Sending email with openssl and

This is an exercise to learn about TLS, OpenSSL’s command line tool, and SMTP.

Gmail’s SMTP server is a feature offered to its users which requires a TLS connection, and a username and password authentication. The username is your email address. Gina Trapani wrote an article on Lifehacker in 2005 on how to configure your email client to use Google’s SMTP server.

Now I am studying all things SMTP related in order to deploy my own personnal SMTP server. Here is the geeky way of sending mail through Google’s SMTP server using the command line. I am on a GNU/Linux terminal and OpenSSL’s command line tool — openssl — is available.

Prepare your credentials

The AUTH LOGIN authentication method requires base64 encoding your username and password.

bash$ openssl base64 <<<
bash$ openssl base64 <<< lame_password

Connect to

If the SMTP server doesn’t require a TLS connection, we could just telnet into it. We will be using openssl s_client for this exercise.

Following the practice in RFCs documenting SMTP, lines starting with C: are typed and those starting with S: are server replies. Some gibberish was removed from the server replies for simplification.

bash$ openssl s_client -connect -starttls smtp -crlf
S: 250
S: 334 VXNlcm5hbWU6
C: c29tZV9kdWRlQGdtYWlsLmNvbQo=
S: 334 UGFzc3dvcmQ6
C: bGFtZV9wYXNzd29yZAo=
S: 235 Accepted
S: 250 OK
C: rcpt to:<>
S: 250 OK
S: 354  Go ahead
C: To:
Subject: Test email through with openssl

Message's body.
S: 250 OK
S: 221 closing connection


Let’s study the command line options passed to openssl:

This openssl subcommand implements a generic SSL/TLS client intended for testing purposes.
Connect to Google’s SMTP server on port 587. Note that port 25 is for mail transmission, wheras port 587 is the official port for mail submission.
-starttls smtp
This option instructs s_client to send the STARTTLS smtp command and perform the TLS negotiation with the server. All subsequent TCP communication will be tunnelled through TLS, allowing for secure authentication.
Convert LF from terminal into CRLF as required by RFC5321.

s_client interprets lines starting with R or Q as his own commands. This is why you must send the SMTP command rcpt in lowercase. You must also pay attention to your base64 encoded credentials, and DATA content for any lines starting with R or Q. You can prepend a space to your username and password if required.

See man 1 s_client for more information. Don’t hesitate to send me a message at if you have a question or a comment.

Alexandre de Verteuil
Alexandre de Verteuil
Solutions Architect

I teach people how to see the matrix metrics.
Monkeys and sunsets make me happy.