System Servicessmtptestingemailstarttlsauthlmtp

swaks

Swaks is a command-line SMTP test tool for testing SMTP setups, supporting STARTTLS and various authentication methods like PLAIN, LOGIN, CRAM-MD5, SPA, and DIGEST-MD5. It allows stopping the SMTP dialog at any stage, such as checking RCPT TO without sending a full email.

Description

Swaks (Swiss Army Knife SMTP) is a flexible, scriptable tool written in Perl designed for testing SMTP servers, including ESMTP and LMTP protocols. It supports multiple transport methods like network sockets, UNIX domain sockets, and pipes, making it ideal for operators and scripters who need to verify SMTP configurations without repeatedly using telnet.

Common use cases include delivering test emails, testing virus scanners with EICAR attachments, spam scanners with GTUBE, authentication mechanisms, and recipient verification. It can automate checks on multiple recipients from a file and supports advanced features like TLS negotiation and pipelining.

The tool processes options from configuration files, environment variables, and command line, with later settings overriding earlier ones. It distinguishes between envelope (true sender/recipients) and message headers/body, providing precise control over SMTP transactions.

How It Works

Swaks connects to a target via transports (network sockets default, UNIX sockets, or pipes) and communicates using SMTP/ESMTP/LMTP protocols. It handles features like STARTTLS for TLS, SMTP AUTH, pipelining, and XCLIENT. Options define envelope sender/recipients, HELO/EHLO strings, headers, body, and stop points (e.g., after RCPT or STARTTLS). The transaction follows SMTP flow: connect, banner, HELO/EHLO, MAIL FROM, RCPT TO, DATA (headers + body), QUIT. Users can quit early with --quit-after, use custom DATA, or test via pipes to spawned processes. Configuration prioritizes command line over env vars over files, with no- prefix to unset options.

Installation

bash

sudo apt install swaks

Flags

--server [<target-server>[:<port>]]Specify hostname or IP to connect via network sockets; defaults to recipient domain MX if unspecified.

--port [<port>]Specify TCP port on target; defaults to smtp/25.

--to [<email-address>[,<email-address>...]]Envelope-recipient(s); required unless quitting early.

--from [<email-address>]Envelope-sender; defaults to local user@fqdn.

--auth CRAM-MD5Use specified authentication method like CRAM-MD5.

--auth-user [<user>]Authentication username; prompts if unspecified.

--header-X-Test "test email"Add custom header to message.

--quit-after RCPTStop transaction after specified point and send QUIT.

--socket [<socket-file>]Connect via UNIX domain socket for LMTP etc.

--protocol LMTPUse LMTP protocol instead of SMTP.

Examples

Deliver standard test email to specified recipient on port 25.

swaks --to test@example.net --server test-server.example.net

Test CRAM-MD5 authentication with custom header; prompts for password.

swaks --to test@example.net --from user@example.com --auth CRAM-MD5 --auth-user user@example.com --header-X-Test "test email"

Test virus scanner with EICAR attachment without showing DATA.

swaks -t test@example.com --attach - --server test-server.example.com --suppress-data </path/to/eicar.txt

Test spam scanner using GTUBE in email body via MX records.

swaks --to test@example.com --body @/path/to/gtube/file

Deliver test email via LMTP over UNIX domain socket.

swaks --to test@example.com --socket /var/lda.sock --protocol LMTP

Report non-verifiable recipients from file by quitting after RCPT.

for E in `cat /path/to/email/file`; do swaks --to $E --server test-server.example.com --quit-after RCPT --hide-all; [ $? -ne 0 ] && echo $E; done

Updated 2026-04-16kali.org ↗