAddress    : 203.0.113.10
RemotePort       : 25
InterfaceAlias   : Ethernet
SourceAddress    : 192.168.1.100
TcpTestSucceeded : True

Send-MailMessage (Full Email Test)

# Send a test email (plaintext, no authentication)
Send-MailMessage -From "sender@example.com" `
    -To "recipient@example.com" `
    -Subject "SMTP Test from PowerShell" `
    -Body "This is a test message sent via PowerShell Send-MailMessage." `
    -SmtpServer "smtp.example.com" `
    -Port 25

# Send a test email with authentication and TLS
$credential = Get-Credential
Send-MailMessage -From "sender@example.com" `
    -To "recipient@example.com" `
    -Subject "SMTP TLS Test" `
    -Body "This test message was sent with TLS encryption." `
    -SmtpServer "smtp.office365.com" `
    -Port 587 `
    -UseSsl `
    -Credential $credential

# Send with an attachment
Send-MailMessage -From "sender@example.com" `
    -To "recipient@example.com" `
    -Subject "Test with Attachment" `
    -Body "Please see the attached file." `
    -Attachments "C:\Reports\report.pdf" `
    -SmtpServer "smtp.example.com" `
    -Port 587 `
    -UseSsl `
    -Credential $credential

Note: Send-MailMessage is marked as obsolete in newer PowerShell versions. For production scripts, consider using the MailKit library or the System.Net.Mail.SmtpClient class directly.

Using .NET SmtpClient in PowerShell

For more control over the SMTP conversation:

# Create and send email using .NET SmtpClient
$smtpClient = New-Object System.Net.Mail.SmtpClient("smtp.example.com", 587)
$smtpClient.EnableSsl = $true
$smtpClient.Credentials = New-Object System.Net.NetworkCredential("user@example.com", "password")

$mailMessage = New-Object System.Net.Mail.MailMessage
$mailMessage.From = "sender@example.com"
$mailMessage.To.Add("recipient@example.com")
$mailMessage.Subject = "SMTP Test via .NET"
$mailMessage.Body = "This is a test email sent using System.Net.Mail.SmtpClient."

try {
    $smtpClient.Send($mailMessage)
    Write-Host "Email sent successfully." -ForegroundColor Green
} catch {
    Write-Host "Failed to send email: $($_.Exception.Message)" -ForegroundColor Red
} finally {
    $smtpClient.Dispose()
    $mailMessage.Dispose()
}

Raw TCP Socket Test with PowerShell

For a telnet-like experience directly in PowerShell:

# Manual SMTP conversation using TCP client
$tcpClient = New-Object System.Net.Sockets.TcpClient
$tcpClient.Connect("smtp.example.com", 25)
$stream = $tcpClient.GetStream()
$reader = New-Object System.IO.StreamReader($stream)
$writer = New-Object System.IO.StreamWriter($stream)
$writer.AutoFlush = $true

# Read the server banner
$response = $reader.ReadLine()
Write-Host "Server: $response"

# Send EHLO
$writer.WriteLine("EHLO testclient.local")
Start-Sleep -Milliseconds 500
while ($stream.DataAvailable) {
    $response = $reader.ReadLine()
    Write-Host "Server: $response"
}

# Send QUIT
$writer.WriteLine("QUIT")
$response = $reader.ReadLine()
Write-Host "Server: $response"

# Clean up
$reader.Close()
$writer.Close()
$tcpClient.Close()

Method 3: Testes TLS/SSL with OpenSSL

When you need to test SMTP over TLS, openssl s_client is the standard tool. It handles the TLS handshake and lets you interact with the encrypted SMTP session.

Testes STARTTLS (Port 587)

# Connect with STARTTLS on port 587
openssl s_client -connect smtp.office365.com:587 -starttls smtp

# Connect with STARTTLS and display certificate details
openssl s_client -connect smtp.example.com:587 -starttls smtp -showcerts

# Connect with a specific TLS version
openssl s_client -connect smtp.example.com:587 -starttls smtp -tls1_2

After the TLS handshake completes, you can type SMTP commands directly:

EHLO testclient.local
AUTH LOGIN
[enter Base64-encoded username]
[enter Base64-encoded password]
MAIL FROM:<sender@example.com>
RCPT TO:<recipient@example.com>
QUIT

Testes Implicit TLS (Port 465)

# Connect with implicit TLS on port 465
openssl s_client -connect smtp.gmail.com:465

# Connect and show full certificate chain
openssl s_client -connect smtp.gmail.com:465 -showcerts -servername smtp.gmail.com

SMTP AUTH LOGIN requires Base64-encoded credentials:

# Encode username and password for AUTH LOGIN
echo -n "user@example.com" | base64
# Output: dXNlckBleGFtcGxlLmNvbQ==

echo -n "MyP@ssw0rd" | base64
# Output: TXlQQHNzdzByZA==

In PowerShell:

# Base64 encode for SMTP AUTH
[Convert]::ToBase64String([Text.Encoding]::UTF8.GetBytes("user@example.com"))
[Convert]::ToBase64String([Text.Encoding]::UTF8.GetBytes("MyP@ssw0rd"))

Method 4: Port Scanning with Nmap

Nmap can identify open SMTP ports and the services running on them:

# Scan common SMTP ports
nmap -p 25,465,587,2525 smtp.example.com

# Scan with service version detection
nmap -sV -p 25,465,587 smtp.example.com

# Scan with SMTP-specific scripts
nmap --script smtp-commands -p 25 smtp.example.com

# Check for open relay (use only on your own servers)
nmap --script smtp-open-relay -p 25 smtp.example.com

# Enumerate SMTP users via VRFY/EXPN (use only on your own servers)
nmap --script smtp-enum-users -p 25 smtp.example.com

Example output:

PORT    STATE SERVICE  VERSION
25/tcp  open  smtp     Postfix smtpd
465/tcp open  smtps    Postfix smtpd
587/tcp open  smtp     Postfix smtpd

Method 5: Testes with cURL

Modern versions of cURL support SMTP, providing a convenient one-liner for sending test emails:

# Send a test email via SMTP with STARTTLS
curl --url "smtp://smtp.example.com:587" \
     --ssl-reqd \
     --mail-from "sender@example.com" \
     --mail-rcpt "recipient@example.com" \
     --user "sender@example.com:password" \
     --upload-file email.txt

# Send via SMTPS (implicit TLS on port 465)
curl --url "smtps://smtp.gmail.com:465" \
     --mail-from "sender@gmail.com" \
     --mail-rcpt "recipient@example.com" \
     --user "sender@gmail.com:app-password" \
     --upload-file email.txt

# Verbose output for debugging
curl -v --url "smtp://smtp.example.com:587" \
     --ssl-reqd \
     --mail-from "sender@example.com" \
     --mail-rcpt "recipient@example.com" \
     --user "sender@example.com:password" \
     -T email.txt

The email.txt file should contain the email headers and body:

From: sender@example.com
To: recipient@example.com
Subject: cURL SMTP Test
Date: Mon, 11 Feb 2026 12:00:00 -0500

This is a test email sent via cURL.

Common SMTP Response Codes

Understanding SMTP response codes is essential for diagnosing delivery issues:

2xx - Success

Code	Meaning
220	Service ready (server banner)
221	Service closing transmission channel
235	Authentication successful
250	Requested action completed successfully
251	User not local; will forward to the specified path

3xx - Intermediate

Code	Meaning
334	Server challenge for authentication (Base64 prompt)
354	Start mail input; end with `<CRLF>.<CRLF>`

4xx - Temporary Failure

Code	Meaning
421	Service not available (try again later)
450	Mailbox unavailable (mailbox busy or temporarily blocked)
451	Requested action aborted: local error in processing
452	Insufficient system storage

5xx - Permanent Failure

Code	Meaning
500	Syntax error, command unrecognized
501	Syntax error in parameters or arguments
502	Command not implemented
503	Bad sequence of commands
504	Command parameter not implemented
530	Authentication required
535	Authentication credentials invalid
550	Mailbox unavailable (does not exist or policy rejection)
551	User not local; please try a different path
552	Exceeded storage allocation
553	Mailbox name not allowed
554	Transaction failed (often a catch-all for policy blocks)

Solução de Problemas Problemas Comuns

Connection Refused

Error: Unable to connect to remote host: Connection refused

The SMTP service is not running on the target server.
A firewall is blocking the port.
You are using the wrong port number.
Fix: Verify the port with Test-NetConnection or nmap. Check firewall rules. Confirm the SMTP service is running.

Connection Timed Out

Error: Connection timed out

A network firewall (corporate or ISP) is blocking outbound SMTP traffic.
Many ISPs block port 25 to prevent spam. Try port 587 or 465 instead.
Fix: Test from a different network. Use port 587 with STARTTLS. Check with your ISP or network administrator.

530 Authentication Required

530 5.7.1 Client was not authenticated

The server requires authentication before accepting mail.
Fix: Provide valid credentials using AUTH LOGIN or AUTH PLAIN.

550 Relay Not Permitted

550 5.7.1 Unable to relay

The server does not allow relaying from your IP address or for the recipient domain.
Fix: Authenticate first, or configure the server to allow relaying from your IP. Ensure you are sending to a domain the server is responsible for.

TLS Handshake Failure

SSL routines:ssl3_get_record:wrong version number

You are trying STARTTLS on a port that uses implicit TLS (or vice versa).
Fix: Use openssl s_client -starttls smtp for port 587. Use openssl s_client without -starttls for port 465.

DNS Resolution Failure

If you cannot connect by hostname, verify DNS resolution first:

# Resolve SMTP server hostname
Resolve-DnsName smtp.example.com

# Look up MX records for a domain
Resolve-DnsName -Name example.com -Type MX

# On Linux/macOS
nslookup smtp.example.com
dig example.com MX

Resumo

Testes SMTP connectivity involves multiple layers: TCP port reachability, SMTP protocol conversation, authentication, and TLS encryption. Start with the simplest test (Test-NetConnection for port check) and work up to full SMTP conversation tests (telnet or OpenSSL) as needed. Use Send-MailMessage or cURL for end-to-end delivery testing. Always check the SMTP response codes to pinpoint the exact failure point. For TLS-encrypted connections, openssl s_client is the definitive diagnostic tool.

Frequently Asked Questions

How do I test SMTP connectivity without installing any extra software?

On Windows, use PowerShell's Test-NetConnection cmdlet: Test-NetConnection -ComputerName smtp.example.com -Port 25. This tests basic TCP connectivity to the SMTP port without requiring telnet or any third-party tools. For a full SMTP conversation test, use the .NET classes in PowerShell with Send-MailMessage or the System.Net.Mail.SmtpClient class.

What is the difference between SMTP ports 25, 465, and 587?

Port 25 is the standard SMTP relay port used for server-to-server communication. Port 587 is the submission port for authenticated email sending from mail clients and applications, and typically uses STARTTLS for encryption. Port 465 was originally assigned for SMTPS (implicit TLS) and has been re-standardized in RFC 8314 for authenticated submission with implicit TLS. Most modern applications should use port 587 with STARTTLS or port 465 with implicit TLS.

Why does telnet to my SMTP server connect but my application cannot send email?

A successful telnet connection only proves basic TCP connectivity on the SMTP port. Your application may still fail due to authentication requirements (the server requires AUTH LOGIN or AUTH PLAIN), TLS/SSL requirements (the server requires STARTTLS before accepting commands), SPF/DKIM/DMARC policy failures, relay restrictions (the server does not allow relaying for your IP or domain), or firewall rules that allow telnet but block the specific application traffic.