Check your mail servers cert using a tls connection:

home | blog | Teh Internet | guest blog |rants | political | projects | Gwen and Liam | Citadel patched | Tools | TMBG


- Careful Chrome users, this search box might be "Not secure"



See this post by koppor on serverfault.com:
http://serverfault.com/questions/521425/exim4-is-showing-a-tls-error-on-connection-gnutls-handshake
If that site or link goes away, here are the gory details:
apt-get install gnutls-bin to have gnutls-cli available.
gnutls-cli -s -p 25 YOURSMTPHOST (starts a session with your mailserver)
ehlo foo
starttls
Press CTRL+d (^d)


This one works as well:
Thanks to Dan Andreatta, and Skyhawk (for the edits):
http://serverfault.com/questions/131627/how-to-inspect-remote-smtp-servers-tls-certificate
Again, in case that goes away:
openssl s_client -connect mail.example.com:25 -starttls smtp
or standard secure smtp
openssl s_client -connect mail.example.com:465



[æ]