-
-
Save jim3ma/b5c9edeac77ac92157f8f8affa290f45 to your computer and use it in GitHub Desktop.
package main | |
import ( | |
"fmt" | |
"log" | |
"net" | |
"net/mail" | |
"net/smtp" | |
"crypto/tls" | |
) | |
// StartTLS Email Example | |
func main() { | |
from := mail.Address{"", "username@example.tld"} | |
to := mail.Address{"", "username@anotherexample.tld"} | |
subj := "This is the email subject" | |
body := "This is an example body.\n With two lines." | |
// Setup headers | |
headers := make(map[string]string) | |
headers["From"] = from.String() | |
headers["To"] = to.String() | |
headers["Subject"] = subj | |
// Setup message | |
message := "" | |
for k,v := range headers { | |
message += fmt.Sprintf("%s: %s\r\n", k, v) | |
} | |
message += "\r\n" + body | |
// Connect to the SMTP Server | |
servername := "smtp.example.tld:465" | |
host, _, _ := net.SplitHostPort(servername) | |
auth := smtp.PlainAuth("","username@example.tld", "password", host) | |
// TLS config | |
tlsconfig := &tls.Config { | |
InsecureSkipVerify: true, | |
ServerName: host, | |
} | |
c, err := smtp.Dial(servername) | |
if err != nil { | |
log.Panic(err) | |
} | |
c.StartTLS(tlsconfig) | |
// Auth | |
if err = c.Auth(auth); err != nil { | |
log.Panic(err) | |
} | |
// To && From | |
if err = c.Mail(from.Address); err != nil { | |
log.Panic(err) | |
} | |
if err = c.Rcpt(to.Address); err != nil { | |
log.Panic(err) | |
} | |
// Data | |
w, err := c.Data() | |
if err != nil { | |
log.Panic(err) | |
} | |
_, err = w.Write([]byte(message)) | |
if err != nil { | |
log.Panic(err) | |
} | |
err = w.Close() | |
if err != nil { | |
log.Panic(err) | |
} | |
c.Quit() | |
} |
Also note that c.StartTLS() error is unchecked.
Thanks!
@so0k If I set InsecureSkipVerify to false is there any more verification I need to implement? Could you guide me on this? Thanks
@poloyacero - depends on the certificate chain presented to your code?
if the server you're connecting to uses a trusted root CA (i.e. Let's Encrypt issued certificate) - then you don't have to do anything (as long as the client running the code has the certificate authorities loaded (which is in all linux, macos, windows distros) it should "just work"
if however, you're using this code in test or local dev where you self sign certificates for testing an smtp server, then you need to drop the verification, or you need to run the right command to trust the root CA that signs the certificates of the host you're testing against
thanks so much to share I really appreciate. I would like to know how can I send html in body. Kind regards
@urko-b html goes directly into the body
body := "<div>This is an <b>example</b> body.\n With two lines.</div>"
Do note that setting InsecureSkipVerify is for testing only. If InsecureSkipVerify is true, TLS accepts any certificate presented by the server and any host name in that certificate. In this mode, TLS is susceptible to man-in-the-middle attacks.
Drop this for anyone using the above sample code