Swaks - Swiss Army Knife SMTP
Daniel Nashed – 23 October 2021 07:17:12
Swaks - Swiss Army Knife SMTP, the all-purpose SMTP transaction tester
For testing I usually use telnet or openssl on port 25 to directly communicate with a server and type in the SMTP commands.
This is very helpful for testing to see how the negotiation on TLS works and also to see the SMTP dialogs.
But there is a very cool tool out there which can help you with many more situations and it is very easy to use!
It's included in CentOS epel and can be just installed like this:
yum install -y epel-release
yum install -y swaks
It has many command-line switches but if you start it without any switch, it will ask for the recipient and just sends a mail.
There are two very useful options I want to highlight
- TLS
- Authentication
Both options have custom settings but if you just use -tls and -a you should be fine in most cases.
-- Daniel
-tls
Require connection to use STARTTLS. Exit if TLS not available for any reason (not advertised, negotiations failed, etc).
-tlso, --tls-optional
Attempt to use STARTTLS if available, continue with normal transaction if TLS was unable to be negotiated for any reason. Note that this is a semi-useless option as currently
implemented because after a negotiation failure the state of the connection is unknown. In some cases, like a version mismatch, the connection should be left as plaintext. In
others, like a verification failure, the server-side may think that it should continue speaking TLS while the client thinks it is plaintext. There may be an attempt to add more
granular state detection in the future, but for now just be aware that odd things may happen with this option if the TLS negotiation is attempted and fails.
-a, --auth [auth-type[,auth-type,...]]
Require Swaks to authenticate. If no argument is given, any supported auth-types advertised by the server are tried until one succeeds or all fail. If one or more auth-types are
specified as an argument, each that the server also supports is tried in order until one succeeds or all fail. This option requires Swaks to authenticate, so if no common
auth-types are found or no credentials succeed, Swaks displays an error and exits.
Example with log details:
swaks -tls
To: nsh@csi-domino.com
=== Trying mail.csi-domino.com:25...
=== Connected to mail.csi-domino.com.
<- 220 pluto.csi-domino.com ESMTP Service (HCL Domino Build V1201_09302021) ready at Sat, 23 Oct 2021 09:25:30 +0200
-> EHLO volt.domino-lab.net
<- 250-pluto.csi-domino.com Hello volt.domino-lab.net ([162.55.39.164]), pleased to meet you
<- 250-TLS
<- 250-HELP
<- 250-AUTH LOGIN
<- 250-STARTTLS
<- 250-SIZE
<- 250 PIPELINING
-> STARTTLS
<- 220 Ready to start TLS
=== TLS started with cipher TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256
=== TLS no local certificate set
=== TLS peer DN="/CN=*.csi-domino.com"
~> EHLO volt.domino-lab.net
<~ 250-pluto.csi-domino.com Hello volt.domino-lab.net ([162.55.39.164]), pleased to meet you
<~ 250-HELP
<~ 250-AUTH LOGIN
<~ 250-SIZE
<~ 250 PIPELINING
~> MAIL FROM:
<~ 250 root@volt.domino-lab.net... Sender OK
~> RCPT TO:
<~ 250 nsh@csi-domino.com... Recipient OK
~> DATA
<~ 354 Enter message, end with "." on a line by itself
~> Date: Sat, 23 Oct 2021 09:25:30 +0200
~> To: nsh@csi-domino.com
~> From: root@volt.domino-lab.net
~> Subject: test Sat, 23 Oct 2021 09:25:30 +0200
~> Message-Id: <20211023092530.1421410@volt.domino-lab.net>
~> X-Mailer: swaks v20181104.0 jetmore.org/john/code/swaks/
~>
~> This is a test mailing
~>
~>
~> .
<~ 250 Message accepted for delivery
~> QUIT
<~ 221 pluto.csi-domino.com SMTP Service closing transmission channel
=== Connection closed with remote host.
- Comments [0]