openssl s_client -starttls smtp -connect smtp-server:port
If you get dh key too small* append --cipher 'DEFAULT:!DH'
Add -quiet to turn of verbose output
* consider to upgrading your smtp certificate https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_get_security_level.html
Authentication string needs to be base64 encoded
echo -ne "\0userid\0passwd" | base64 which gives AHVzZXJpZABwYXNzd2Q= encoded
Authentication is done by entering AUTH PLAIN AHVzZXJpZABwYXNzd2Q=
One-liner which saves user input to $str
read -rp "uid: " uid; read -rsp "pwd: " pwd; str=$(echo -e "\nEHLO server\nAUTH PLAIN $(echo -ne "\0${uid}\0${pwd}" | base64)\nquit\n"); echo; unset uid pwd
openssl s_client -starttls smtp -connect smtp-server:port < <( echo -e "${str}" )
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
verify return:1
depth=1 C = US, O = DigiCert Inc, CN = DigiCert SHA2 Secure Server CA
verify return:1
depth=0 C = Country, L = City, O = Company, OU = A, CN = *.localdomain.local
verify return:1
250 STARTTLS
250-smtp.local
250-8BITMIME
250-SIZE 21495808
250-AUTH PLAIN LOGIN
250 AUTH=PLAIN LOGIN
235 #2.0.0 OK Authenticated
221 smtp.local
Leave a comment if you found it useful ...