This application can be used to troubleshoot and test SMTP connections.
The application is based on OpenSSL and also show how to
- STARTTLS connections via OpenSSL
- Send SMTP mail crafting the RFC821 and RFC822 part of a message
- Lookup MX records and pick the one with the lowest priority value
- Create a simple MIME encoded mail with a base64 encoded attachment
In addition it is a replacement for the Linux BSD mailx command if only the sending part is required.
mailx supports sending and receiving and needs quite some packages installed including postfix or sendmail usually. nshmailx in contrast is a single binary without additional package dependencies. It also brings an admin into full control of the sending process.
Nash!Com SMTP Mail Tool 1.2.3
Copyright 2024-2025, Nash!Com, Daniel Nashed
LibSSH2 1.11.0
OpenSSL 3.0.13 30 Jan 2024
(Build on: OpenSSL 3.0.13 30 Jan 2024)
Usage: nshmailx [Options]
-server <FQDN/IP> SMTP server DNS name or IP (Can be a relay host. By default MX record of the recipient's domain is used)
-host <FQDN> Hostname to send in EHLO (by default use server's hostname)
-port <number> Port of SMTP server (Default: 25)
-from <email> From address
-name <real name> Name to add to the from address as a phrase
-to <email> Send to recipient address
-cc <email> Copy to recipient address
-bcc <email> Blind copy to recipient address
-subject <text> Subject of message
-body <text> Body of message
-file <filepath> File send as body (specify '-' to write stdin to the UTF-8 formatted body)
-att <filepath> Attachment to send (specify '-' for attaching stdin to a file)
-attname <filename> File name for file to attach
-mailer <name> Mailer Name
-cipher <cipher list> OpenSSL cipher list string (colon separated) used for a connection
-NoTLS Disable TLS/SSL
-NoTLS13 Disable TLS 1.3
-Verify Verify TLS certificate
-v Verbose logging (specify twice for more verbose logging)
-silent Only log errors to stderr
-trace Show input and output with client/server tags)
-pem Dump pem data with cert/key info (specify twice for PEM of certificate chain)
-encrypt Encrypt message with S/MIME
-smime S/MIME file with PEM or raw Base64 DER certificate
-version Print full version including OpenSSL version
--version Only print program version without any headers and newline
-TestMessages Number of test messages to send
-TestBodySize <bytes> Bytes to sent for each test message body
-TestAttSize <bytes> Size of test attachment in bytes
SFTP Options [Only supports user/password. For key authentication use scp.]
-sput <host> SFTP Put (specify host name or IP).
-sget <host> SFTP Get.(specify host name or IP).
-user <username> SFTP user name
-password <password> User password
-password:env <var> Get user password from environment var
-password:file <path> Get user password from file
-password:promt Prompt for user password
-local <filepath> Local file to sget/sput
-remote <filepath> Remote file to sget/sput
-hostkey <base64> SSH compatible expected host key in Base64 without trailing =
-hostkey:env <var> Read SSH compatible expected host key from environment var (Base64 without trailing =)
-hostkey:file Read SSH compatible expected host key from file (Base64 without trailing =)
-sha Calculate SHA256 hash for upload/download
-hash <expected hash> Hash to verify. Hash type is derived from string (SHA1, SHA256, SHA384, SHA512)
Note: Also supports Linux BSD mailx command line sending options
Configuration file: /etc/nshmailx.cfg
from=<addr> Standard from address
fromname=<addr> Standard from name
mailer=<str> Mail agent
hostname=<std> Override default hostname
serveraddress=<addr> Set server address/relay host
cipherlist=<list> OpenSSL cipher list string (colon separated) used for a connection
rcptallowed=<regex> Regex expression to define allowed recipients. Or specify 'file' for only allow entries from -reptfile
rcptfile=<file> File name of recipients file (default: /etc/nshmailx.csv)
tls=0|1 Use TLS (enabled by default, can be disabled via tls=0
notls13=0|1 Disable TLS 1.3
verify=0|1 Verify certificate chain
ecdsa=0|1 Use ECDSA instead of RSA
utf8=0|1 Use UTF8
silent=0|1 Run silent. Only log errors to stderr
Mail with subject and body from command-line
./nshmailx -to nsh@acme.com -from nsh@acme.com -subject "Hello World ..." -body "This is a simple body text"
Mail with body from file /etc/os-release
./nshmailx -to nsh@acme.com -from nsh@acme.com -subject "Hello World ..." -file /etc/os-release
In this example the output of tar is packed into a file and named "notesdata.taz"
tar -cz /local/notesdata/*.ntf | ./nshmailx -to nsh@acme.com -from nsh@acme.com -subject "Notes Templates" -att - -attname notesdata.taz
Out of the box Fail2Ban uses sendmail. This command uses nshmailx to send mail instead.
Configuration file: /etc/fail2ban/action.d/sendmail-common.conf.
mailcmd = /usr/bin/nshmailx -from "<sender>" -to "<dest>" -file - -subject "Fail2Ban Report"
This application is mainly intended for Linux and provides a Linux makefile.
The main reason is that Linux provides an easy way to install OpenSSL development tools (openssl-devel) fitting your Linux version.
It has been tested with OpenSSL 3.0.x
Once the compiler and the OpenSSL development package is installed just run make.
dnf install openssl-devel libssh2-devel zlib-devel
apt install libssl-dev libssh2-1-dev zlib1g-dev