Debugging mail is hard. It's even harder when there's SSL in the way. But we can use unix elbow grease to get around this!
Run socat as a proxy, offloading the SSL processing to openssl in a subshell:
$ socat -v TCP-LISTEN:5877 EXEC:'openssl s_client -connect mail.your.server\:587 -starttls smtp'
Test this is working by, in parallel session
$ nc localhost 5877
EHLO mail.your.server
Re-run the proxy.
Edit your mail server / client config to use localhost:5877
as its outgoing mail server with encryption disabled,
instead of mail.your.server:587
or mail.your.server:25
. Then run it. socat will display the traffic.
Re-run the proxy and you can emulate what your client did by nc localhost 5877
ing again.
Cheers!
(that
\:
is key! don't remove that! the socat parser is a bit stupid)