UBC Physics & Astronomy
mail server testing notes

To check sendmail version:  /usr/sbin/sendmail -d0.1 -bv root
Note:we now only create home directories on the mail server for new accounts for "department members" - aka - those who will be included on the everyone@phas email list. 

Here's a code snippet from addusr:
# Set up files on mail server (for "everyone" only)
   if ( $category eq "Faculty" or $category eq "Staff" or $category eq "Postdocs" or
     $category eq "Adj-Assoc" or $category eq "Grads" or $category eq "Others" )
   {
This therefore WILL NOT include the following categories of users:
    Ugrad,     Visitor,     System,     Misc

If a Ugrad or Visitor needs/want to have an email account you just need to log onto the mail server and run the following command:

/opt/sysadmin/passwd/make_mailhome <username>

Assuming that the username has already been propagated to the mail server /etc/passwd file.

Testing Sendmail

Using telnet

  1. telnet servername portnumber
    If the command works, you receive a response from the SMTP server that is similar to the following: 
    220 site.contoso.com Microsoft Exchange Internet Mail Connector
    Note There are different versions of SMTP servers, and you may receive different responses from the receiving server. What is important is that you receive the 220 response with the FQDN of the server and the version of SMTP. Additionally, all versions of Microsoft SMTP include the term "Microsoft" in the 220 response.
  2. Start communication by typing the following command:
    EHLO test.com
    Note You can use the HELO command, but EHLO is a verb that exists in the Extended SMTP verb set. It is a good idea to use EHLO, unless you believe that there is a problem with the Extended SMTP Verbs.
    If the command is successful, you receive the following response: 
    250 OK
  3. Type the following command to tell the receiving SMTP server who the message is from: 
    MAIL FROM:Admin@test.com
    Note This address can be any SMTP address that you want, but it is a good idea to consider the following issues:
    1. Some SMTP mail systems filter messages based on the MAIL FROM: address and may not permit certain IP addresses to connect or may not permit the IP address to send e-mail to the SMTP mail system if the connecting IP address does not match the domain where the SMTP mail system resides. In this example, that domain is test.com.
    2. If you do not use a valid e-mail address when you send a message, you cannot determine if the message had a delivery problem, because the non-delivery report (NDR) cannot reach an IP address that is not valid. If you use a valid e-mail address, you receive the following response from the SMTP server: 
      250 OK - MAIL FROM Admin@test.com
  4. Type the following command to tell the receiving SMTP server whom the message is to.

    Note It is a good idea to always use a valid recipient SMTP address in the domain that you are sending to. For example, if you are sending to john@domain.com, you must be certain that john@domain.com exists in the domain. Otherwise, you will receive an NDR.

    Type the following command with the SMTP address of the person you want to send to:

    RCPT TO: User@Domain.Com
    You receive the following response: 
    250 OK - Recipient User@ Domain.Com
  5. Type the following command to tell the SMTP server that you are ready to send data: 
    DATA
    You receive the following response: 
    354 Send data. End with CRLF.CRLF
  6. You are now ready to start typing the 822/2822 section of the message. The user will see this part of the message in their inbox. Type the following command to add a subject line: 
    Subject: test message

    Press ENTER two times. You do not receive a response from this command.

    Note The two ENTER commands comply with Request for Comments (RFC) 822 and 2822. 822 commands must be followed by a blank line.

  7. Type the following command to add message body text: 
    This is a test message you will not see a response from this command.
  8. Type a period (.) at the next blank line, and then press ENTER. You receive the following response: 
    250 OK
  9. Close the connection by typing the following command: 
    QUIT
    You receive the following response: 
    221 closing connection
  10. Verify that the recipient received the message that you sent. If any error event messages appear in the application event log, or if there are problems receiving the message, check the configuration or the communication to the host. 
To make sure your sendmail binary is compiled with Milter support just run :
    * sendmail -d0.13 -bv root | grep MILTER (works for sendmail 8.10.x, 8.11.x,8.12.x).
    * or sendmail -d0.1 -bv root | grep MILTER (works for sendmail 8.12.x) 

Few Milter solutions are multi-purpose ones : most of them try to address one given need 
(virus-scanning, antispam, ...). Remember you can use several Milters (several 
INPUT_MAIL_FILTER definitions in the .mc file) if a single one does not offer all the 
features you need.

Opensource milters:
http://milter.free.fr/intro/index.html
You can display class w entries with the following command: 
echo '$=w' | sendmail -bt -d0.4
By default, class w contains localhost, the IP address 127.0.0.1, and the system's IP address(es), fully qualified domain names, and short hostnames. Entries placed in /etc/mail/local-host-names or /etc/mail/sendmail.cw are added to these default values.

Testing SMTP AUTH connections

http://qmail.jms1.net/test-auth.shtml

When setting up a mail server, one of the things you should do before you "go live" is to test it- not only to make sure things which should work, do work, but to make sure things which shouldn't work, don't.

One of the things to test is whether or not your server correctly supports the AUTH command. This command is used when a remote client wishes to identify themself as an "authenticated" user, normally so that they can use your server as an outbound mail relay. This is very handy for companies with employees who travel, or for ISPs with clients who travel.

Find your authentication information

In order to use the AUTH command, you need to know the base64-encoded version of the userid and password you will be using to authenticate to the server. Normally this would be the same as the userid and password you would use to check your mail using IMAP or POP3. This perl command (which requires the MIME::Base64 module) will do the encoding for you:

% perl -MMIME::Base64 -e 'print encode_base64("\000jms1\@jms1.net\000not.my.real.password")'
AGptczFAam1zMS5uZXQAbm90Lm15LnJlYWwucGFzc3dvcmQ=

Note: Make sure to use \0 both as the first character of what you're encoding, and as the separator between the userid and the password. There was an error with the original version of these directions- I had forgotten about needing a \0 at the beginning. Sorry all!
Another reader pointed out that perl silently interprets the "@" sign in the middle of a string and replaces it with the contents of an array with that name, if one exists... or with nothing, if not. I just did a full two-way test with my real password, and it turns out if you don't put a backslash in front of the "@" sign it won't work. Good call.
And JT Justman pointed out that if you use \0 as the separator, and the userid or password happens to start with a digit, perl will try to find and use a three-digit octal character code instead of a one-digit null byte with two normal digits behind it. Using \000 instead of just \0 prevents this from happening.

Connecting to the server

Depending on how the server is configured, you may need to use SSL or TLS before you are able to use the AUTH command. In fact, if you are able to use the AUTH command without using either SSL or TLS, you are in fact sending your userid and password over the internet in clear text. Anybody with a packet sniffer in the right spot will be able to read the base64-encoded string you send to authenticate, and it's really easy to decode that stuff- in fact the same command above will work if you change "encode_base64" to "decode_base64" (and put the encoded string between the double quotes, obviously.)

  • To connect to a normal, non-secured SMTP server on IP address 1.2.3.4, you would use this command:

    % telnet 1.2.3.4 25

  • To connect to a server which should support TLS, you may wish to verify that it does support TLS first. When you send the EHLO command, the server will respond with a list of the items it supports. If you see STARTTLS on the list, it means the server will allow you to send the STARTTLS command. Example:

    % telnet 1.2.3.4 25
    220 a.mx.jms1.net NO UCE ESMTP
    ehlo testing
    250-a.mx.jms1.net NO UCE
    250-STARTTLS
    250-PIPELINING
    250 8BITMIME
    quit

    Once you have verified that the server supports the STARTTLS command, you can use the "-starttls smtp" option of openssl s_client to connect. This makes openssl connect normally (without encryption), send a STARTTLS command, negotiate the SSL encryption, and then allow you to interact with the encrypted session. For example, to connect to a TLS-enabled SMTP servers on IP address 1.2.3.4, you would use this command:

    % openssl s_client -starttls smtp -crlf -connect 1.2.3.4:25

  • And for an SSL server (where you connect to a different port number and have to establish an SSL connection before the SMTP conversation even starts) on IP address 1.2.3.4 port 465, you would use this command:

    % openssl s_client -crlf -connect 1.2.3.4:465

Make sure the server supports AUTH

When you first connect to an SSL or TLS server, you will see the key-exchange information fly by on the screen, and the last line you see when it stops scrolling text will be the server's "banner" message, which tells the client that the server is ready to accept commands. For a non-secured connection, the first thing you see will be the banner.

When the banner is received, a normal SMTP client would send an EHLO command to the server in order to identify the client machine, as well as ask for a list of the capabilities supported by the server.

If you are using an openssl command to connect to an SSL or TLS server, make sure to enter your SMTP commands in lowercase as shown here. The openssl "s_client" command watches what you type- if you send a line of text starting with a capital "R", it will re-key the SSL layer instead of sending your command to the server... and if you send a line of text which starts with a capital "Q", it will terminate the SSL connection and exit.

220 a.mx.jms1.net NO UCE ESMTP
ehlo testing
250-a.mx.jms1.net NO UCE
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-PIPELINING
250 8BITMIME

Look at the response from your EHLO command, make sure AUTH is on the list, and that PLAIN is one of the options it supports. If it's not listed, the server will not let you send an AUTH command. This may be because the connection is not secured and the server is protecting you from sending your authentication information across the net in plain text...

Sending the AUTH command

Assuming the server supports AUTH, we will send the actual AUTH command to try and authenticate.

AUTH PLAIN AGptczFAam1zMS5uZXQAbm90Lm15LnJlYWwucGFzc3dvcmQ=
235 ok, go ahead (#2.0.0)

If you see this message, you are authenticated. If you see this one instead...

AUTH PLAIN AGptczFAam1zMS5uZXQAbm90Lm15LnJlYWwucGFzc3dvcmQ=
535 authorization failed (#5.7.0)

... then obviously it means you are not authenticated. If you were not able to authenticate, you can try another AUTH PLAIN command- although if the server is logging the traffic or running an intrusion detection system, having multiple AUTH commands in a single SMTP session is enough to raise a red flag. Be careful not to ban your test client's IP address.

Sending the message

Once you are authenticated, you may continue with a normal SMTP conversation and the server should accept any message from you, whether you are relaying to an outside domain or not. Even if you don't authenticate, the server will still accept messages from you- it just won't relay (it will act the same as if you had never entered an AUTH command at all.)

mail from: <nospam@jms1.net>
250 ok
rcpt to: <nospam@jms1.net>
250 ok
data
354 go ahead
From: John <nospam@jms1.net>
To: Nobody <nospam@jms1.net>
Subject: fnord

hail eris!
.
250 ok 1113954693 qp 29052
quit
221 a.mx.jms1.net NO UCE

Testing IMAPD
IMAPD Testing 
[root@mail root]# telnet localhost 143
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
* OK [CAPABILITY IMAP4REV1 LOGIN-REFERRALS STARTTLS AUTH=LOGIN] localhost.localdomain IMAP4rev1 2003.338rh at Thu, 27 Sep 2007 14:34:47 -0700 (PDT)
A01 CAPABILITY
* CAPABILITY IMAP4REV1 IDLE NAMESPACE MAILBOX-REFERRALS BINARY UNSELECT SCAN SORT THREAD=REFERENCES THREAD=ORDEREDSUBJECT MULTIAPPEND LOGIN-REFERRALS STARTTLS AUTH=LOGIN
A01 OK CAPABILITY completed
A02 LOGOUT
* BYE mail.phas.ubc.ca IMAP4rev1 server terminating connection
A02 OK LOGOUT completed
Connection closed by foreign host.
Testing pop 
[root@mail ~]# telnet localhost pop3
+OK dovecot ready.
user johndoe
+OK
pass password
+OK Logged in.
list
+OK 1 messages:
1 622
.
retr 1
+OK 622 octets
Return-Path: 
X-Original-To: johndoe
Delivered-To: johndoe@mail.acme.local
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
        by mail.acme.local (Postfix) with SMTP id 9729067C17
        for ; Thu, 22 Feb 2007 09:06:37 -0500 (EST)
Message-Id: <20070222140640.9729067C17@mail.acme.local>
Date: Thu, 22 Feb 2007 09:06:37 -0500 (EST)
From: johndoe@mail.acme.local
To: undisclosed-recipients:;
X-IMAPbase: 1172153557 1
Status: O
X-UID: 1
Content-Length: 5
X-Keywords:


test
.
quit
+OK Logging out.
Connection closed by foreign host.
[root@mail ~]#
Testing TLS - 17-06-09, rdp 
rap@ada:~$ openssl s_client -starttls smtp -crlf -connect smtp.phas.ubc.ca:587
CONNECTED(00000003)
depth=3 C = US, O = "The Go Daddy Group, Inc.", OU = Go Daddy Class 2 Certification Authority
verify return:1
depth=2 C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", CN = Go Daddy Root Certificate Authority - G2
verify return:1
depth=1 C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", OU = http://certs.godaddy.com/repository/, CN = Go Daddy Secure Certificate Authority - G2
verify return:1
depth=0 OU = Domain Control Validated, CN = *.phas.ubc.ca
verify return:1
---
Certificate chain
 0 s:/OU=Domain Control Validated/CN=*.phas.ubc.ca
   i:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certs.godaddy.com/repository//CN=Go Daddy Secure Certificate Authority - G2
 1 s:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certs.godaddy.com/repository//CN=Go Daddy Secure Certificate Authority - G2
   i:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./CN=Go Daddy Root Certificate Authority - G2
 2 s:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./CN=Go Daddy Root Certificate Authority - G2
   i:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
 3 s:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
   i:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgIHKzArIl0lbDANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UE
BhMCVVMxEDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAY
BgNVBAoTEUdvRGFkZHkuY29tLCBJbmMuMS0wKwYDVQQLEyRodHRwOi8vY2VydHMu
Z29kYWRkeS5jb20vcmVwb3NpdG9yeS8xMzAxBgNVBAMTKkdvIERhZGR5IFNlY3Vy
ZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjAeFw0xNDA0MTQyMjQwMDVaFw0x
ODA4MTIxNzMxMTdaMDsxITAfBgNVBAsTGERvbWFpbiBDb250cm9sIFZhbGlkYXRl
ZDEWMBQGA1UEAwwNKi5waGFzLnViYy5jYTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAK+T9PRn9qAtaKB1DjS7uw6xzUIhJX5YD6zsEog9M2PB7s6t7TqW
LqT2l/aJAIZKLZnalmJMoR2b0u8Cl8hjAhMaWW1dLeQsLp4N8LQat6xPUTICS8I1
3IYrAj8cqW2vTfZC8HORa4mMnh/yqD9AiXJc9Zu7/XCYE4yYaqhhpLXHUDM8HeDI
ek4I2SslSkoYW1P396PUSZPZ7veHMhVZpaZpCJ60P4Ci04Rg0U1FqpxCb3/RPRXC
uChcOYRolYOnbOj6fZ/kkDQMR0T5g1Vp0m+PEyLpOOfXWC/ZP45sUUDAKO7crTkm
HrMjrKRqbwX+u3MRSCmCj1uUxWqPOy7VYBMCAwEAAaOCAbAwggGsMA8GA1UdEwEB
/wQFMAMBAQAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA4GA1UdDwEB
/wQEAwIFoDA2BgNVHR8ELzAtMCugKaAnhiVodHRwOi8vY3JsLmdvZGFkZHkuY29t
L2dkaWcyczEtNDIuY3JsMFMGA1UdIARMMEowSAYLYIZIAYb9bQEHFwEwOTA3Bggr
BgEFBQcCARYraHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBvc2l0
b3J5LzB2BggrBgEFBQcBAQRqMGgwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmdv
ZGFkZHkuY29tLzBABggrBgEFBQcwAoY0aHR0cDovL2NlcnRpZmljYXRlcy5nb2Rh
ZGR5LmNvbS9yZXBvc2l0b3J5L2dkaWcyLmNydDAfBgNVHSMEGDAWgBRAwr0njsw0
gzCiM9f7bLPwtCyAzjAlBgNVHREEHjAcgg0qLnBoYXMudWJjLmNhggtwaGFzLnVi
Yy5jYTAdBgNVHQ4EFgQU70cF9ruMsWsmTEQ1l5RwbBvmV30wDQYJKoZIhvcNAQEL
BQADggEBAFgz5naeLjhoYGQja+v3u+HX/CEEiB8lTFQMDA26ghcofO++7+zENss5
Tbbs2Cph99xaMh//EIAZRxN/GKZn9CUIdzCvvp82PwxuSW34EvXXoUJRU76tHv3X
0PSd1McFiPq26eO/iMbk+ROaKwviHpTLKDHQLP4bby8E1I094bJskro6iYmc7a16
Z5Vo7mo3fIaxaZnKpuNnSY6uyWC1vOUjpIY85wBcCCYZlJGLVtja1lS6N0CjXAD6
5X5n6EBZGHRSN19TruJC/+q65d6a5FRfUq/aY/p3Alxq21j68o0jLqpDozIKh8pI
yOddBN1aZKrUKZjoZlL3Rs/GhHsufeo=
-----END CERTIFICATE-----
subject=/OU=Domain Control Validated/CN=*.phas.ubc.ca
issuer=/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certs.godaddy.com/repository//CN=Go Daddy Secure Certificate Authority - G2
---
Acceptable client certificate CA names
/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certs.godaddy.com/repository//CN=Go Daddy Secure Certificate Authority - G2
/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./CN=Go Daddy Root Certificate Authority - G2
/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
Client Certificate Types: RSA fixed DH, DSS fixed DH, RSA sign, DSA sign, ECDSA sign
Requested Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1
Shared Requested Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1
Peer signing digest: SHA512
Server Temp Key: DH, 2048 bits
---
SSL handshake has read 6652 bytes and written 566 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : DHE-RSA-AES256-GCM-SHA384
    Session-ID: 9718FC75BD24A59CA9AB5F1EA7CC2582FA6E2A489AB06E8C36E81064DA2906AF
    Session-ID-ctx: 
    Master-Key: E7FF56EA1089736F70A6C87DDF16314AA3E531CA52DE71BE57F7CBD3841ADDCD32D79163067C568DED2111CED9A971AB
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    TLS session ticket lifetime hint: 1 (seconds)
    TLS session ticket:
    0000 - 29 05 8b 3c fd cc 73 a9-98 a0 9d f2 9f ad 94 5b   )..<..s........[
    0010 - ab 6f f8 70 9b 16 44 e5-50 53 d2 64 fe 28 37 6f   .o.p..D.PS.d.(7o
    0020 - 87 88 bc 28 de b7 ca c0-ad b4 a5 c8 19 c1 3a 91   ...(..........:.
    0030 - 17 61 8f dc ad 17 6f 73-e3 1e 48 0a 4f 94 ea 07   .a....os..H.O...
    0040 - 7c 35 10 c7 91 5e 45 42-df 67 2e 72 a2 03 17 99   |5...^EB.g.r....
    0050 - 0d 42 57 f6 f3 fd 2e 16-e0 9a a7 8e 1c bf 6a 1b   .BW...........j.
    0060 - b8 8d 39 b7 25 e1 01 96-b8 4a a5 7d cf 32 ad 99   ..9.%....J.}.2..
    0070 - 25 33 a2 a7 e5 e4 df 34-30 96 ed 02 57 c9 d8 9d   %3.....40...W...
    0080 - 46 58 78 d1 e4 ad ad a8-46 dd 27 04 5f 12 05 51   FXx.....F.._..Q
    0090 - eb 72 3c ac f9 d2 be 4c-9a 7c 24 7b 89 73 be 91   .r<....L.|${.s..

    Start Time: 1497046301
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
250 HELP
ehlo localhost
250-mail.phas.ubc.ca Hello ada.phas.ubc.ca [142.103.235.80], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-AUTH DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
250-DELIVERBY
250 HELP
QUIT
DONE
Testing POP3 TLS/SSL
This is a followup to Juliet Kemp's excellent Troubleshooting Linux Servers with telnet article. This is adapted from the aging but still-excellent Linux Cookbook.

Telnet does not support any encryption. If you are protecting your POP3 sessions with TLS/SSL then you need s_client, which is part of OpenSSL. You can query both local and remote mail servers, using your own server names of course. Commands that you type are in bold:

$ openssl s_client -connect localhost.com:995
$ openssl s_client -connect remotehost.com:995

You'll see a whole lot of lines about certificates and protocols, and eventually something like this:

---
+OK Dovecot ready.

Now we know we're talking to a Dovecot server. Dovecot supports both secure POP3 and secure IMAP. Now I can give Dovecot my login. Note that if you enter an invalid username it won't tell you, but will still say +OK:


+OK Dovecot ready.
user carla
+OK
pass password
+OK Logged in.

Let's see if I have any messages:

list
+OK 2 messages:
1 1759
2 12422

Yay, two messages for me! Use the retr command to read them:

retr 1
+OK 1759 octets
[snip headers]
Date: Tue, 15 Feb 2011 11:56:48 -0800
From: Mom
To: carla@example.com
Subject: dinner this weekend
[snip message-id]

Hello Little Carla,

We're having a little get-together this weekend and hope you can come. Bring your fabulous chicken skewers.

Love,
the Mama

To read the second message type retr 2. To delete messages type dele followed by the message number, for example dele 1. Messages are not really deleted until you type quit, so you can change your mind and un-delete with the rset command, which un-deletes all messages marked for deletion.

You may need to use the domain name on a remote server to log in, for example user carla@example.com. RFC 1939 contains a complete listing of POP3 commands.

Testing IMAP TLS/SSL
This is how to talk to an IMAP server over TLS/SSL. Again, commands that you type are in bold, and remember to use your own server name and login:

$ openssl s_client -connect localhost.com:993
CONNECTED(00000003)
[snip mass certificate and protocol lines]
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE AUTH=PLAIN AUTH=LOGIN] Dovecot ready.

login carla password
a001 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT IDLE CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS QUOTA] Logged in

Hurrah, we're in! Now let's list mailboxes:

a002 list "" "*"
* LIST (\HasChildren) "." "INBOX"
* LIST (\HasNoChildren) "." "INBOX.INBOX_Trash"
* LIST (\HasNoChildren) "." "INBOX.Trash"
* LIST (\HasNoChildren) "." "INBOX.read"
* LIST (\HasNoChildren) "." "INBOX.Queue"
* LIST (\HasNoChildren) "." "INBOX.INBOX_Drafts"

And let's see what's in the Inbox:

a003 examine inbox
* FLAGS (\Answered \Flagged \Deleted \Seen \Draft Junk NonJunk)
* OK [PERMANENTFLAGS ()] Read-only mailbox.
* 10 EXISTS
* 0 RECENT
* OK [UNSEEN 1] First unseen.
* OK [UIDVALIDITY 1291459647] UIDs valid
* OK [UIDNEXT 8026] Predicted next UID
* OK [HIGHESTMODSEQ 2710] Highest
a003 OK [READ-ONLY] Select completed.

There are ten messages; let's read the body of the fourth one without the headers:

a004 4 rfc822.text
* 4 FETCH (RFC822.TEXT {857}
On Tue, 15 Feb 2011 11:44:21 -0800
Edwin Hungrytum wrote:

I hear there is going to be food this weekend-- may I come?

Thanks!
Edwin

a005 OK Fetch completed.

I'm bored with reading email this way, so it's time to go:

a005 logout
* BYE Logging out
a005 OK Logout completed.
closed

There are many different commands for listing messages, and reading headers and selected headers. Read all about them in RFC 3501.

BIOS SETUP and Boot Info:
LSI Logic Corp MPT IM BIOS
MPTBIOS-IM-5.03.07
IBM Build:
HBA
 ID
 LUN
 Vendor
 Product
0
 7
 0
 LSI
 LSI 1030 [  402] 1000E00
0
 8
 0
 IBM
 32P0032a S320 1 1
1
 7
 0
 LSI
 LSI 1030 [  402] 1000E00
BIOS Version 1.08

System Summary (from ServerGuide):
       Item                                        Details
---------------------------------------------------------------------
System serial number                               KPMH959
Machine type                                       8670
System memory                                      2550MB
Processors, processor slots                        2, 2
Date and time                                      10/04/2003, 12:01:16
System BIOS version                                1.08
ROM diagnostics build level                        15
Integrated System Management Processor             Revision 14               
ServeRAID-5i Adapter                               Firmware 5.11.05
                                                   1 Logical Drive
System Partition                                   Created
DISASTER RECOVERY
  1. Install a new server.
  2. Load RHEL - currently running RHEL AS 5.
  3. Install updates using up2date.
  4. Copy over backup files from alpha:/home/backups/mail (these files are rsync'd daily). Checklist follows:
    • /etc/aliases
    • /etc/crontab
    • /etc/exports
    • /etc/hosts
    • /etc/hosts.allow
    • /etc/named.conf
    • /etc/php.ini
    • /etc/xinetd.d/imap
    • /etc/xinetd.d/imaps
    • /etc/xinetd.d/ipop2
    • /etc/xinetd.d/ipop3
    • /etc/xinetd.d/pop3s
    • /etc/cron.daily/dirdump.cron
    • /etc/cron.daily/rsync-backup
    • /etc/cron.daily/squirrelmail.cron
    • /root/.bashrc
    • /etc/cron.d/*
    • /etc/httpd/*
    • /etc/mail/*
    • /etc/squirrelmail/*
    • /mail/mailman/*
    • /mail/slist/*
    • /opt/sysadmin/*
    • /usr/share/ssl/*
    • /usr/share/squirrelmail/plugins/*
    • /var/lib/squirrelmail/*
    • /var/named/*
    • /var/spool/cron/*
  5. Check sendmail installation
    • DO NOT START Sendmail until /mail and /var/spool/mail are in place!!
    • /mail is actually on XserveRAID so you need to mount it.
    • start sendmail and check
  6. Check certificates - should be in place from backup.  If needed, re-created or install as per below.
  7. Check web server installation - https.
  8. Check mailman installation.
  9. (install firestarter).
  10. Install Netvault. (alpha:/home/backups/netvault)
  11. Check vsftpd installation (/etc/vsftpd/vsftpd.conf).  Needed for (sqmail) vacation program.
  12. Check NFS exports to warp/hyper.
  13. Check hosts.allow file.
Additional, non-critical items to take care of:
  1. Install APCUPSD (it is in /usr/local/src which is backed up
  2. Start nscd.
 
        [root@mail root]# df -h
        Filesystem            Size  Used Avail Use% Mounted on
        /dev/sda3             9.7G  4.8G  4.4G  53% /
        /dev/sda1              99M   68M   26M  73% /boot
        /dev/sda2             9.7G   33M  9.1G   1% /chroot
        /dev/sdb1             962G  229G  723G  25% /mail
        /dev/sda6             114G   28G   81G  26% /var/spool/mail
        none                  4.0G     0  4.0G   0% /dev/shm
Chkconfig --list output:
Installation Notes
  1. When I started the DS3200/EXP3000, the Summary Fault light on the DS3200 came on. .
  2. Had to uninstall old Storage Manager software before I could reinstall the new. When reinstalling I got warnings that the config files (emwback_v03.bin, emwdata_v03.bin) shoudl be backed up because they would be overwritten. I backed them up but didn't need to use the backups for anything.
  3. Upgraded firmware and light went out.
  4. Newer firmware became available. When I tried to update it, it would not let me select the appropriate firmware file - said it wasn't valid. Turns out I had to use the standalone formware upgrade utility (/opt/IBM_DS4000/upgrade/SMfwupgrade).
  5. Used Storage Manager software to create a RAID5 array named RAID5_00 and then created a logical drive named LogicalDrive00 that used all of the array space.
  6. Used Storage Manager software to create a RAID5 array named RAID5_01 and then created a logical drive named LogicalDrive01 that used all of the array space.
  7. Download the RDAC (Redundant Disk Array Controller) driver from IBM (rdac-LINUX-09.03.0C05.0029-source.tar.gz). Unpacked, ran make clean, make, make install. Got message, MPP driver package has been successfully installed on your system. This created a new MPP initrd image. Edited boot loader configuration file, /boot/grub/menu.lst, to add a new boot menu, which uses mpp-2.6.18-92.1.18.el5.img as the initrd image. Rebooted the system for MPP to take effect. 
    New boot menu entry:
       title Red Hat Linux (2.6.18-92.1.18.el5) with MPP support
       root (hd0,0)
       kernel /vmlinuz-2.6.18-92.1.18.el5 ro root=/dev/VolGroup00/LogVol00 rhgb quiet crashkernel=128M@16M
       initrd /mpp-2.6.18-92.1.18.el5.img
  8. Installing SystemXpress updates. Downloaded updates for the x3650 into /opt/x3650/UpdateXpress_SystemPack/v1.3_RHEL5/SystemPack. Put the installer files into the same directory. Ran the installer in compare mode (./SystemPack_Installer/install201.rhel5 co) to see which updates are required.
  9. Installed Raidman version 9.
  10. Used logical volume manager to create disk volumes. I striped the two RAID5 arrays to make logical volume LogVol_Mail.  
    [0][root@mailX]$ pvdisplay
      --- Physical volume ---
      PV Name               /dev/sdc1
      VG Name               VolGrp02
      PV Size               1.06 TB / not usable 4.00 MB
      Allocatable           yes (but full)
      PE Size (KByte)       4096
      Total PE              278999
      Free PE               0
      Allocated PE          278999
      PV UUID               I3e9qz-E3GS-wvCt-jEWh-42fz-zBR5-zpoMiB

      --- Physical volume ---
      PV Name               /dev/sdd1
      VG Name               VolGrp02
      PV Size               1.06 TB / not usable 4.00 MB
      Allocatable           yes (but full)
      PE Size (KByte)       4096
      Total PE              278999
      Free PE               0
      Allocated PE          278999
      PV UUID               4Pbp59-Iar6-tCVP-33QK-8bID-rf1R-xraymc

      --- Physical volume ---
      PV Name               /dev/sdb1
      VG Name               VolGrp01
      PV Size               68.25 GB / not usable 1023.50 KB
      Allocatable           yes (but full)
      PE Size (KByte)       4096
      Total PE              17472
      Free PE               0
      Allocated PE          17472
      PV UUID               Va5a6m-A1Ij-McvW-TfD8-AQLC-bLcA-EkY0eV

      --- Physical volume ---
      PV Name               /dev/sda2
      VG Name               VolGroup00
      PV Size               68.15 GB / not usable 22.34 MB
      Allocatable           yes (but full)
      PE Size (KByte)       32768
      Total PE              2180
      Free PE               0
      Allocated PE          2180
      PV UUID               ITSSkW-OVHA-ppng-ykMc-dQKT-piL1-BdWj7Y

    [0][root@mailX]$ lvdisplay
      --- Logical volume ---
      LV Name                /dev/VolGrp02/LogVol_Mail
      VG Name                VolGrp02
      LV UUID                hzObfP-4Vym-SWt1-mXeb-a5uX-D8rJ-CL2GZ0
      LV Write Access        read/write
      LV Status              available
      # open                 1
      LV Size                2.13 TB
      Current LE             557998
      Segments               1
      Allocation             inherit
      Read ahead sectors     auto
      - currently set to     256
      Block device           253:2

      --- Logical volume ---
      LV Name                /dev/VolGrp01/LogVol_Mail_Indexes
      VG Name                VolGrp01
      LV UUID                km8BYm-Skr0-E6Wo-7xeS-eNVg-IuWr-NKxWDi
      LV Write Access        read/write
      LV Status              available
      # open                 1
      LV Size                68.25 GB
      Current LE             17472
      Segments               1
      Allocation             inherit
      Read ahead sectors     auto
      - currently set to     256
      Block device           253:3

      --- Logical volume ---
      LV Name                /dev/VolGroup00/LogVol00
      VG Name                VolGroup00
      LV UUID                KhVvaa-oQ7a-sKqZ-l5lL-ZK07-2sOT-roL1V9
      LV Write Access        read/write
      LV Status              available
      # open                 1
      LV Size                66.19 GB
      Current LE             2118
      Segments               1
      Allocation             inherit
      Read ahead sectors     auto
      - currently set to     256
      Block device           253:0

      --- Logical volume ---
      LV Name                /dev/VolGroup00/LogVol01
      VG Name                VolGroup00
      LV UUID                yUoVBH-LDxb-0wUz-9N0c-w2Sj-vEUZ-oapHbw
      LV Write Access        read/write
      LV Status              available
      # open                 1
      LV Size                1.94 GB
      Current LE             62
      Segments               1
      Allocation             inherit
      Read ahead sectors     auto
      - currently set to     256
      Block device           253:1

    [0][root@mailX]$ df -h
    Filesystem            Size  Used Avail Use% Mounted on
    /dev/mapper/VolGroup00-LogVol00
                           65G  6.2G   55G  11% /
    /dev/sda1              99M   37M   58M  39% /boot
    tmpfs                  16G     0   16G   0% /dev/shm
    /dev/mapper/VolGrp02-LogVol_Mail
                          2.1T  251G  1.8T  13% /Mail
    /dev/mapper/VolGrp01-LogVol_Mail_Indexes
                           68G  1.7G   63G   3% /MailIndexes
            
  11. [0][root@mailX]$ lsmod
    Module                  Size  Used by
    ip_conntrack_netbios_ns    36033  0 
    xt_state               35265  11 
    ip_conntrack           91237  2 ip_conntrack_netbios_ns,xt_state
    nfnetlink              40457  1 ip_conntrack
    iptable_filter         36161  1 
    ip_tables              55329  1 iptable_filter
    ip6table_filter        36033  1 
    ip6_tables             50049  1 ip6table_filter
    mptctl                 63817  0 
    autofs4                57289  2 
    sunrpc                198025  1 
    ipt_REJECT             38849  1 
    ip6t_REJECT            38849  1 
    xt_tcpudp              36417  27 
    x_tables               50377  6 xt_state,ip_tables,ip6_tables,ipt_REJECT,ip6t_REJECT,xt_tcpudp
    cpufreq_ondemand       42449  8 
    dm_multipath           52945  0 
    video                  53197  0 
    sbs                    49921  0 
    backlight              39873  1 video
    i2c_ec                 38593  1 sbs
    button                 40545  0 
    battery                43849  0 
    asus_acpi              50917  0 
    acpi_memhotplug        40133  0 
    ac                     38729  0 
    ipv6                  420609  114 ip6t_REJECT
    xfrm_nalgo             43845  1 ipv6
    crypto_api             42177  1 xfrm_nalgo
    parport_pc             62313  0 
    lp                     47121  0 
    parport                73165  2 parport_pc,lp
    ide_cd                 73697  0 
    cdrom                  68713  1 ide_cd
    serio_raw              40517  0 
    i2c_i801               41685  0 
    bnx2                  173917  0 
    i2c_core               56129  2 i2c_ec,i2c_i801
    shpchp                 70765  0 
    i5000_edac             42177  0 
    edac_mc                60193  1 i5000_edac
    pcspkr                 36289  0 
    dm_snapshot            50569  0 
    dm_zero                35265  0 
    dm_mirror              60489  0 
    dm_mod                 99481  14 dm_multipath,dm_snapshot,dm_zero,dm_mirror
    mppVhba               162016  2 
    ata_piix               54981  0 
    libata                192345  1 ata_piix
    mptsas                 69201  1 
    mptscsih               69569  1 mptsas
    scsi_transport_sas     66753  1 mptsas
    mptbase               111461  3 mptctl,mptsas,mptscsih
    aacraid               101573  5 
    mppUpper              143436  1 mppVhba
    sg                     69865  2 
    sd_mod                 56257  9 
    scsi_mod              188665  10 mptctl,mppVhba,libata,mptsas,mptscsih,scsi_transport_sas,aacraid,mppUpper,sg,sd_mod
    ext3                  167249  4 
    jbd                    93873  1 ext3
    uhci_hcd               57433  0 
    ohci_hcd               54493  0 
    ehci_hcd               65741  0
  12.   
        [root@mail root]# df -h
DS3200 Configuration Info

For more assistance contact Ron Parachoniak, rap@phas.ubc.ca ( Sysadmin )

webmaster@phas.ubc.ca [Dept. Home Page] last updated: June 28, 2005