Test Qmail functionalities
We first make a basic check thanks to the script qmr_inst_check
/downloads/scripts/qmr_inst_check
You should have such result :
iReboot your server to be sure all the service are started at boot time
When your server is restarted, we will check if it listen to the right ports
You should have at least the bold ones :
tcp LISTEN 0 50 127.0.0.1:3306 *:* users:(("mysqld",pid=981,fd=10)) tcp LISTEN 0 128 *:783 *:* users:(("spamd child",pid=1103,fd=5),("spamd child",pid=1102,fd=5),("/usr/sbin/spamd",pid=802,fd=5)) tcp LISTEN 0 128 *:22 *:* users:(("sshd",pid=458,fd=3)) tcp LISTEN 0 20 *:25 *:* users:(("tcpserver",pid=509,fd=3)) tcp LISTEN 0 128 :::993 :::* users:(("couriertcpd",pid=574,fd=3)) tcp LISTEN 0 128 :::995 :::* users:(("couriertcpd",pid=547,fd=3)) tcp LISTEN 0 128 :::110 :::* users:(("couriertcpd",pid=548,fd=3)) tcp LISTEN 0 128 :::783 :::* users:(("spamd child",pid=1103,fd=6),("spamd child",pid=1102,fd=6),("/usr/sbin/spamd",pid=802,fd=6)) tcp LISTEN 0 128 :::143 :::* users:(("couriertcpd",pid=569,fd=3)) tcp LISTEN 0 128 :::80 :::* users:(("apache2",pid=4626,fd=4),("apache2",pid=4625,fd=4),("apache2",pid=4624,fd=4),("apache2",pid=4623,fd=4),("apache2",pid=4621,fd=4),("apache2",pid=4611,fd=4),("apache2",pid=4610,fd=4),("apache2",pid=4609,fd=4),("apache2",pid=4608,fd=4),("apache2",pid=4607,fd=4),("apache2",pid=4603,fd=4)) tcp LISTEN 0 20 :::465 :::* users:(("sslserver",pid=513,fd=3)) tcp LISTEN 0 128 :::22 :::* users:(("sshd",pid=458,fd=4))
In this case, Qmail should now be able to send and receives e-mails.
Among couriertcpd/tcpserver/sslserver, the ports
- 25 is for SMTP
- 110 is for POP3
- 143 is for IMAP
- 465 is for SMTP-SSL
- 993 is for POP3S (POP3-SSL)
- 995 is for IMAPS (IMAP-SSL)
Receiving e-mails
You should have an answer like this :
Connected to localhost.
Escape character is '^]'.
220 servername.localdomain.tld ESMTP
mail from: <[email protected]>
250 ok
rcpt to: <[email protected]>
250 ok
data
354 go ahead
From: Test_sender <[email protected]>
To: Test_receiver <[email protected]>
Subject: Just a stupid SMTP test
Just a test !
.
250 ok 1279384489 qp 3711
quit
221 servername.localdomain.tld
Connection closed by foreign host.
This demonstrate a successful SMTP connection !
For our tests, we need to create a dummy account
/home/vpopmail/bin/vadduser [email protected] brol2
qmailctl reload
We also can create a real account
/home/vpopmail/bin/vadduser an_account@your_real_domain.tld your_account_password
qmailctl reload
You can of course do the same thing via vqadmin and qmailadmin web interfaces
"brol" is a belgian idiom that means "something useless"
You can send a test mail to an_account@your_real_domain.tld from you regular mail client. We 'll retrieve it in the next step but if you don't receive a NDR, it's probably already OK
Sending e-mail through an authentificate connection : Testing TLS
You should have an answer like this:
Connected to localhost.
Escape character is '^]'.
220 servername.domain.tld ESMTP
ehlo localhost
250-servername.domain.tld
250-STARTTLS
250-SIZE 0
250-PIPELINING
250 8BITMIME
starttls
220 ready for tls
quit
quit
In the above SMTP session, I have higlighted the important aspects in DARK RED. After you give the server the initial "ehlo localhost" command, you should get a response back that lists "250-STARTTLS", signaling that the server is in fact equipped for TLS functionality. Then, after you issue the "starttls" command, you should get the :"220 ready for tls" response if the server is able to successfully start the TLS session.
- Verify that the cert actually exists at /var/qmail/control/servercert.pem. If it's not there, go back to step 2 and repeat the cert creation step.
- Verify that the cert is owned by vpopmail:vchkpw. If it's not, then make it so like this :
chown vpopmail:vchkpw /var/qmail/control/servercert.pem
chmod 640 /var/qmail/control/servercert.pem
Now we have verified that the server supports the STARTTLS command, we can use openssl s_client to connect.
This command is equivalent to the previous sequence until the "220 ready for tls" message
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=BE/ST=Brussels/L=Brussels/O=THIBS.COM/OU=ICT/CN=fqdn/[email protected]
verify return:1
250 8BITMIME
ehlo testing
250-fqdn
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-SIZE 0
250-PIPELINING
250 8BITMIME
auth login
334 VXNlcm5hbWU6
dGVzdEB0ZXN0LmNvbQ==
334 UGFzc3dvcmQ6
YnJvbDI=
235 ok, go ahead (#2.0.0)
mail from: <[email protected]>
250 ok
rcpt to: <[email protected]>
250 ok
data
354 go ahead
From: Test_sender <[email protected]>
To: Test_receiver <[email protected]>
Subject: Just a simple SMTP TLS test
Just a TLS test !
.
250 ok 1279384489 qp 3711
quit
221 servername.localdomain.tld
Connection closed by foreign host.
As you've probably noticed, the login and password are encoded ( "dGVzdEB0ZXN0LmNvbQ==" stands for "[email protected]" and "YnJvbDI=" stands for "brol2")! You can encode yourself with the script base64
Input you string: [email protected]
Base64 encode is : dGVzdEB0ZXN0LmNvbQ==
Input you string: brol2
Base64 encode is : YnJvbDI=
Input you string: ^C (means press CTRL+C)
Test SMTP-SSL
It's nearly the same test. In this case, we use an SSL server where we connect to a different port number. We have to establish an SSL connection before the SMTP conversation even starts :
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=BE/ST=Brussels/L=Brussels/O=THIBS.COM/OU=ICT/CN=fqdn/[email protected]
verify return:1
auth login
334 VXNlcm5hbWU6
dGVzdEB0ZXN0LmNvbQ==
334 UGFzc3dvcmQ6
YnJvbDI=
235 ok, go ahead (#2.0.0)
mail from: <[email protected]>
250 ok
rcpt to: <[email protected]>
250 ok
data
354 go ahead
From: Test_sender <[email protected]>
To: Test_receiver <[email protected]>
Subject: Just a simple SMTP-SSL test
Just a SMTP-SSL test !
.
250 ok 1279384489 qp 3711
quit
221 servername.localdomain.tld
Connection closed by foreign host.
Users comments