ipHouse Dot Logo

A while a go, I wrote down some personal rules to what I should do as an admin. First and foremost, and underlined about six times was this: Test Everything. It seems so simple, but you have to consider, if it’s not tested, and verified, it’s not working. Simple. Oh, it may be working, but it may not be. “May” is not good enough. So when I roll out a new server, I test and test and test. When I make a change, I test it. If I do reboot a server, I watch logs to make sure that the services are working. If the logs don’t show that everything is working, I manually test things.

I really don’t have a lot of tools for testing, I use two for the most part: telnet and openssl s_client. I could use netcat, but telnet is installed on every UNIX-like system I touch.

Testing http is simple.

$ telnet localhost 80
 GET / HTTP/1.1
 HOST:www.example.com

Should return the website for http://www.example.com

SMTP is a little more complicated. You have to know a bit about the SMTP protocol. Testing SMTP-AUTH requires a BASE64 the username and the password.

Testing SSL is nigh impossible with telnet, so that’s where openssl s_client comes in. Again, I could use netcat, but openssl works just fine, and is already there.

 $ openssl s_client -connect www.example.com:443

Gives you something like this:

New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
 Server public key is 1024 bit
 Secure Renegotiation IS supported
 Compression: NONE
 Expansion: NONE
 SSL-Session:
 Protocol : TLSv1
 Cipher : DHE-RSA-AES256-SHA
 Session-ID: 38964888A9D4EBD17FC76D033CE02C5A0710C5EBD51D51A9FC6350CC8CFE019B
 Session-ID-ctx:
 Master-Key: 3A997E182CA1E9B8C3D5314D80B0F4B98973B1FC5B6AC754BE02CDA53B686FD73D8F9329D6290BE7AC53EA3871F3099B
 Key-Arg : None
 Start Time: 1332519536
 Timeout : 300 (sec)
 Verify return code: 18 (self signed certificate)

This includes SSL statistics, including the certificate’s status. The last line in this case shows that this is a self-signed certificate, and would generate errors After the SSL status appears, you are entered into an interactive session for issuing commands, a lot like telnet. SMTP over SSL works much the same way. You can also test TLS via the -starttls option.

So, with a little bit of knowledge, you can test both mail and http via telnet and openssl. No extra tools required.