An essential skill for email administrators is being able to dive into the command line to troubleshoot email delivery and connectivity problems.  In this post I will explain some of the simple command line techniques you can use for diagnosing these email issues.

NSLookup

NSLookup is the command line utility for querying the Domain Name System (DNS).  Because email delivery relies so heavily on the Mail Exchanger (MX) records contained within DNS you need to know how to use it for verifying DNS configurations.

When someone reports a problem sending email to an outside party and you want to investigate it one of the first things you’ll need to determine is the name or IP address of their mail server.  This is the job of the MX record, which you can query using NSLookup.

Open a command prompt (Start -> Run, cmd.exe) and type “nslookup” and press Enter.  First test a few well known web addresses to make sure that your own DNS servers are working properly.

C:>nslookup
Default Server:  UnKnown
Address:  192.168.0.1

> www.gfi.com
Server:  UnKnown
Address:  192.168.0.1

Non-authoritative answer:
Name:    www.gfi.com
Address:  216.134.217.17

> www.theemailadmin.com
Server:  UnKnown
Address:  192.168.0.1

Non-authoritative answer:
Name:    theemailadmin.com
Address:  69.89.31.227
Aliases:  www.theemailadmin.com

Now change the query type to MX by typing “set” and press Enter.

> set type=mx

Next type the domain name for the organization you are trying to send to, e.g. contoso.com.

> contoso.com

If their DNS zone exists, is correctly configured, and their name servers are responding, you should receive a response similar to this.

Server:  UnKnown
Address:  192.168.0.1

Non-authoritative answer:
contoso.com     MX preference = 10,
mail exchanger = mail.global.frontbridge.com

mail.global.frontbridge.com
internet address = 216.32.180.22

If there is a problem you may receive a response more like this.

*** UnKnown can't find contoso.com: Non-existent domain

When a successful response is received it tells us that they have one MX record with a preference of 10 (this only matters when there are more than one MX records), and that its name is mail.global.frontbridge.com.  Furthermore we can see that mail.global.frontbridge.com resolves to IP address 216.32.180.22.  This is the IP address we want to connect to for testing email connectivity.

Telnet

Telnet is the command line utility to use for testing connectivity.  Telnet allows us to connect to any IP address and TCP port to perform testing.

For Windows Server 2003 and earlier Telnet is already installed, but for Windows Server 2008 Microsoft took the standpoint that Telnet is potentially a hacking tool and so is not installed by default on new servers.  You can install it when necessary by launching an elevated privilege command prompt and running this command.

servermanagercmd.exe –i telnet-client

From a command prompt type “telnet [name/IP address] 25” and press Enter.  This tells Telnet to connect to the given name or IP address on TCP port 25 (the SMTP port).

At a successful connection you will see status code 220 (meaning Service Ready) followed by the welcome banner for the server (this will vary depending on the mail server software that they are running plus whatever customization the email administrator applies).

220 TX2EHSMHS026.bigfish.com Microsoft ESMTP MAIL
Service ready at Thu, 19 Nov 2009 12:44:27 +0000

Now it is time to learn how to issue basic SMTP commands using Telnet.  A simple SMTP session will contain these steps:

EHLO – Identifies the sending server (you).  You can also use HELO, but EHLO is widely supported.

MAIL – Identifies the sending email address.

RCPT – Identifies the receiving email address.

DATA – The contents of the email message itself.

So to test email to the contoso.com email server you can use this command sequence.

ehlo
250-TX2EHSMHS026.bigfish.com Hello [202.173.145.153]
250-SIZE 157286400
250-PIPELINING
250-ENHANCEDSTATUSCODES
250-STARTTLS
250-AUTH
250-8BITMIME
250-BINARYMIME
250 CHUNKING
mail from: paul@exchangeserverpro.com
250 2.1.0 OK
rcpt to: name@contoso.com
250 2.1.5 OK
data
354  Go ahead
Subject: This is a test email
This is a test email
.
250 2.0.0 OK

Note how the message is sent after the DATA verb is issued, the data itself entered, and then a “.” (period) indicating the end of the data.

If there are any problems with this SMTP session the error messages that are returned by the server will indicate exactly what is going on.  For example, the server may return a message saying that message relay is denied, or that the intended recipient is not valid.  From this you can determine the next steps to take in troubleshooting the email problem.