Telnet to secured port or SSL port 465 or 933 or 995
Introduction
Secure email communication is essential for protecting sensitive data and ensuring reliable mail delivery. Mail servers commonly use SSL/TLS encryption on specific ports to provide secure connections for SMTP, IMAP, and POP3 services. When users experience issues sending or receiving emails, one of the first troubleshooting steps is to verify whether these SSL ports are open and functioning properly.
The openssl s_client command is a powerful and simple tool that allows system administrators and hosting users to test secure mail ports directly from the command line. By using this command, you can confirm whether the mail server is responding correctly, whether SSL certificates are properly installed, and whether firewall or service-related issues are blocking the connection.
In this guide, we will learn how to check the status of commonly used secure mail ports — 465 (SMTP SSL), 993 (IMAP SSL), and 995 (POP3 SSL) — using OpenSSL commands.
Why SSL Ports Matter
Secure mail ports encrypt the connection between the email client and the mail server. This prevents unauthorized access to sensitive information such as usernames, passwords, and email content.
Common SSL/TLS mail ports include:
| Service | Port | Purpose |
|---|---|---|
| SMTP SSL | 465 | Sending emails securely |
| IMAP SSL | 993 | Receiving and managing emails securely |
| POP3 SSL | 995 | Downloading emails securely |
If any of these ports are blocked, closed, or misconfigured, users may experience connection failures in email applications like Outlook, Thunderbird, or mobile mail apps.
Commands to Check SSL Ports
Use the following commands in your terminal or SSH session to verify whether the SSL ports are working correctly.
Check SMTP SSL Port (465)
openssl s_client -quiet -connect mail.thespirals.com:465Purpose
This command checks whether the SMTP SSL service is active and accepting secure connections on port 465.
Successful Connection
If the port is working, you will see output similar to:
CONNECTED(00000003)depth=2 ...220 mail.thespirals.com ESMTPFailed Connection
If the port is blocked or unavailable, you may see errors such as:
Connection refusedconnect:errno=111or
Connection timed outCheck IMAP SSL Port (993)
openssl s_client -quiet -connect mail.thespirals.com:993Purpose
This command verifies whether the IMAP secure service is running properly on port 993.
Successful Response Example
CONNECTED(00000003)* OK IMAP4 readyThis confirms that the IMAP SSL service is active and functioning.
Check POP3 SSL Port (995)
openssl s_client -quiet -connect mail.thespirals.com:995Purpose
This command tests the POP3 secure mail service on port 995.
Successful Response Example
CONNECTED(00000003)+OK POP3 server readyThis indicates that the POP3 SSL port is working correctly.
Additional Troubleshooting Tips
If the ports are not working properly, try the following:
1. Check Firewall Rules
Ensure the required ports are open in the server firewall.
Example for CSF firewall:
465,993,9952. Verify Mail Services
Check whether the mail services are running.
For Exim:
service exim statusFor Dovecot:
service dovecot status3. Restart Mail Services
service exim restartservice dovecot restart4. Confirm DNS Records
Make sure the mail hostname points to the correct server IP address.
Example:
mail.thespirals.comBenefits of Using OpenSSL for Port Testing
- Simple and fast troubleshooting
- Verifies SSL certificate installation
- Confirms secure connectivity
- Helps diagnose firewall and service issues
- Works on Linux, macOS, and Windows (via OpenSSL tools)
Conclusion
Testing SSL ports using the openssl s_client command is an effective way to verify whether secure mail services are functioning correctly. By checking ports 465, 993, and 995, administrators can quickly identify connectivity problems, SSL issues, or firewall restrictions affecting email services.
Regularly testing mail server ports helps ensure secure and uninterrupted email communication for users and clients.
