test2101

Secure Email Sending with CommandLine Mail Sender: TLS, Auth, and Best Practices

Written by

adm

in

CommandLine Mail Sender: Top Tools and Example Commands

Sending email from the command line is useful for automation, monitoring alerts, scripts, and quick one-off messages without opening an email client. This guide covers reliable CLI tools, installation notes, authentication and security tips, and practical example commands for Linux/macOS (Windows examples use WSL or native ports).

When to use a CLI mail sender

  • Automation: cron jobs, CI pipelines, backups, and monitoring alerts.
  • Scripting: include email notifications inside shell scripts or programs.
  • Minimal environments: servers or containers without GUI mail clients.

Key considerations

  • Authentication: Most SMTP servers require username/password or OAuth.
  • Encryption: Use TLS/STARTTLS to protect credentials and content in transit.
  • Deliverability: Use proper From, Reply-To, and SPF/DKIM/DMARC on sending domains to avoid spam.
  • Dependencies: Some tools rely on system MTA (sendmail/postfix) or external services.

Top tools

1) mailx (Heirloom mailx / BSD mailx)

  • Description: Traditional Unix mail client with scripting-friendly interface.
  • Install: apt: sudo apt install heirloom-mailx or macOS: brew install mailx.
  • Strengths: Widely available, supports SMTP auth and TLS.
  • Limitations: Different distro variants have slightly different flags.

Example (SMTP with TLS and auth):

Code
echo “Body text” | mailx -v  -s “Subject here”   -S smtp=“smtp://smtp.example.com:587”   -S smtp-use-starttls   -S smtp-auth=login   -S smtp-auth-user=“[email protected]”   -S smtp-auth-password=“password”   -S from=“[email protected][email protected]

2) sendmail / postfix / exim (system MTA)

  • Description: Full Mail Transfer Agents installed on servers; accept local submission via sendmail-compatible interface.
  • Install: apt: sudo apt install postfix (or exim4).
  • Strengths: Good for high-throughput server-side sending, local queueing, and integration.
  • Limitations: Requires configuration (DNS, SPF/DKIM) and maintenance.

Example (sendmail piping raw message):

Code
/usr/sbin/sendmail -t <<‘EOF’ From: [email protected] To: [email protected] Subject: Test message

 
Hello from sendmail. EOF

3) msmtp

  • Description: Lightweight SMTP client designed as a sendmail replacement; simple config per account.
  • Install: apt: sudo apt install msmtp or macOS: brew install msmtp.
  • Strengths: Simple config file, supports TLS and multiple accounts, easy to script.
  • Limitations: No queueing — delivery attempted immediately.

Config (~/.msmtprc):

Code
# Example ~/.msmtprc defaults auth           on tls            on tls_trust_file /etc/ssl/certs/ca-certificates.crt

 
account default host smtp.example.com port 587 user [email protected] passwordeval “passman get smtp-password” from [email protected]

Send command:

Code
echo -e “Subject: Test

 
Body” | msmtp [email protected]

4) s-nail (modern heirloom / mailx alternative)

  • Description: Enhanced mailx successor with improved features.
  • Install: apt: sudo apt install s-nail.
  • Strengths: Scriptable, supports attachments, MIME and SMTP auth.
  • Example similar to mailx; prefer for richer features.

Example with attachment:

Code
echo “Body” | s-nail -s “Subject” -a /path/to/file –   -S smtp=“smtp://smtp.example.com:587”   -S smtp-auth=login   -S smtp-auth-user=“[email protected]”   -S smtp-auth-password=“password”   [email protected]

5) swaks (Swiss Army Knife SMTP)

  • Description: Diagnostic SMTP tool ideal for testing SMTP servers and authentication.
  • Install: apt: sudo apt install swaks.
  • Strengths: Verbose debugging, many auth and TLS options.
  • Limitations: Mainly for testing rather than production scripting.

Example (AUTH PLAIN with TLS):

Code
swaks –to [email protected] –from [email protected]   –server smtp.example.com:587 –auth LOGIN   –auth-user [email protected] –auth-password ‘password’ –tls

6) curl (SMTP support)

  • Description: Modern curl supports SMTP(S) and can send messages using MIME.
  • Strengths: Already available on many systems, supports OAuth bearer tokens and attachments via MIME.
  • Example (simple):
Code
curl –url ‘smtp://smtp.example.com:587’ –ssl-reqd   –mail-from ‘[email protected]’ –mail-rcpt ‘[email protected]’   –user ‘[email protected]:password’   -T <(printf ‘Subject: Hi

 
Hello from curl ‘)
  • Example (attachment using –upload-file MIME):
Code
curl –url ‘smtps://smtp.example.com:465’ –user ‘user:password’   -T message.txt –upload-file message.txt –mail-from [email protected] –mail-rcpt [email protected]

7) nodemailer-cli / Python SMTP / send via API

  • Description: Use language-specific CLI scripts or API-based sending (SendGrid, Mailgun, Amazon SES).
  • Strengths: API providers often simplify deliverability and authentication (API keys).
  • Example (curl to Mailgun API):
Code
curl -s –user ‘api:YOUR_API_KEY’   https://api.mailgun.net/v3/YOUR_DOMAIN/messages
  -F from=‘Sender [email protected]’   -F to=‘[email protected]’   -F subject=‘Hello’   -F text=‘Test message’

Example command patterns (quick reference)

  • Simple one-liner using msmtp:
Code
echo -e “Subject: Hi

 
Body” | msmtp [email protected]
  • Send with attachment (mailx/s-nail):
Code
s-nail -s “Subject” -a file.pdf [email protected] < body.txt
  • Use system sendmail:
Code
sendmail -t < message.eml
  • SMTP via curl:
Code
curl –url ‘smtp://smtp.example.com:587’ –ssl-reqd –user ‘user:pass’   –mail-from ‘[email protected]’ –mail-rcpt ‘[email protected]’   -T message.txt

Security and deliverability checklist

  • Use TLS/STARTTLS and strong passwords or OAuth.
  • Prefer API-based sending for high deliverability (Mailgun, SendGrid, SES).
  • Publish SPF and DKIM records and consider DMARC.
  • Avoid putting raw passwords in scripts — use credential stores (pass, keyring, environment variables with restricted permissions).
  • Monitor bounce and spam reports.

Troubleshooting tips

  • Use verbose flags (-v, –debug, –trace) to see SMTP conversation.
  • Check mail logs (/var/log/mail.log, /var/log/maillog) for MTA issues.
  • Test connectivity: telnet smtp.example.com 587 or openssl s_client -connect smtp.example.com:465.
  • If emails land in spam, check SPF/DKIM, message headers, and sending IP reputation.

Minimal recommended setup

  • For simple scripts: msmtp + ~/.msmtprc with TLS and passwordeval.
  • For server-side bulk sending: properly configured Postfix or an API provider (SES/Mailgun) for better deliverability.

If you want, I can generate ready-to-use config snippets for your SMTP provider (give the provider name or SMTP details) or an example script that integrates email sending into a cron job.

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

More posts