Guide updated on 29th of February 2016

Test Qmail functionalities


We first make a basic check thanks to the script qmr_inst_check

chmod +x /downloads/scripts/qmr_inst_check
/downloads/scripts/qmr_inst_check

You should have such result :

Congratulations, your updated Debian Qmailrocks installation looks good!

iReboot your server to be sure all the service are started at boot time

reboot

When your server is restarted, we will check if it listen to the right ports

ss -tupan | grep LISTEN

You should have at least the bold ones :

tcp    LISTEN	  0      50             127.0.0.1:3306                  *:*      users:(("mysqld",pid=981,fd=10))
tcp    LISTEN     0      128                    *:783                   *:*      users:(("spamd child",pid=1103,fd=5),("spamd child",pid=1102,fd=5),("/usr/sbin/spamd",pid=802,fd=5))
tcp    LISTEN     0      128                    *:22                    *:*      users:(("sshd",pid=458,fd=3))
tcp    LISTEN     0      20                     *:25                    *:*      users:(("tcpserver",pid=509,fd=3))
tcp    LISTEN     0      128                   :::993                  :::*      users:(("couriertcpd",pid=574,fd=3))
tcp    LISTEN     0      128                   :::995                  :::*      users:(("couriertcpd",pid=547,fd=3))
tcp    LISTEN     0      128                   :::110                  :::*      users:(("couriertcpd",pid=548,fd=3))
tcp    LISTEN     0      128                   :::783                  :::*      users:(("spamd child",pid=1103,fd=6),("spamd child",pid=1102,fd=6),("/usr/sbin/spamd",pid=802,fd=6))
tcp    LISTEN     0      128                   :::143                  :::*      users:(("couriertcpd",pid=569,fd=3))
tcp    LISTEN     0      128                   :::80                   :::*      users:(("apache2",pid=4626,fd=4),("apache2",pid=4625,fd=4),("apache2",pid=4624,fd=4),("apache2",pid=4623,fd=4),("apache2",pid=4621,fd=4),("apache2",pid=4611,fd=4),("apache2",pid=4610,fd=4),("apache2",pid=4609,fd=4),("apache2",pid=4608,fd=4),("apache2",pid=4607,fd=4),("apache2",pid=4603,fd=4))
tcp    LISTEN     0      20                    :::465                  :::*      users:(("sslserver",pid=513,fd=3))
tcp    LISTEN     0      128                   :::22                   :::*      users:(("sshd",pid=458,fd=4))

In this case, Qmail should now be able to send and receives e-mails.

Among couriertcpd/tcpserver/sslserver, the ports

Receiving e-mails

telnet localhost 25

You should have an answer like this :

Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 servername.localdomain.tld ESMTP
mail from: <[email protected]>
250 ok
rcpt to: <[email protected]>
250 ok
data
354 go ahead
From: Test_sender <[email protected]>
To: Test_receiver <[email protected]>
Subject: Just a stupid SMTP test

Just a test !
.

250 ok 1279384489 qp 3711
quit
221 servername.localdomain.tld
Connection closed by foreign host.

This demonstrate a successful SMTP connection !

For our tests, we need to create a dummy account

/home/vpopmail/bin/vadddomain test.com brol
/home/vpopmail/bin/vadduser [email protected] brol2
qmailctl reload

We also can create a real account

/home/vpopmail/bin/vadddomain your_real_domain.tld your_postmaster_password
/home/vpopmail/bin/vadduser an_account@your_real_domain.tld your_account_password
qmailctl reload

You can of course do the same thing via vqadmin and qmailadmin web interfaces

"brol" is a belgian idiom that means "something useless"

You can send a test mail to an_account@your_real_domain.tld from you regular mail client. We 'll retrieve it in the next step but if you don't receive a NDR, it's probably already OK

Sending e-mail through an authentificate connection : Testing TLS

telnet localhost 25

You should have an answer like this:

Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 servername.domain.tld ESMTP
ehlo localhost
250-servername.domain.tld
250-STARTTLS
250-SIZE 0
250-PIPELINING
250 8BITMIME
starttls
220 ready for tls
quit
quit

In the above SMTP session, I have higlighted the important aspects in DARK RED. After you give the server the initial "ehlo localhost" command, you should get a response back that lists "250-STARTTLS", signaling that the server is in fact equipped for TLS functionality. Then, after you issue the "starttls" command, you should get the :"220 ready for tls" response if the server is able to successfully start the TLS session.

If you happen to get an error that states "454 TLS not available: missing RSA private key (#4.3.0)" after you issue the "starttls" command, you will want to check 2 things:
  1. Verify that the cert actually exists at /var/qmail/control/servercert.pem. If it's not there, go back to step 2 and repeat the cert creation step.
  2. Verify that the cert is owned by vpopmail:vchkpw. If it's not, then make it so like this :
    chown vpopmail:vchkpw /var/qmail/control/servercert.pem
    chmod 640 /var/qmail/control/servercert.pem

Now we have verified that the server supports the STARTTLS command, we can use openssl s_client to connect.

openssl s_client -starttls smtp -crlf -connect localhost:25 -quiet

This command is equivalent to the previous sequence until the "220 ready for tls" message

depth=0 /C=BE/ST=Brussels/L=Brussels/O=DOMAIN.TLD/OU=ICT/CN=fqdn/[email protected]
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=BE/ST=Brussels/L=Brussels/O=THIBS.COM/OU=ICT/CN=fqdn/[email protected]
verify return:1
250 8BITMIME
ehlo testing
250-fqdn
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-SIZE 0
250-PIPELINING
250 8BITMIME
auth login
334 VXNlcm5hbWU6
dGVzdEB0ZXN0LmNvbQ==
334 UGFzc3dvcmQ6
YnJvbDI=
235 ok, go ahead (#2.0.0)
mail from: <[email protected]>
250 ok
rcpt to: <[email protected]>
250 ok
data
354 go ahead
From: Test_sender <[email protected]>
To: Test_receiver <[email protected]>
Subject: Just a simple SMTP TLS test

Just a TLS test !
.

250 ok 1279384489 qp 3711
quit
221 servername.localdomain.tld
Connection closed by foreign host.

As you've probably noticed, the login and password are encoded ( "dGVzdEB0ZXN0LmNvbQ==" stands for "[email protected]" and "YnJvbDI=" stands for "brol2")! You can encode yourself with the script base64

perl /downloads/scripts/base64

Press Enter to exit.
Input you string: [email protected]
Base64 encode is : dGVzdEB0ZXN0LmNvbQ==
Input you string: brol2
Base64 encode is : YnJvbDI=
Input you string: ^C (means press CTRL+C)

Test SMTP-SSL

openssl s_client -crlf -connect localhost:465 -quiet

It's nearly the same test. In this case, we use an SSL server where we connect to a different port number. We have to establish an SSL connection before the SMTP conversation even starts :

depth=0 /C=BE/ST=Brussels/L=Brussels/O=DOMAIN.TLD/OU=ICT/CN=fqdn/[email protected]
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=BE/ST=Brussels/L=Brussels/O=THIBS.COM/OU=ICT/CN=fqdn/[email protected]
verify return:1
auth login
334 VXNlcm5hbWU6
dGVzdEB0ZXN0LmNvbQ==
334 UGFzc3dvcmQ6
YnJvbDI=
235 ok, go ahead (#2.0.0)
mail from: <[email protected]>
250 ok
rcpt to: <[email protected]>
250 ok
data
354 go ahead
From: Test_sender <[email protected]>
To: Test_receiver <[email protected]>
Subject: Just a simple SMTP-SSL test

Just a SMTP-SSL test !
.

250 ok 1279384489 qp 3711
quit
221 servername.localdomain.tld
Connection closed by foreign host.

Test authentification


Users comments