A while a go, I wrote down some personal rules to what I should do as an admin. First and foremost, and underlined about six times was this: Test Everything. It seems so simple, but you have to consider, if it’s not tested, and verified, it’s not working. Simple. Oh, it may be working, but it may not be. “May” is not good enough. So when I roll out a new server, I test and test and test. When I make a change, I test it. If I do reboot a server, I watch logs to make sure that the services are working. If the logs don’t show that everything is working, I manually test things.
Testing http is simple.
$ telnet localhost 80 GET / HTTP/1.1 HOST:www.example.com
Should return the website for http://www.example.com
SMTP is a little more complicated. You have to know a bit about the SMTP protocol. Testing SMTP-AUTH requires a BASE64 the username and the password.
Testing SSL is nigh impossible with telnet, so that’s where openssl s_client comes in. Again, I could use netcat, but openssl works just fine, and is already there.
$ openssl s_client -connect www.example.com:443
Gives you something like this:
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 1024 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : DHE-RSA-AES256-SHA Session-ID: 38964888A9D4EBD17FC76D033CE02C5A0710C5EBD51D51A9FC6350CC8CFE019B Session-ID-ctx: Master-Key: 3A997E182CA1E9B8C3D5314D80B0F4B98973B1FC5B6AC754BE02CDA53B686FD73D8F9329D6290BE7AC53EA3871F3099B Key-Arg : None Start Time: 1332519536 Timeout : 300 (sec) Verify return code: 18 (self signed certificate)
This includes SSL statistics, including the certificate’s status. The last line in this case shows that this is a self-signed certificate, and would generate errors After the SSL status appears, you are entered into an interactive session for issuing commands, a lot like telnet. SMTP over SSL works much the same way. You can also test TLS via the -starttls option.
So, with a little bit of knowledge, you can test both mail and http via telnet and openssl. No extra tools required.
Comments are closed.