Email Server Testing and Troubleshooting: Complete Diagnostic Guide
Introduction
Testing and troubleshooting are essential skills for maintaining a reliable email server. Even with perfect configuration, issues inevitably arise—emails don't deliver, authentication fails, performance degrades, or mysterious errors appear in logs. The ability to quickly diagnose and resolve these problems separates operational email servers from production-ready systems.
Email troubleshooting requires systematic approaches and understanding of the complete mail flow path. When a user reports "email isn't working," the problem could be anywhere: DNS misconfiguration, authentication failures, network issues, storage problems, spam filtering, recipient server rejection, or dozens of other possibilities. Without structured diagnostic procedures, you can waste hours chasing symptoms instead of identifying root causes.
This comprehensive guide provides systematic testing methodologies, diagnostic commands, log analysis techniques, and troubleshooting workflows for all common (and many uncommon) email server issues. You'll learn how to test each component independently, verify end-to-end mail flow, interpret error messages, analyze logs effectively, and resolve problems efficiently.
Whether you're dealing with delivery failures, authentication problems, performance issues, or configuration errors, this guide provides the tools and procedures needed to identify and fix problems quickly.
Prerequisites
Before beginning testing and troubleshooting, ensure you have:
System Access
- Root or sudo access to the mail server
- SSH access to the server
- Access to DNS management
- Access to firewall configuration
Knowledge Requirements
- Basic Linux command-line skills
- Understanding of email protocols (SMTP, IMAP, POP3)
- Familiarity with Postfix and Dovecot
- Log file analysis basics
Tools Required
Most are standard, but verify availability:
# Check available tools
which telnet nc dig host nslookup openssl postfix postconf doveconf doveadm
Install missing tools:
# Ubuntu/Debian
sudo apt install telnet netcat-openbsd dnsutils openssl postfix dovecot-core -y
# CentOS/Rocky Linux
sudo dnf install telnet nc bind-utils openssl postfix dovecot -y
Understanding Email Flow
Before troubleshooting, understand the complete email path:
Outgoing Email Flow
1. User's Email Client (SMTP AUTH)
↓
2. Postfix SMTP Submission (port 587)
↓
3. Authentication (Dovecot SASL)
↓
4. Content Filtering (SpamAssassin, etc.)
↓
5. DKIM Signing (OpenDKIM)
↓
6. DNS Lookup (MX, A records)
↓
7. Postfix SMTP Out
↓
8. Receiving Mail Server
Incoming Email Flow
1. Sending Mail Server
↓
2. DNS Lookup (MX record)
↓
3. Postfix SMTP In (port 25)
↓
4. SPF/DKIM/DMARC Checks
↓
5. Content Filtering (SpamAssassin)
↓
6. Local Delivery (Dovecot LMTP)
↓
7. Mailbox Storage
↓
8. IMAP/POP3 Access (Dovecot)
↓
9. User's Email Client
Step 1: Test DNS Configuration
DNS problems cause the majority of email issues.
Test MX Records
# Check MX records
dig example.com MX +short
# Expected output:
# 10 mail.example.com.
# Detailed MX lookup
dig example.com MX
# Test from Google's DNS
dig @8.8.8.8 example.com MX +short
# Test from Cloudflare's DNS
dig @1.1.1.1 example.com MX +short
Problems:
- No MX record returned: Add MX record in DNS
- Wrong mail server: Update MX record
- Different results from different DNS: Wait for propagation
Test A Records
# Check A record for mail server
dig mail.example.com A +short
# Expected output:
# 203.0.113.10
# Detailed lookup
dig mail.example.com A
Test Reverse DNS (PTR)
This is critical for deliverability:
# Check PTR record
dig -x 203.0.113.10 +short
# Expected output:
# mail.example.com.
# Alternative
host 203.0.113.10
# Verify forward/reverse match
FORWARD=$(dig mail.example.com A +short)
REVERSE=$(dig -x $FORWARD +short)
echo "Forward: $FORWARD"
echo "Reverse: $REVERSE"
Problem: PTR doesn't match hostname Solution: Contact hosting provider to update PTR record
Test SPF Records
# Check SPF record
dig example.com TXT +short | grep spf
# Expected output:
# "v=spf1 mx a ip4:203.0.113.10 ~all"
# Test SPF validation
host -t TXT example.com | grep spf
Online SPF checker:
https://mxtoolbox.com/spf.aspx
Test DKIM Records
# Check DKIM record (replace 'default' with your selector)
dig default._domainkey.example.com TXT +short
# Expected: Public key starting with "v=DKIM1..."
# Test DKIM
opendkim-testkey -d example.com -s default -vvv
Expected output:
opendkim-testkey: key OK
Test DMARC Records
# Check DMARC record
dig _dmarc.example.com TXT +short
# Expected output:
# "v=DMARC1; p=none; rua=mailto:[email protected]"
DNS Propagation Check
# Check propagation across multiple servers
for dns in 8.8.8.8 1.1.1.1 208.67.222.222 9.9.9.9; do
echo "DNS Server: $dns"
dig @$dns example.com MX +short
echo ""
done
Step 2: Test SMTP Connectivity
Test Port 25 (SMTP)
# Test local connection
telnet localhost 25
# Expected response:
# 220 mail.example.com ESMTP Postfix
# Test external connection
telnet mail.example.com 25
# Test from specific interface
telnet 203.0.113.10 25
Commands to try:
EHLO test.com
MAIL FROM:<[email protected]>
RCPT TO:<[email protected]>
QUIT
Test Port 587 (Submission)
# Test submission port
telnet mail.example.com 587
# Expected: 220 greeting
# Test STARTTLS
openssl s_client -connect mail.example.com:587 -starttls smtp
Should show TLS handshake and certificate.
Test Port 465 (SMTPS)
# Test SMTPS (implicit TLS)
openssl s_client -connect mail.example.com:465
After connection:
EHLO test.com
Test with Netcat
# Test if port is open
nc -zv mail.example.com 25
nc -zv mail.example.com 587
nc -zv mail.example.com 465
# Expected: "succeeded!" or "open"
Check Listening Ports
# Check which ports Postfix is listening on
sudo netstat -tlnp | grep master
# Expected output showing:
# 0.0.0.0:25
# 0.0.0.0:587
# 0.0.0.0:465
Test from External Location
# Test from external service
# Use: https://mxtoolbox.com/diagnostic.aspx
# Or: https://www.checktls.com/
# Command-line external test
curl -v telnet://mail.example.com:25
Step 3: Test SMTP Authentication
Test SASL Authentication
# Check SASL is enabled
telnet localhost 587
After connection:
EHLO test.com
Look for:
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
Test Authentication Manually
Generate base64 credentials:
# Encode username
echo -n '[email protected]' | base64
# Output: dXNlckBleGFtcGxlLmNvbQ==
# Encode password
echo -n 'password123' | base64
# Output: cGFzc3dvcmQxMjM=
Test authentication:
telnet localhost 587
Commands:
EHLO test.com
AUTH LOGIN
dXNlckBleGFtcGxlLmNvbQ== (username in base64)
cGFzc3dvcmQxMjM= (password in base64)
Success: 235 2.7.0 Authentication successful
Failure: 535 5.7.8 Authentication failed
Test with Dovecot Auth Tool
# Test authentication directly
doveadm auth test [email protected] password123
# Expected output:
# passdb: [email protected] auth succeeded
# userdb: [email protected]
Check SASL Socket
# Check auth socket exists
ls -la /var/spool/postfix/private/auth
# Should show socket owned by postfix
# srwxrwxrwx 1 postfix postfix 0 date auth
Step 4: Test Email Delivery
Send Test Email via Command Line
# Simple test
echo "Test email body" | mail -s "Test Subject" [email protected]
# With specific sender
echo "Test" | mail -s "Test" -r [email protected] [email protected]
# To external address
echo "External test" | mail -s "Test" [email protected]
Send via Telnet/SMTP
telnet localhost 25
Commands:
EHLO mail.example.com
MAIL FROM:<[email protected]>
RCPT TO:<[email protected]>
DATA
Subject: Test email
From: [email protected]
To: [email protected]
This is a test email.
.
QUIT
. on a line by itself ends DATA section.
Test with Swaks
Swaks is a powerful SMTP testing tool:
# Install swaks
sudo apt install swaks -y
# Basic test
swaks --to [email protected] --from [email protected] --server localhost
# Test with authentication
swaks --to [email protected] \
--from [email protected] \
--server mail.example.com \
--port 587 \
--tls \
--auth LOGIN \
--auth-user [email protected] \
--auth-password 'password123'
# Test with STARTTLS
swaks --to [email protected] \
--from [email protected] \
--server mail.example.com \
--tls-on-connect
# Test to external address
swaks --to [email protected] \
--from [email protected] \
--server localhost
Check Mail Queue
# View mail queue
sudo mailq
# Or
sudo postqueue -p
# Empty queue output:
# Mail queue is empty
# Queue with mail:
# -Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
# ABC123 1234 Mon Jan 11 10:00:00 [email protected]
# [email protected]
Flush Mail Queue
# Attempt to deliver all queued mail
sudo postqueue -f
# Or
sudo postfix flush
Delete Specific Message
# Delete specific message by ID
sudo postsuper -d ABC123
# Delete all queued messages
sudo postsuper -d ALL
# Delete all messages in deferred queue
sudo postsuper -d ALL deferred
Step 5: Test IMAP/POP3 Access
Test IMAP (port 143)
# Test IMAP connection
telnet localhost 143
# Commands:
a1 LOGIN [email protected] password123
a2 LIST "" "*"
a3 SELECT INBOX
a4 FETCH 1 BODY[]
a5 LOGOUT
Test IMAPS (port 993)
# Test IMAPS with SSL
openssl s_client -connect mail.example.com:993
# After connection, same commands as IMAP
a1 LOGIN [email protected] password123
a2 LIST "" "*"
a3 LOGOUT
Test POP3 (port 110)
# Test POP3
telnet localhost 110
# Commands:
USER [email protected]
PASS password123
LIST
STAT
QUIT
Test POP3S (port 995)
# Test POP3S with SSL
openssl s_client -connect mail.example.com:995
# After connection:
USER [email protected]
PASS password123
LIST
QUIT
Check Dovecot Status
# Check Dovecot is running
sudo systemctl status dovecot
# Check listening ports
sudo netstat -tlnp | grep dovecot
# Check active connections
sudo doveadm who
Step 6: Test SSL/TLS Certificates
Test Certificate Validity
# Test SMTP STARTTLS certificate
openssl s_client -connect mail.example.com:587 -starttls smtp
# Test IMAPS certificate
openssl s_client -connect mail.example.com:993
# Test SMTPS certificate
openssl s_client -connect mail.example.com:465
Look for:
Verify return code: 0 (ok)
Or errors:
Verify return code: 20 (unable to get local issuer certificate)
Verify return code: 10 (certificate has expired)
Check Certificate Expiration
# Check certificate dates
openssl s_client -connect mail.example.com:993 2>/dev/null | openssl x509 -noout -dates
# Output:
# notBefore=Jan 11 00:00:00 2026 GMT
# notAfter=Apr 11 00:00:00 2026 GMT
# Check certificate details
sudo openssl x509 -in /etc/letsencrypt/live/mail.example.com/fullchain.pem -noout -text
Test Certificate Chain
# Verify certificate chain
openssl s_client -connect mail.example.com:587 -starttls smtp -showcerts
Should show:
Certificate chain
0 s:CN = mail.example.com
i:C = US, O = Let's Encrypt, CN = R3
1 s:C = US, O = Let's Encrypt, CN = R3
i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
Test with SSL Labs
Online tool for comprehensive SSL testing:
https://www.ssllabs.com/ssltest/
Enter: mail.example.com
Step 7: Test Authentication and Authorization
Test Email Authentication (SPF/DKIM/DMARC)
Send test email and check headers:
# Send to Gmail
echo "Auth test" | mail -s "Authentication Test" [email protected]
In Gmail:
- Open email
- Click "Show original"
- Check authentication results:
Received-SPF: pass
Authentication-Results: dkim=pass
Authentication-Results: dmarc=pass
Online Authentication Checkers
Mail-Tester:
https://www.mail-tester.com/
Send email to provided address, get score out of 10.
DKIMValidator:
https://dkimvalidator.com/
Checks DKIM signatures specifically.
Test SPF Manually
# Install spf checking tool
sudo apt install libmail-spf-perl -y
# Check SPF for domain
spfquery.mail-spf --ip=203.0.113.10 [email protected] --scope=mfrom
Step 8: Analyze Log Files
Postfix Log Locations
# Ubuntu/Debian
tail -f /var/log/mail.log
# CentOS/Rocky Linux
tail -f /var/log/maillog
# Filter specific address
grep "[email protected]" /var/log/mail.log
# Today's logs only
grep "$(date '+%b %d')" /var/log/mail.log
Common Log Patterns
Successful delivery:
status=sent (delivered to maildir)
Deferred (temporary failure):
status=deferred (Connection timed out)
Bounced (permanent failure):
status=bounced (User unknown)
Rejected:
reject: RCPT from unknown
Dovecot Logs
# Dovecot log location
tail -f /var/log/dovecot.log
# Or check syslog
grep dovecot /var/log/syslog | tail -50
# Authentication failures
grep "auth failed" /var/log/dovecot.log
# Successful logins
grep "Login:" /var/log/dovecot.log
Useful Log Analysis Commands
# Count emails sent today
grep "status=sent" /var/log/mail.log | grep "$(date '+%b %d')" | wc -l
# Count bounced emails
grep "status=bounced" /var/log/mail.log | wc -l
# Top sending IPs
grep "from=" /var/log/mail.log | awk '{print $7}' | sort | uniq -c | sort -rn | head -10
# Recent rejections
grep "reject:" /var/log/mail.log | tail -20
# Authentication failures
grep "authentication failed" /var/log/mail.log | tail -20
# Large emails
grep "size=" /var/log/mail.log | awk '{print $NF}' | sort -rn | head -10
Step 9: Common Issues and Solutions
Issue 1: Mail Not Sending
Symptoms: Emails stuck in queue or bouncing
Diagnosis:
# Check queue
sudo mailq
# Check logs
sudo tail -f /var/log/mail.log
# Test SMTP
telnet localhost 25
Common causes:
- DNS issues (MX records)
- Firewall blocking port 25
- Wrong hostname configuration
- Authentication failures
Solutions:
# Check DNS
dig example.com MX +short
# Check firewall
sudo ufw status
sudo firewall-cmd --list-all
# Verify hostname
hostname -f
postconf myhostname
# Flush queue
sudo postqueue -f
Issue 2: Mail Not Receiving
Symptoms: External mail not arriving
Diagnosis:
# Check MX record
dig example.com MX +short
# Test external connection
telnet mail.example.com 25
# Check logs for rejections
grep "reject" /var/log/mail.log | tail -20
Common causes:
- MX record pointing to wrong server
- Port 25 blocked by firewall
- Greylisting delays
- Spam filtering rejection
Solutions:
# Fix MX record in DNS
# Open port 25
sudo ufw allow 25/tcp
# Check postfix is listening
sudo netstat -tlnp | grep :25
# Temporarily disable restrictions (testing only)
sudo postconf -e "smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,permit"
sudo systemctl reload postfix
Issue 3: Authentication Failures
Symptoms: Cannot send email, "Authentication failed" errors
Diagnosis:
# Test authentication
doveadm auth test [email protected] password
# Check SASL socket
ls -la /var/spool/postfix/private/auth
# Check logs
grep "auth" /var/log/dovecot.log | tail -20
Solutions:
# Verify user exists
grep "[email protected]" /etc/dovecot/users
# Check password
doveadm pw -s SHA512-CRYPT -p 'password'
# Restart services
sudo systemctl restart postfix dovecot
# Check Postfix SASL config
postconf smtpd_sasl_type
postconf smtpd_sasl_path
Issue 4: Emails Going to Spam
Symptoms: Emails land in spam folders
Diagnosis:
# Check DNS records
dig example.com MX +short
dig example.com TXT +short | grep spf
dig default._domainkey.example.com TXT +short
dig _dmarc.example.com TXT +short
# Check PTR
dig -x YOUR_IP +short
# Test with mail-tester.com
Solutions:
- Configure SPF, DKIM, DMARC
- Fix reverse DNS
- Remove from blacklists
- Improve content quality
- Use proper SSL certificates
Issue 5: High CPU/Memory Usage
Symptoms: Server sluggish, high resource usage
Diagnosis:
# Check processes
top -u postfix
top -u vmail
# Check queue size
sudo mailq | tail -1
# Check connection count
sudo netstat -an | grep :25 | wc -l
Solutions:
# Limit processes in Postfix
sudo postconf -e "default_process_limit=100"
sudo postconf -e "smtpd_client_connection_count_limit=50"
# Limit SpamAssassin children
sudo nano /etc/default/spamassassin
# Set: --max-children 3
# Clear mail queue if spam
sudo postsuper -d ALL
# Restart services
sudo systemctl restart postfix dovecot
Step 10: Performance Testing
Test Mail Server Load
# Send multiple test emails
for i in {1..10}; do
echo "Test $i" | mail -s "Load Test $i" [email protected]
done
# Monitor queue
watch -n 1 'mailq | tail -1'
# Monitor logs
sudo tail -f /var/log/mail.log
Benchmark SMTP
Using swaks:
# Time single delivery
time swaks --to [email protected] --from [email protected]
# Stress test (careful!)
for i in {1..100}; do
swaks --to [email protected] --from [email protected] &
done
Monitor Resource Usage
# Create monitoring script
cat > /tmp/monitor.sh << 'EOF'
#!/bin/bash
while true; do
echo "=== $(date) ==="
echo "Postfix processes: $(ps aux | grep postfix | wc -l)"
echo "Dovecot processes: $(ps aux | grep dovecot | wc -l)"
echo "Mail queue: $(mailq | tail -1)"
echo "Memory usage: $(free -h | grep Mem | awk '{print $3}')"
echo ""
sleep 5
done
EOF
chmod +x /tmp/monitor.sh
/tmp/monitor.sh
Conclusion
You now have comprehensive testing and troubleshooting procedures for your email server. These systematic approaches enable you to quickly identify and resolve issues, maintain reliability, and ensure optimal performance.
Key Takeaways
- Test systematically: Check each component independently
- Use appropriate tools: telnet, openssl, dig, postfix commands
- Analyze logs effectively: Understand common patterns
- Document issues: Keep track of problems and solutions
- Monitor continuously: Catch issues before users report them
Recommended Testing Schedule
Daily:
- Check mail queue
- Review error logs
- Verify services running
Weekly:
- Send test emails to external addresses
- Check authentication results
- Review performance metrics
Monthly:
- Test all DNS records
- Verify SSL certificates
- Review and update documentation
Important Reminders
- Test before deploying: Verify changes in test environment
- Keep logs: Rotate and archive for analysis
- Document solutions: Build knowledge base
- Monitor continuously: Use automated monitoring tools
- Stay updated: Keep software and rules current
With these testing and troubleshooting skills, you can maintain a highly reliable email infrastructure, quickly resolve issues when they arise, and provide excellent service to your users.