Tutorials

How to Test SMTP Connections (Ports 25, 465, 587)

Can't send email? The problem might be a blocked port or a broken SMTP connection. This guide shows you how to test SMTP on ports 25, 465, and 587 using simple tools.

By Shane
How to Test SMTP Connections (Ports 25, 465, 587)

You've set up your email server, configured everything, but emails aren't going out. Before you start changing configs and DNS records, the first thing to check is whether your SMTP connections are actually working. A blocked port or a misconfigured firewall can stop everything.

This guide shows you how to test SMTP connections on the three main ports used for email sending.

Understanding SMTP Ports

There are three ports commonly used for SMTP, and each serves a different purpose:

Port 25 — Server-to-Server Email

This is the standard port for SMTP. When your email server sends a message to Gmail or Yahoo, it connects to their servers on port 25. This is the port PowerMTA uses for outbound delivery.

Many cloud providers block port 25 by default to prevent spam. If you can't send email, this is the first thing to check.

Port 465 — SMTP over SSL (SMTPS)

Port 465 uses implicit SSL/TLS encryption. The connection is encrypted from the very start. This port was originally deprecated but has been re-standardized. It's commonly used for email client submissions.

Port 587 — Email Submission (STARTTLS)

Port 587 is the standard port for email submission from clients (like Outlook or Thunderbird) to your server. It starts as a plain text connection and upgrades to encrypted using STARTTLS. This is the recommended port for authenticated email submission.

Method 1: Testing with Telnet

Telnet is the simplest way to test if an SMTP port is open and responding. It comes pre-installed on most Linux systems.

Test Port 25

telnet smtp.gmail.com 25

If the connection works, you'll see something like:

Trying 142.250.x.x...
Connected to smtp.gmail.com.
Escape character is '^]'.
220 mx.google.com ESMTP ready

If you see Connection refused or the connection hangs, port 25 is blocked either on your end or the destination.

Test Port 587

telnet smtp.gmail.com 587

You should see a similar 220 greeting. Type EHLO test to see the server's capabilities:

EHLO test

The server will respond with a list of supported features, including STARTTLS if encryption is available.

Test Your Own Server

# From another machine, test your server
telnet YOUR_SERVER_IP 25

# Test locally
telnet localhost 25

If telnet connects locally but not from outside, your firewall is blocking the port.

Method 2: Testing with OpenSSL

For encrypted connections (ports 465 and 587 with STARTTLS), you need OpenSSL instead of telnet.

Test Port 465 (Implicit SSL)

openssl s_client -connect smtp.gmail.com:465

This establishes an SSL connection immediately. You'll see certificate information followed by the SMTP greeting.

Test Port 587 (STARTTLS)

openssl s_client -connect smtp.gmail.com:587 -starttls smtp

The -starttls smtp flag tells OpenSSL to start a plain connection and then upgrade to TLS, which is how port 587 works.

What to Look For

In the OpenSSL output, check for:

  • Certificate chain: Shows the server's SSL certificate. If this is missing, TLS isn't configured properly.
  • Protocol version: Should show TLSv1.2 or TLSv1.3. Older versions are insecure.
  • Cipher: The encryption algorithm being used.
  • 220 greeting: The SMTP server's welcome message after the TLS handshake.

Method 3: Testing with PowerMTA

If you have PowerMTA installed, you can check its connectivity status directly:

# Check if PowerMTA is listening
sudo pmta show listeners

# Check outbound connections
sudo pmta show queues

# Check connections to a specific domain
sudo pmta show domain gmail.com

The show queues command is particularly useful. If you see emails stuck in the queue with deferral messages, it usually means there's a connection problem.

Method 4: Using nc (Netcat)

Netcat is another quick way to test port connectivity:

# Test if port is open
nc -zv smtp.gmail.com 25
nc -zv smtp.gmail.com 587
nc -zv YOUR_SERVER_IP 25

The -z flag does a scan without sending data, and -v gives verbose output. You'll get a clear "succeeded" or "failed" message.

Sending a Full Test Email via SMTP

Once you've confirmed the port is open, you can send a complete test email through the SMTP conversation. Here's how it works on port 25:

telnet YOUR_SERVER_IP 25
EHLO test.com
MAIL FROM:<test@yourdomain.com>
RCPT TO:<your-email@gmail.com>
DATA
Subject: SMTP Test
From: test@yourdomain.com
To: your-email@gmail.com

This is a test email sent via manual SMTP.
.
QUIT

Each command should return a response code. The important ones are:

  • 220 — Server ready
  • 250 — Command accepted
  • 354 — Ready for message data
  • 421 — Service not available (temporary problem)
  • 450 — Mailbox unavailable (temporary)
  • 550 — Mailbox unavailable (permanent — could be blacklisting)

Common Problems and Solutions

Port 25 Blocked by Cloud Provider

This is the most common issue. AWS, Google Cloud, Azure, and many others block port 25 by default. You need to:

  1. Submit a request to your provider to unblock port 25
  2. Explain that you're running a legitimate email server
  3. Some providers (like AWS) require you to fill out a specific form

Providers like DigitalOcean, Vultr, and Linode are generally more email-friendly and may have port 25 open by default or unblock it quickly upon request.

Firewall Blocking Connections

Check your server's firewall:

# Check if port 25 is allowed (firewalld)
sudo firewall-cmd --list-ports

# Add port 25 if missing
sudo firewall-cmd --permanent --add-port=25/tcp
sudo firewall-cmd --reload

# For iptables
sudo iptables -L -n | grep 25

TLS Certificate Issues

If OpenSSL shows certificate errors, your TLS setup needs attention. Common fixes:

  • Make sure your certificate files are readable by the PowerMTA process
  • Check that the certificate chain is complete (includes intermediate certificates)
  • Verify the certificate hasn't expired

Connection Timeouts

If connections hang without any response, the issue is usually:

  • A firewall silently dropping packets (instead of rejecting them)
  • The destination server is down
  • Network routing issues between your server and the destination

Use PMTAcore's SMTP Tools

Testing SMTP connections manually works, but it's slow and tedious — especially when you're managing multiple servers and need to test regularly.

PMTAcore's SMTP Tools let you test connections to any server on any port with a few clicks. You can test port 25, 465, and 587, verify TLS support, and send test emails — all from a visual interface.

It's part of the full PMTAcore toolkit that also includes PowerMTA management, blacklist monitoring, and DNS automation.

Download PMTAcore or see our pricing plans.

#smtp#smtp tester#smtp connection#port 25#port 465#port 587#email testing#smtp test

Related Articles

PowerMTA Installation Guide (Complete Beginner Tutorial)
TutorialsMar 10

PowerMTA Installation Guide (Complete Beginner Tutorial)

Brand new to PowerMTA? This beginner-friendly tutorial covers everything from picking a server to sending your first email. Written for people who have never touched an email server before.

Read more →
How to Install PowerMTA on AlmaLinux 8/9
TutorialsMar 10

How to Install PowerMTA on AlmaLinux 8/9

Everything you need to install PowerMTA on AlmaLinux 8 or 9. This guide walks you through server preparation, installation, and getting your first email out the door.

Read more →
How to Install PowerMTA on Rocky Linux 9 (Step-by-Step Guide)
TutorialsMar 10

How to Install PowerMTA on Rocky Linux 9 (Step-by-Step Guide)

A complete walkthrough for installing PowerMTA on Rocky Linux 9. From server prep to your first test email, this guide covers everything you need to get started.

Read more →
← Back to Blog