Send Mail Using Command Line with Command OpenSSL

neotam Avatar

Send Mail Using Command Line with Command OpenSSL
Posted on :

Tags :

SMTP is the connection-oriented and text-based conversation or chatty protocol. Using netcat(nc) or telnet we can connect to STMP server or the mail exchange and send the mail if the server is accepting on insecure port on 25 otherwise use the OpenSSL command to connect to secure ports such as 465 or 587

For details about SMTP protocol refer the RFC

Before you connect to the mail exchange or SMTP server, you need to find the address of SMTP server for particular domain, we can mail exchange server location of any domain if available using command dig as follows

dig MX

Above command returns the output something like as follows

; <<>> DiG 9.10.6 <<>> MX
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5279
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1

; EDNS: version: 0, flags:; udp: 1280
;			IN	MX

;; ANSWER SECTION:		3600	IN	MX	40		3600	IN	MX	5		3600	IN	MX	20		3600	IN	MX	30		3600	IN	MX	10

;; Query time: 114 msec
;; SERVER: 2401:4900:4fd7:15bf::3f#53(2401:4900:4fd7:15bf::3f)
;; WHEN: Tue Oct 18 00:43:46 IST 2022
;; MSG SIZE  rcvd: 161

As it is shown in the above output, we have multiple MX (Mail Exchange) servers, multiple servers are used for backup and high availability. The number prior the domain of MX server indicates the priority, lower the value higher the priority. For example is having highest priority since the priority number is the lowest among which is 5

Connect to the SMTP server using openssl using command as follows

openssl s_client -connect -crlf -ign_eof

Mail conversation after connecting to gmail SMTP server using above command

read R BLOCK
220 ESMTP w4-20020a628204000000b005623fa9ad42sm7152018pfd.153 - gsmtp
HELO localhost
250 at your service
334 VXNlcm5hbWU6
334 UGFzc3dvcmQ6
235 2.7.0 Accepted
503 5.5.1 MAIL first. w4-20020a628204000000b005623fa9ad42sm7152018pfd.153 - gsmtp
250 2.1.0 OK w4-20020a628204000000b005623fa9ad42sm7152018pfd.153 - gsmtp
502 5.5.1 Unrecognized command. w4-20020a628204000000b005623fa9ad42sm7152018pfd.153 - gsmtp
250 2.1.5 OK w4-20020a628204000000b005623fa9ad42sm7152018pfd.153 - gsmtp
354  Go ahead w4-20020a628204000000b005623fa9ad42sm7152018pfd.153 - gsmtp
From: "Neo Tron" <> 
To: "Botron" <> 
Subject: This is test mail 

Hello Nutron, 

Welcome to the world of mailing 


250 2.0.0 OK  1666040353 w4-20020a628204000000b005623fa9ad42sm7152018pfd.153 - gsmtp
221 2.0.0 closing connection w4-20020a628204000000b005623fa9ad42sm7152018pfd.153 - gsmtp

Let’s make sense of the above chat. between the SMTP server and our client

  1. Server: First, connected to the SMTP mail server usign command openssl s_client -connect
  2. Client: On successful connection, server replied with 220 followed by it’s domain name
  3. Client: Then, we greet the server with HELO or EHLO followed by our domain name
    • If we greet with EHLO, server replies with possible commands that are suppored
  4. Client: Login to the server by sending command AUTH LOGIN
  5. Server: Server Asks the username in base64 334 VXNlcm5hbWU6 which means 344 Username:
  6. Client: reply with username after converting it to base64
  7. Server: asks the password
  8. Client: reply with password after converting it to base64
  9. Server: If credentials are correct, server replies with 235 Accepted

After successful login, write the mail and end it with .\n\n (.LFLF) to send the mail body and headers to server.

We need to provide the username and password in base64. Use the tool -codec to convert username and password to base64

Another example mail conversation


  • If you are using gmail, make sure you have enabled the use less secure apps

In fact, google phased out the use less secure apps feature. To be able to send mail using command line we need to create app password. To get the option of “app password” enable 2-step verification first

Set the app password and use it instead of actual username and password

Click on App Passwords, and then select the App type in the next screen

Google App Password: Select App

Then, select the Device Type

Google App Password: Select Device

Then, click on generate to generate the password

Google App Password: Generated

If authentication is consistently failing, also check if you are using proper authentication protocol as SMTP uses and supports different authentication protocols

  1. PLAIN (Uses Base64 encoding)
  2. LOGIN (Uses Base64 encoding)
  3. GSSAPI (Generic Security Services Application Program Interface)
  4. DIGEST-MD5 (Digest access authentication)
  5. MD5 CRAM-MD5 OAUTH10A (OAuth 1.0a HMAC-SHA1 tokens/RFC 5849)
  6. OAUTHBEARER (OAuth 2.0 bearer tokens/RFC 6750)
  7. XOAUTH2

Authentication mechanisms supported by server is provided in the response from server in response to EHLO message

S: Hello

As it is shown in the example above, server supports authentication mechanisms: GSSAPI, DIGEST-MD5 and PLAIN

Such that, check and make sure you are using appropriate authentication mechanism

Leave a Reply

Your email address will not be published. Required fields are marked *