I never knew how to connect to an IMAP server when SSL/TLS were forced. With unencrypted connections, you can just Telnet in, but this exposes your login credentials and data, so many servers will not allow that. The secure equivalent to Telnet, I found, is OpenSSL’s s_client tool. The documentation clearly labels it as a debug tool.
You’d resort to either connection method for verification or troubleshooting purposes; I can’t imagine anyone wanting to do employ Telnet or s_client regularly — rather than use some mail client.
As an example, here’s how you could log into an Exchange account, select the “Inbox” folder, and log out:
$ openssl s_client -connect server:port -crlf
? LOGIN username password
? SELECT Inbox
? LOGOUT
The “openssl” line is typed at the shell prompt in your terminal (I used it from zsh in Terminal on Mac OS X Tiger, just for context). The “-connect” flag specifies the server and port (usually 993) to which you’re connecting. The “-crlf” flag is to send a CR/LF when you press Return; this is required for Telnet but is not done by default by s_client.
The rest of the commands are typed at blank lines provided by the s_client tool. To verify basic connectivity with Exchange IMAP, I found I needed to use a ? or a number preceding the commands. (Not being well versed in the internals of these protocols, I don’t know why, but I can follow directions.)
There is some basic info about s_client in the openssl man page, and there’s a man page devoted to s_client.
I also found an interesting source listing the capabilities of various IMAP servers.