• How to verify that SSL for IMAP/POP3/SMTP works and a proper SSL certificate is in use

Using a Linux server

Any Linux server can be used for these tests. If you do not have a Linux server, use the online checkers above.

To verify SSL, connect to any Linux server via SSH and use the instructions below:

IMAP via SSL uses port 993:

Connect to a mail server using openssl:

openssl s_client -showcerts -connect mail.example.com:993

Check output and make sure that a valid certificate is shown:

Server certificate
subject=/OU=Domain Control Validated/OU=PositiveSSL/CN=mail.example.com
issuer=/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=PositiveSSL CA 2

Make sure that you received IMAP server response:

  • OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT > QUOTA AUTH=CRAM-MD5 AUTH=PLAIN IDLE ACL ACL2=UNION] Courier-IMAP ready. Copyright 1998-2004 Double > Precision, Inc. See COPYING for distribution information.

POP3 via SSL uses port 995:

Connect to a mail server using openssl:

openssl s_client -showcerts -connect mail.example.com:995

Check output and make sure that a valid certificate is shown:

Server certificate
subject=/OU=Domain Control Validated/OU=PositiveSSL/CN=mail.example.com
issuer=/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=PositiveSSL CA 2

Make sure that you received POP3 server response:

+OK Hello there. 1793.1385684315@localhost.localdomain

SMTP via SSL uses port 465:

Connect to a mail server using openssl:

openssl s_client -showcerts -connect mail.example.com:465

Check output and make sure that a valid certificate is shown:

Server certificate
subject=/OU=Domain Control Validated/OU=PositiveSSL/CN=mail.example.com
issuer=/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=PositiveSSL CA 2

Make sure that you received SMTP server response:

220 mail.example.com ESMTP Postfix

SMTP via TLS/StartTLS uses port 25 or 587 (The submission port should be enabled in Plesk):

Connect to a mail server using openssl:

openssl s_client -starttls smtp -showcerts -connect mail.example.com:25

Check output and make sure that a valid certificate is shown:

Server certificate
subject=/OU=Domain Control Validated/OU=PositiveSSL/CN=mail.example.com
issuer=/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=PositiveSSL CA 2

Make sure that you received SMTP server response:

250 DSN


This article was last modified: Nov. 5, 2019, 11:41 a.m.

0 Comments

Please log in to leave a comment.

Add or change tags.

A comma-separated list of tags.

Share

Hacker News

Top