Skip to content

Instantly share code, notes, and snippets.

@jim3ma
Forked from chrisgillis/ssl_smtp_example.go
Last active July 1, 2024 00:01
Show Gist options
  • Save jim3ma/b5c9edeac77ac92157f8f8affa290f45 to your computer and use it in GitHub Desktop.
Save jim3ma/b5c9edeac77ac92157f8f8affa290f45 to your computer and use it in GitHub Desktop.
Golang StartTLS SMTP Example
package main
import (
"fmt"
"log"
"net"
"net/mail"
"net/smtp"
"crypto/tls"
)
// StartTLS Email Example
func main() {
from := mail.Address{"", "username@example.tld"}
to := mail.Address{"", "username@anotherexample.tld"}
subj := "This is the email subject"
body := "This is an example body.\n With two lines."
// Setup headers
headers := make(map[string]string)
headers["From"] = from.String()
headers["To"] = to.String()
headers["Subject"] = subj
// Setup message
message := ""
for k,v := range headers {
message += fmt.Sprintf("%s: %s\r\n", k, v)
}
message += "\r\n" + body
// Connect to the SMTP Server
servername := "smtp.example.tld:465"
host, _, _ := net.SplitHostPort(servername)
auth := smtp.PlainAuth("","username@example.tld", "password", host)
// TLS config
tlsconfig := &tls.Config {
InsecureSkipVerify: true,
ServerName: host,
}
c, err := smtp.Dial(servername)
if err != nil {
log.Panic(err)
}
c.StartTLS(tlsconfig)
// Auth
if err = c.Auth(auth); err != nil {
log.Panic(err)
}
// To && From
if err = c.Mail(from.Address); err != nil {
log.Panic(err)
}
if err = c.Rcpt(to.Address); err != nil {
log.Panic(err)
}
// Data
w, err := c.Data()
if err != nil {
log.Panic(err)
}
_, err = w.Write([]byte(message))
if err != nil {
log.Panic(err)
}
err = w.Close()
if err != nil {
log.Panic(err)
}
c.Quit()
}
@so0k
Copy link

so0k commented Jun 7, 2018

Do note that setting InsecureSkipVerify is for testing only. If InsecureSkipVerify is true, TLS accepts any certificate presented by the server and any host name in that certificate. In this mode, TLS is susceptible to man-in-the-middle attacks.

Drop this for anyone using the above sample code

@utrack
Copy link

utrack commented Nov 5, 2020

Also note that c.StartTLS() error is unchecked.

@rojvv
Copy link

rojvv commented Dec 28, 2022

Thanks!

@poloyacero
Copy link

@so0k If I set InsecureSkipVerify to false is there any more verification I need to implement? Could you guide me on this? Thanks

@vincenthsh
Copy link

vincenthsh commented Mar 9, 2023

@poloyacero - depends on the certificate chain presented to your code?

if the server you're connecting to uses a trusted root CA (i.e. Let's Encrypt issued certificate) - then you don't have to do anything (as long as the client running the code has the certificate authorities loaded (which is in all linux, macos, windows distros) it should "just work"

if however, you're using this code in test or local dev where you self sign certificates for testing an smtp server, then you need to drop the verification, or you need to run the right command to trust the root CA that signs the certificates of the host you're testing against

@urko-b
Copy link

urko-b commented Mar 13, 2023

thanks so much to share I really appreciate. I would like to know how can I send html in body. Kind regards

@y-vas
Copy link

y-vas commented May 18, 2023

@urko-b html goes directly into the body
body := "<div>This is an <b>example</b> body.\n With two lines.</div>"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment