How can I test inbound starttls with a given external IP address?
Summary
What email marketers say7Marketer opinions
Email marketer from MXToolbox shares that MXToolbox offers a STARTTLS test tool where you can enter a domain name or IP address and it will check if the server supports and properly implements STARTTLS.
Email marketer from Reddit explains that you can manually test STARTTLS using telnet by connecting to port 25, issuing the EHLO command, then the STARTTLS command, and observing the server's response to verify support.
Email marketer from StackOverflow answers that you can use `openssl s_client -starttls smtp -connect example.com:25` to initiate a STARTTLS connection. Also use `-verify 9` to verify the certificate chain.
Email marketer from CheckTLS.com shares that CheckTLS offers an online tool where you can enter a domain or IP address and it will test the STARTTLS connection, providing detailed results of the handshake process and any potential issues.
Email marketer from cybersecurity.stackexchange explains the process of initiating a telnet connection, sending the 'EHLO' command, and then sending 'STARTTLS' to observe the server's response, which indicates STARTTLS support or failure.
Email marketer from Wormly shares that they offer an online SMTP test tool that includes STARTTLS testing as part of its checks. It allows you to specify a server address and it will report on the STARTTLS negotiation.
Email marketer from EmailSecurityGuru suggests using `openssl s_client -starttls smtp -connect mail.example.com:25` to check STARTTLS. Additionally, explains how to check the certificate validity using openssl
What the experts say3Expert opinions
Expert from Email Geeks shares that if you need more info than swaks gives you, then you can use `openssl s_client -brief -starttls smtp -connect ip_address:25` to get detailed information about the ciphers used and so on. Removing `-brief` will give you far more information.
Expert from Email Geeks provides an example of using openssl to test inbound starttls. They also link to a resource with further information <https://wordtothewise.com/2023/10/can-you-starttls/>.
Expert from Word to the Wise explains that you can use `openssl s_client -starttls smtp -connect your_server:25` to test STARTTLS. The article provides context around the command, and what the results mean.
What the documentation says3Technical articles
Documentation from Jetmore.org explains that SWAKS (Swiss Army Knife for SMTP) can be used to test STARTTLS by specifying the server address and port with the `--server` option, and enabling TLS with `--tls`. It also details options for specifying the TLS version.
Documentation from Nmap explains that the `smtp-starttls.nse` script can be used to check if a mail server supports STARTTLS. The script attempts to negotiate a STARTTLS connection and reports if it succeeds or fails.
Documentation from OpenSSL explains that `openssl s_client` can be used to test STARTTLS by connecting to the server and initiating the STARTTLS handshake with the `-starttls smtp` option. It provides detailed information about the TLS connection, including the cipher suite and certificate details.