How to send an email using OpenSSL

Home > Search > How-to
  by

OpenSSL would typically only be used when you need to send an email using encryption and authentication. In this example, a connection is made to the email server with hostname mail.example.com, using port 587, and a public / private key pair. 

 


Sending an email on the email server

When using this command, issue the command as one long string. I just placed every option on a new line to make it easier to read and understand.

[root@server1 ~]# openssl s_client 
-connect mail.example.com:587 
-starttls smtp 
-key /etc/pki/tls/private/mail.example.com.key
-cert /etc/pki/tls/certs/mail.example.com.crt

 

There should be many lines of text referencing various security parameters, such as TLS. The output should begin with "CONNECTED(0000003)" and end with "Verify return code: 18 (self signed certificate)" and "250 DSN".

CONNECTED(00000003)
. . .
    Verify return code: 18 (self signed certificate)
---
250 DSN

 

We can now send an email.

250 DSN
EHLO localhost
250-mail.example.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from: user1@example.com
250 2.1.0 Ok
rcpt to: user2@example.com
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
Hello World
.
250 2.0.0 Ok: queued as 188B012006D
quit
221 2.0.0 Bye
closed

 


Sending an email from a different computer

Lets use terminal on a different Linux machine in the network. On the other Linux machine, install openssl.

[root@server1 ~]# yum install openssl

 

Lets connect to the Postfix server using port 587 and TLS. Ensure you are using the name of your Postifx mail server as it is listed in your DNS server.

[root@server1 ~]# openssl s_client 
-connect mail.example.com:587 
-starttls smtp 
-CAfile /etc/pki/tls/mail.example.com.pem

 

There should be many lines of text referencing various security parameters, such as TLS. The output should begin with "CONNECTED(0000003)" and end with "Verify return code: 18 (self signed certificate)" and "250 DSN".

CONNECTED(00000003)
. . .
    Verify return code: 18 (self signed certificate)
---
250 DSN

 

We can now send an email.

250 DSN
EHLO localhost
250-mail.example.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from: user1@example.com
250 2.1.0 Ok
rcpt to: user2@example.com
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
Hello World
.
250 2.0.0 Ok: queued as 188B012006D
quit
221 2.0.0 Bye
closed

 

Once we are able to send emails using OpenSSL, we next will want to send emails using mailx. The reason for this is because you must type quite a bit of text just to make a connection with OpenSSL, and OpenSSL produces a lot of output. Mailx requires much less typing and has very minimal output. Also, mailx is easy to use in automation scripts, such as BASH.

 



Add a Comment




We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.




Please enter in the box below so that we can be sure you are a human.




Comments