Domino on Linux/Unix, Troubleshooting, Best Practices, Tips and more ...


Daniel Nashed


Swaks - Swiss Army Knife SMTP

Daniel Nashed  23 October 2021 09:17:12

Swaks - Swiss Army Knife SMTP, the all-purpose SMTP transaction tester

For testing I usually use telnet or openssl on port 25 to directly communicate with a server and type in the SMTP commands.
This is very helpful for testing to see how the negotiation on TLS works and also to see the SMTP dialogs.

But there is a very cool tool out there which can help you with many more situations and it is very easy to use!

It's included in CentOS epel and can be just installed like this:

yum install -y epel-release
yum install -y swaks

It has many command-line switches but if you start it without any switch, it will ask for the recipient and just sends a mail.

There are two very useful options I want to highlight
  • TLS
  • Authentication

Both options have custom settings but if you just use -tls and -a you should be fine in most cases.

-- Daniel

  Require connection to use STARTTLS. Exit if TLS not available for any reason (not advertised, negotiations failed, etc).

-tlso, --tls-optional
    Attempt to use STARTTLS if available, continue with normal transaction if TLS was unable to be negotiated for any reason. Note that this is a semi-useless option as currently
    implemented because after a negotiation failure the state of the connection is unknown. In some cases, like a version mismatch, the connection should be left as plaintext. In
    others, like a verification failure, the server-side may think that it should continue speaking TLS while the client thinks it is plaintext. There may be an attempt to add more
    granular state detection in the future, but for now just be aware that odd things may happen with this option if the TLS negotiation is attempted and fails.

 -a, --auth [auth-type[,auth-type,...]]
    Require Swaks to authenticate. If no argument is given, any supported auth-types advertised by the server are tried until one succeeds or all fail. If one or more auth-types are
    specified as an argument, each that the server also supports is tried in order until one succeeds or all fail. This option requires Swaks to authenticate, so if no common
    auth-types are found or no credentials succeed, Swaks displays an error and exits.

Example with log details:

swaks -tls
=== Trying
=== Connected to
<-  220 ESMTP Service (HCL Domino Build V1201_09302021) ready at Sat, 23 Oct 2021 09:25:30 +0200
 -> EHLO
<- Hello ([]), pleased to meet you
<-  250-TLS
<-  250-HELP
<-  250-AUTH LOGIN
<-  250-STARTTLS
<-  250-SIZE
<-  220 Ready to start TLS
=== TLS started with cipher TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256
=== TLS no local certificate set
=== TLS peer DN="/CN=*"
 ~> EHLO
<~ Hello ([]), pleased to meet you
<~  250-HELP
<~  250-AUTH LOGIN
<~  250-SIZE
<~  250 Sender OK
 ~> RCPT TO:
<~  250 Recipient OK
 ~> DATA
<~  354 Enter message, end with "." on a line by itself
 ~> Date: Sat, 23 Oct 2021 09:25:30 +0200
 ~> To:
 ~> From:
 ~> Subject: test Sat, 23 Oct 2021 09:25:30 +0200
 ~> Message-Id: <>
 ~> X-Mailer: swaks v20181104.0
 ~> This is a test mailing
 ~> .
<~  250 Message accepted for delivery
 ~> QUIT
<~  221 SMTP Service closing transmission channel
=== Connection closed with remote host.



    • [IBM Lotus Domino]
    • [Domino on Linux]
    • [Nash!Com]
    • [Daniel Nashed]