The smtpmail command sends mail to a list of specified e-mail addresses using the Simple Mail Transport Protocol (SMTP). To use this command, you must have the TCP/IP service installed. You must also be actively connected using TCP/IP when issuing the smtpmail command because the command has no dialing capabilities and would otherwise be unable to connect to a host.
smtpmail reads the message to be sent from the standard input. The message is terminated by an EOF ( CTRL-Z on console) or a line consisting of a single period (.).
For secure hosts, ROOTDIR/etc/openssl/cert.pem.
standard certificate authorities is loaded by openssl from
ROOTDIR/etc/openssl/cert.pem. This file must be populated before
openssl will initialize. It is not provided by the PTC MKS Toolkit installation, rather
a script ROOTDIR/etc/openssl/mkcabundle.pl is provided
to populate the file with a sample set of certificates
dynamically downloaded from the mozilla trusted certificates list. You may of course
choose to provide your own list of trusted root certificates.
You can supply additional certificate authorities by adding a
cert.pem file to your home directory or by
At least one e-mail address must be specified. It can be a to-address, cc-address, or bcc-address.
Enables the passing of your current login credentials to the server (see Authentication below). If authentication fails (possibly, because either the client or server does not support the mechanism used to pass the credentials), the user is prompted to provide a password.
Specifies a file to be attached to the message.
You can specify
-amultiple times to attach multiple files. -Bbcc-address -bccbcc-address
Sends a "blind carbon copy" of the message. That is, a copy of the message is sent to the speciifed bcc-address but that e-mail address does not appear in the message received by other recipients.
You can specify
-Bor -bccmultiple times to send "blind carbon copies" to multiple addresses. -Ccc-address -cccc-address
Sends a "carbon copy" of the message. That is, a copy of the message is sent to the specified cc-address. That e-mail address is included in the message received by all recipients.
You can specify
-Cor -ccmultiple times to send "carbon copies" to multiple addresses. -ccertfile
Specifies an alternative .pem file name to use as a certificate authority. The specified file may have been created with the openssl utility or supplied by a recognized authority.
Provides extra debugging information.
-ea -eo -e8
Specifies the character encoding to be used in the message. When none of these three options are specified, smtpmail encodes the message as though
-eowas specified. -easpecifies that ISO-8859 ANSI encoding is to be used to encode the message header and body. -eospecifies that the IBM850 OEM character set is to be used to encode the message header and body. Any non-ASCII header fields will be encoded using 7 bit US ASCII characters (as per Internet RFC 2047). -e8specifies that UTF8 encoding is to be used to encode the message header and body. -ffrom-addr
Specifies an Internet mail address that identifies the sender.
from-addr can be of two forms: a simple e-mail address or a combination of a friendly name and an e-mail address. The first form is something like:
while the second form adds a friendly name that is to be displayed instead of the e-mail address. It looks like this:
-f "Nobody At All <firstname.lastname@example.org>"
When the TK_SMTPMAIL_FROMADDR environment variable is set, its value is used instead of any "from address" specified by this option.
Specifies a friendly name to be used in place of the e-mail address specified with
-fwhen the message is displayed. For example:
-f email@example.com -F "Nobody At All"
-f "Nobody At All <firstname.lastname@example.org>"
-foption already specifies a friendly name, this option is ignored. So, for example:
-f "Nobody At All <email@example.com>" -F "Nobody Does It Better"
sends the e-mail from firstname.lastname@example.org with a friendly name of "Nobody At All". The friendly name specified by the
-Foption is not used. -hhostname
Attempts to connect with the specified hostname. Without this option, smtpmail connects with the machine identified by the MAILHOST environment variable, if set. If MAILHOST is unset, smtpmail attempts to connect with mailhost.yourdomain where yourdomain is read from the registry (either from HKLM\System\CurrentControlSet\Services\Tcpip\Parameter\Domain or HKLM\System\CurrentControlSet\Services\Tcpip\Parameter\DhcpDomain, depending on which is populated).
Includes the specified message text (ANSI, OEM, or UTF8 text passed in from
-mfile or the standard input) twice in the message. It is included first in its original text format and then again enclosed in a simple HTML wrapper.
When you specify the
-Moption, the -lor -htmloption is ignored. -HGSSAPI-SPN -spnGSSAPI-SPN
Attempts to connect to the server with the Server Provider Name (SPN) specified by GSSAPI-SPN. When the GSSAPI or DIGEST-MD5 authentication mechanisms are being used, the client must specify a SPN registered by the server.
When neither of these options is specified, smtpmail uses a SPN of HOST/hostname if the
-hhostname option is given or a SPN of HOST/$MAILHOST if -his also omitted. Finally, if none of these options are specified and the MAILHOST environment variable is not set, smtpmail attempts to connect with the machine specified as the Domain host in the TCP/IP settings.
You can determine the SPN of a server by using the setspn utility (provided as part of the Windows support tools that can be installed from your Windows CD). The command:
setspn -L account
displays all the registered SPNs of the specified account. To display the list of registered SPNs associated with a given computer account, one would use:
setspn -L computername$
Ignores SSL security errors.
Specifies an HTML alternative to the non-HTML message text supplied by the
-mfile option or through the standard output. The message sent includes first the non-HTML text and then the HTML contents of the specified htmlfile.
When you specify this option, the
-htmlor -loption, if also specified, is ignored. -mfile
Sends the contents of the specified file as the text of the message.
Sends the time zone as a numeric offset from Greenwich Mean Time (Coordinated Universal Time) rather than the default abbreviation. This is the default behavior for smtp. You do not need to explicitly set this option.
Specifies a password to use when the remote hostname requires authentication. If you don't use this option with the
-uoption, smtpmail prompts you for a password. -Pport
Specifies the outbound TCP port to use to connect to the SMTP server. This option is mututally exclusive to the
-rTCP service option. -rport
Specifies the outbound TCP service to use to connect to the SMTP server. The service is looked up in the services database and that port is used to connect to the SMTP server. This option is mututally exclusive to the
-PTCP port option. -S
creates a secure connection using SSL.
Includes a standard e-mail header with the message and specifies the subject text for that header. Without this option, smtpmail assumes that the message contains a properly formatted e-mail header and nothing is added.
Specifies the number of seconds that smtpmail has to complete the operation before timing out and issuing an error.
Specifies the username to use if the remote hostname requires authentication. If you don't also specify
-ppassword, smtpmail prompts you for one.
Not all authentication mechanisms understand domain names. For those that do, you can specify username as domain/user or domain\user. However, for those that do not (such as CRAM-MD5), the domain name should not be included.
Specifies an authentication exclusion list (auth_excl_list). auth_excl_list is a comma-separated list of authentication mechanisms to ignore when attempting authentication. This list can contain any of the authentication mechanisms listed under Authentication below and is case insensitive.
It is recommended that auth_excl_list be placed within double quotes to ensure the command is always correctly interpreted by the shell or command interpreter being used.
If a header is added, it has the following fields:
contains the address of the sender. This is the Internet address specified by the
-foption. When no -foption is given, it is an address formed by combining the user name of the current user with the domain name specified in the registry (either in HKLM\System\CurrentControlSet\Services\Tcpip\Parameter\Domain or HKLM\System\CurrentControlSet\Services\Tcpip\Parameter\DhcpDomain, depending on which is populated).
contains the specified subject text.
contains the same address as the Return-Path: field.
contains the date and time that the smtpmail command was issued.
contains the list of users to receive the message as specified on the command line.
When smtpmail attempts to connect to a server, the following steps are performed:
smtpmail attempts to connect using the user name and password specified with
-uand -p(prompting for a password, if no -pis given and login credential passing is disabled) by cycling through various authentication mechanisms until connection is acheived. When no -uis specified, smtpmail tries to connect using anonymous authentication, that is, no user name or password are passed to the server.
When login credential passing is enabled (either with
-Aor by setting the TK_ENABLE_CREDENTIAL_PASSING variable) and -uis specified, smtpmail passes that user name to SSPI and lets Windows determine the appropriate password and cycles through various authentication mechanisms until the connection is achieved.
When login credential passing is enabled and no user name is specified with
-u, smtpmail uses various methods to determine the user name depending on the authentication mechanism being attempted. For example, with SSPI mechanisms, no credentials are passed and Windows determines what user name should be used while with CRAM-MD5 or LOGIN, the current logged in user name is used (along with the domain if necessary).
Normally, login credential passing is disabled for the
However, by setting the environment variable
TK_ENABLE_CREDENTIAL_PASSING or by specifying the
The following authentication mechanisms are supported for smtpmail:
Uses a keyed MD5 checksum created using a shared secret string (known only to the client and server) as the key. With this mechanism, the shared secret string does not need to be stored as clear text on the server and, thus, is more secure.
Uses a MD5 checksum (similar to that generated by the md5sum utility) generated from the user name, password, and other information for authentication. This mechanism is only slightly more secure than BASIC.
Stands for Generic Security Systems Application Programming Interface. It is a generic API for performing client-server authentication. As such, it allows applications to pass or receive credentials without knowledge of the specific authentication mechanism being used. GSSAPI has been implemented for a range of underlying mechanisms (such as Kerberos) based on secret-key and public-key cryptography. SSPI (Security Service Provider Interface) on Windows systems can generate GSSAPI-compatible Kerberos packets.
Is a not particularly secure authentication method that uses primarily clear text to transmit the user name and password. This is similar to the BASIC authentication method used by the web utility.
Is an authentication mechanism used by Windows, particularly as a integrated single sign-on (SSO) mechanism. It uses a challenge-response dialog between the client and server to allow the client to prove its identity without actually sending a password.
You can use smtpmail as the mail delivery agent for mailx by adding the following line to your ROOTDIR/etc/mailx.rc file:
Note that you must replace c:/mks/mksnt with the path to the smtpmail executable on your system.
specifies the machine to be used as the mail host when the
-his not specified.
When set, enables the passing of your current login credentials to the server.
specifies an Internet mail address that identifies the sender. See the description of the
-foption for the format of this address. When set, this environment variable overrides any "from address" set with the -foption.
Possible exit status values are:
The message was successfully transmitted to the remote host. This does not mean that any of the specified users actually received the message, only that it was successfully sent on the first stage of its journey.
Failure due to any of the following:
Windows 7. Windows Server 2008 R2. Windows 8. Windows Server 2012. Windows 10. Windows Server 2016.
PTC MKS Toolkit for System Administrators
PTC MKS Toolkit for Developers
PTC MKS Toolkit for Interoperability
PTC MKS Toolkit for Professional Developers
PTC MKS Toolkit for Professional Developers 64-Bit Edition
PTC MKS Toolkit for Enterprise Developers
PTC MKS Toolkit for Enterprise Developers 64-Bit Edition
PTC MKS Toolkit 10.1 patch 1 Documentation Build 2.