Manage Learn to apply best practices and optimize your operations.

Part 2: How to perform a Telnet SMTP session for Exchange Server 2003

Get a demonstration of how to perform an SMTP session via Telnet to send email messages in Exchange Server 2003.

The SMTP commands and codes shown in Part 1 are universal to any mail server that supports SMTP. These commands can be issued manually via Telnet. This section demonstrates some of these commands to demonstrate how SMTP works.

Connecting to the Exchange Server

If you want to send email through a Telnet session, you first must establish a connection to your Exchange server. In this example, I'll use a workstation that is a member of the same domain as my Exchange server.

After logging into the domain, you can establish a Telnet session by opening a command-prompt window and entering:

telnet 25

In this command, is the fully qualified name (FQDN) of your Exchange Server. You can also use the server's IP address instead of the FQDN. The number 25 at the end of the command indicates that you want Telnet to establish the connection over TCP port 25, which is the port that SMTP uses (Figure A).

Figure A
Figure A. The result of issuing a Telnet command.

In Figure A, you can't see the actual command that was typed because Telnet clears the screen after establishing a connection. However, you will notice that the result begins with the number 220. This response code indicates that the SMTP service is ready.

In Figure B, you'll see that you can do the exact same thing using the Hyper Terminal applet included with Windows XP, or you can use a different terminal program.

NOTE: The following figures are displayed in Hyper Terminal for ease of viewing.

Figure B
Figure B. Use a Terminal program to issue SMTP commands.

SMTP commands can be issued using the prompt. Any command that can be typed manually at this prompt can also be included in a script. This means that it's possible to create batch files that send an email message after a command is complete, or when certain conditions exist.


SMTP commands are implemented differently on each system. SMTP commands were originally developed for non-Microsoft operating systems, but later were adapted for use with Microsoft.

As noted, the HELO command was used to initiate an SMTP session, and you must provide the host with your IP address as a parameter to this command. The Microsoft implementation will accept the FQDN of the mail server as an alternative.

Notice in Figure C that the mail server's FQDN was used as an argument to the HELO command. The mail server then returned the response code of 250, meaning that the command was completed. After the response code, there is a repeat of the mail server's FQDN, a text response from the mail server (Hello) and an IP address. The IP address used is that of my workstation, not the mail server.

Figure C
Figure C. Use the HELO command to establish an SMTP session.


The next step to send a message is to issue the MAIL FROM: command, which informs the session who is sending the message. In Figure D, you will see that I have used my IP address as a parameter in this command.

Figure D
Figure D. The MAIL FROM: command lets you specify the sender.

The response code again is 250 and my email address is listed, indicating that the sender is OK. When you issue the MAIL FROM: command, the server checks to see if the domain portion of the email address is correct. It's not concerned with what is used for the actual address, as long as the domain portion is valid. In fact, specifying non-existent email addresses within an SMTP command is one way that hackers and spammers can spoof email accounts.


The next step is to use the RCPT TO: command to specify the message recipient. The server doesn't verify the recipient address. In fact, in Figure E you'll see that the recipient address is listed as [email protected] However, this address doesn't exist, as I chose a non-existent email address.

Figure E
Figure E: Use the RCPT TO: command to specify the message recipient.

In most cases, mail relay is disabled within Exchange Server. This prevents spammers from passing spam through your Exchange server.

If you specify a recipient that exists within an external domain, the message will be rejected if the mail relay is disabled. If you have a user with a legitimate need to manually send SMTP commands to your server, then you should disable mail relay for that user. Never disable mail relay on the SMTP virtual server entirely.


After specifying the sender and the recipient, it's time to compose the message body. To do so, enter the DATA command. In Figure F, you'll see that there are no parameters to this command. I received a response code of 354, which means that it is OK to transmit a message. The response also indicates that the message must be terminated by . . This means that you have to put a period (.) on a line by itself to end the message.

Figure F
Figure F. The DATA command indicates the start of the message body.

The first thing that you'll want to enter into the message body is the subject. To do this:

  1. Type Subject:, followed by the message subject (Figure G). The subject must be on a line by itself.

    Figure G
    Figure G: You can use the Subject: command to specify the message subject.

  2. Type your message.

  3. When you are done, press Enter.

  4. Type a period (.), and then hit Enter. After a brief delay you will see a response similar to the one in Figure H.

Figure H
Figure H. Place a period (.) on the blank line after the message to queue it for delivery.

The mail server sends the 250 response code, indicating that the command is complete. A message following the code indicates that the message has been queued for delivery.

Ending the session

After sending the message, you can either send another message or terminate the session. In Figure I, you'll see that I entered the QUIT command to terminate the session. There are no required parameters that you must enter in conjunction with this command.

Figure I
Figure I. The QUIT command is used to terminate the session.

When the command completes, you should see a response code of 221, which indicates that SMTP is closing the transmission channel. You will also see a confirmation text message.


Because a bogus email address was used, I can't open the recipient's mailbox to determine that the message has been delivered. However, Exchange is configured to issue non-delivery reports. Figure J shows a non-delivery report for the message has been placed into my Inbox, even though I didn't send the message through Microsoft Outlook.

Figure J
Figure J. Non-delivery report.


 Home: Introduction
 Part 1: SMTP commands and server response codes
 Part 2: How to perform a Telnet SMTP session for Exchange Server 2003
 Part 3: How Extended SMTP works and common ESMTP commands
 Part 4: Security-related and Exchange-specific ESMTP commands

Brien M. Posey, MCSE
Brien M. Posey, MCSE, is a Microsoft Most Valuable Professional for his work with Exchange Server, and has previously received Microsoft's MVP award for Windows Server and Internet Information Server (IIS). Brien has served as CIO for a nationwide chain of hospitals and was once responsible for the Department of Information Management at Fort Knox. As a freelance technical writer, Brien has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D, Relevant Technologies and other technology companies. You can visit Brien's personal Web site at

Dig Deeper on Exchange Server setup and troubleshooting