XNND DNS Tools

Let's send email....with curl!


Hey, *nix users! Did you know that you can send email using cURL? If you weren't aware, cURL "is a computer software project providing a library (libcurl) and command-line tool (curl) for transferring data using various network protocols. The name stands for 'Client URL'." (wikipedia

It's a very handy tool for those of us working in the email security, anti-spam or software-as-a-service space, allowing us to interact with web servers and services to download files and data. I use it quite a bit. But I had no idea that it can speak SMTP! It doesn't look too difficult to figure out, either.

Here's how I tested it myself, composing the command thusly (ignore those goofy quotes at the start and end):

curl --ssl-reqd \
--url 'smtp://gmail-smtp-in.l.google.com:25' \
--mail-from blarfengar@xnnd.com \
--mail-rcpt nugget@wombatmail.com \
--upload-file - << EOF
From: XNND Tester <blarfengar@xnnd.com>
To: Nugget <nugget@wombatmail.com>
Subject: Sending mail with CURL? Whut?

This is a pretty amazing email test, huh?

EOF

And it worked! My user "nugget" received the email as expected, in its Gmail-hosted mailbox. In my case, the email passed SPF authentication because I'm running this command from the XNND mail server.

This could come in handy for sending email notifications from an installed server that doesn't have an SMTP server running, or if it is broken. 

A couple of things to keep in mind:

  • Your emails have to authenticate properly, with at least SPF. So if you're going to use this, make sure that the sending domain has this server's IP address in its SPF record.
  • cURL is not going to perform MX lookups for you. So you need to look up and tell it the destination MX server yourself, like I've done above -- that Google server is one of the MX records for my wombatmail.com domain.

But let's simplify that a bit. You can also use cURL to relay an outbound email message through your own personal Gmail account. Here's my updated call to cURL (again, ignore the goofy quotes):

curl --ssl-reqd \
--url 'smtps://smtp.gmail.com:465' \
--user 'user@gmail.com:password' \
--mail-from 'user@gmail.com' \
--mail-rcpt 'nugget@wombatmail.com' \
--upload-file - << EOF
From: XNND Tester <user@gmail.com>
To: Nugget <nugget@wombatmail.com>
Subject: Sending mail with CURL? Whut?

This is a pretty amazing email test, huh?

EOF

Update this to use your own Gmail credentials -- user name and password -- in my case, I used an "app password" since I have 2FA enabled for my Gmail account. And it worked! The headers of the email I received looked just like if I had sent the email from the Gmail webmail interface. With proper DKIM and SPF authentication and everything.

This isn't the only way to send outbound email through Gmail from the unix command line. Indeed, I've previously blogged about configuring Postfix to do this. But this way requires no configuration, no editing files, and indeed, you don't even need Postfix installed. As I mentioned in my previous post about sending mail through Gmail, keep in mind that Google has some pretty severe rate limits in place; this isn't going to be useful to send large amounts of bulk mail. But for emergency alerts, notifications or crontab output? It could be quite helpful!

I thought this was a pretty neat hack and I hope you do, too. Happy hacking!

3 Comments

Comments policy: Al is always right. Kidding, mostly. Be polite, please and thank you.

  1. i mean you can pretty much sending mail through various program language if you can connect to remote smtp server thats how smtp work. But good share tho. I don't even know curl can send smtp. Guess i need to read more :P

    ReplyDelete
  2. doesn't work anymore 'To help keep your account secure, Google will no longer support the use of third-party apps or devices which ask you to sign in to your Google Account using only your username and password. Instead, you’ll need to sign in using Sign in with Google or other more secure technologies, like OAuth 2.0. Learn more"

    ReplyDelete
  3. It works fine, my email forwarding system just successfully sent me an email this way about 36 seconds ago. Note what I said above about 2FA and application passwords. Those are necessary for high geekery such as this.

    ReplyDelete
Previous Post Next Post