sSMTP – Simple MTA to get Mail off the System
Last Updated on 2017-07-02 by Sture
Description
A secure, effective and simple way of getting mail off a system to your mail hub. It does not include a mail spool to poke around in, and no daemons running in the background. Mail is simply forwarded to the configured mailhost. Extremely easy configuration.
WARNING: the above is all it does; it does not receive mail, expand aliases or manage a queue. That belongs on a mail hub with a system administrator.
WWW: http://packages.debian.org/stable/mail/ssmtp.
Preparation for Installation
Start PuTTY on a Windows PC, Terminal on a Mac or similar terminal application on a Linux PC.
In this example Terminal on a Mac is used.
Open a remote SSH session to the server with:
Mac:~ user$ ssh user@192.168.1.4 [enter][user@server ~]$Enable superuser privileges with:
[user@server ~]$ sudo -s [enter]
Password: <-- passwd [enter]
[root@server /usr/home/user]#N.B.: Enter user password, not the root password!
Installation
Install sSMTP with;
[root@server /usr/home/user]# pkg install ssmtp [enter]
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 1 package(s) will be affected (of 0 checked):
New packages to be INSTALLED:
ssmtp: 2.64_2
Number of packages to be installed: 1
19 KiB to be downloaded.
Proceed with this action? [y/N]: y [enter]
[1/1] Fetching ssmtp-2.64_2.txz: 100% 19 KiB 19.8kB/s 00:01
Checking integrity... done (0 conflicting)
[1/1] Installing ssmtp-2.64_2...
===> Creating groups.
Creating group 'ssmtp' with gid '916'.
Extracting ssmtp-2.64_2: 100%
Message from ssmtp-2.64_2:
sSMTP has been installed successfully.
To replace sendmail with ssmtp type "make replace" or change
your /etc/mail/mailer.conf to:
sendmail /usr/local/sbin/ssmtp
send-mail /usr/local/sbin/ssmtp
mailq /usr/local/sbin/ssmtp
newaliases /usr/local/sbin/ssmtp
hoststat /usr/bin/true
purgestat /usr/bin/true
However, before you can use the program, you should copy the files
"revaliases.sample" and "ssmtp.conf.sample" in /usr/local/etc/ssmtp
to "revaliases" and "ssmtp.conf" respectively and edit them to suit
your needs.
[root@server /usr/home/user]#Configuration
Stop the Sendmail daemon if it is running:
[root@server /usr/home/user]# service sendmail stop [enter]
Stopping sendmail.
Waiting for PIDS: 739.
Stopping sendmail_msp_queue.
Waiting for PIDS: 742.
[root@server /usr/home/user]#To disable sendmail on system boot, add information to /etc/rc.conf with this commands:
[root@server /usr/home/user]# echo '' >> /etc/rc.conf; echo '# Disable Sendmail' >> /etc/rc.conf; echo 'sendmail_enable="NONE"' >> /etc/rc.conf
[root@server /usr/home/user]#Edit file /etc/mail/mailer.conf with
[root@server /usr/home/user]# ee /etc/mail/mailer.conf [enter]It should look like this:
#
# Use "ssmtp" for sending mail
#
sendmail /usr/local/sbin/ssmtp
send-mail /usr/local/sbin/ssmtp
mailq /usr/libexec/sendmail/sendmail
newaliases /usr/libexec/sendmail/sendmail
hoststat /usr/libexec/sendmail/sendmail
purgestat /usr/libexec/sendmail/sendmailThe command sendmail will invoke the ssmtp executable. But you have not told sSMTP which SMTP server to use with which credentials. These settings are looked for in the sSMTP configuration files /usr/local/etc/ssmtp/revaliases and /usr/local/etc/ssmtp/ssmtp.conf.
Copy the sample file /usr/local/etc/revaliases.sample to /usr/local/etc/revaliases with:
[root@server /usr/home/user]# cp /usr/local/etc/ssmtp/revaliases.sample /usr/local/etc/ssmtp/revaliases [enter]…and edit appropriately with this command:
[root@server /usr/home/user]# ee /usr/local/etc/ssmtp/revaliases [enter]Example:
# sSMTP aliases
#
# Format: local_account:outgoing_address:mailhub
#
# Example: root:your_login@your.domain:mailhub.your.domain[:port]
# where [:port] is an optional port number that defaults to 25.
root:your.mail@example.net:mail.example.net
postmaster:your.mail@example.net:mail.example.netCreate an ssmtp user with:
[root@server /usr/home/user]# pw useradd ssmtp -g ssmtp -h - -s /usr/sbin/nologin -d /nonexistent -c "sSMTP pseudo-user" [enter]
[root@server /usr/home/user]#This will add the ssmtp user in the ssmtp group, disallowing password-based logins (-h).
Set the correct owner and permissions on the sSMTP configuration directory. We set the setuid bit (see chmod(1) to make sure new files in the directory will be owned by the user ssmtp as well:
[root@server /usr/home/user]# chown -R ssmtp:wheel /usr/local/etc/ssmtp/; chmod 4750 /usr/local/etc/ssmtp [enter]
[root@server /usr/home/user]#Now the configuration file is set up and protected from unauthorized eyes, the ssmtp executable should be given access to the file. To accomplish this, we will let it run as the ssmtp user.
Make the ssmtp executable owned by the ssmtp user:
[root@server /usr/home/user]# chown ssmtp:nogroup /usr/local/sbin/ssmtp; chmod 4555 /usr/local/sbin/ssmtp [enter]
[root@server /usr/home/user]#Copy the sample file /usr/local/etc/smartd.conf.sample to /usr/local/etc/smartd.conf with:
[root@server /usr/home/user]# cp /usr/local/etc/ssmtp/ssmtp.conf.sample /usr/local/etc/ssmtp/ssmtp.conf [enter]…and edit appropriately with this command:
[root@server /usr/home/user]# ee /usr/local/etc/ssmtp/ssmtp.conf [enter]Example:
#
# /etc/ssmtp.conf -- a config file for sSMTP sendmail.
#
# The person who gets all mail for userids < 1000
# Make this empty to disable rewriting.
root=your.mail@example.net
# The place where the mail goes. The actual machine name is required
# no MX records are consulted. Commonly mailhosts are named mail.domain.com
# The example will fit if you are in domain.com and your mailhub is so named.
mailhub=mail.example.net:465
# Example for SMTP port number 2525
# mailhub=mail.your.domain:2525
# Example for SMTP port number 25 (Standard/RFC)
# mailhub=mail.your.domain
# Example for SSL encrypted connection
# mailhub=mail.your.domain:465
# Where will the mail seem to come from?
rewriteDomain=example.net
# The full hostname
hostname=server.example.net
# Set this to never rewrite the "From:" line (unless not given) and to
# use that address in the "from line" of the envelope.
FromLineOverride=YES
# Use SSL/TLS to send secure messages to server.
UseTLS=YES
# Use SSL/TLS certificate to authenticate against smtp host.
#UseTLSCert=YES
# Use this RSA certificate.
#TLSCert=/usr/local/etc/ssmtp/ssmtp.pem
# Get enhanced (*really* enhanced) debugging information in the logs
# If you want to have debugging of the config file parsing, move this option
# to the top of the config file and uncomment
#Debug=YES
# Username/Password
AuthUser=username
AuthPass=passwordEdit file /etc/crontab with:
[root@server /usr/home/user]# ee /etc/crontab [enter]Add the following two lines (example):
# /etc/crontab - root's crontab for FreeBSD
#
# $FreeBSD: src/etc/crontab,v 1.33.2.1.4.1 2010/06/14 02:09:06 kensmith Exp $
#
SHELL=/bin/sh
PATH=/etc:/bin:/sbin:/usr/bin:/usr/sbin
HOME=/var/log
MAILTO="your.mail@example.net"
#
.Run some tests as an unprivileged user – user should not a member of groupe ssmtp – with:
[user@server ~]$ cat /usr/local/etc/ssmtp/ssmtp.conf [enter]
cat: /usr/local/etc/ssmtp/ssmtp.conf: Permission denied
[user@server ~]$Test your mail settings with this two examples:
Create a textfile with the message that you are going to send with:
[user@server ~]$ ee ~/ssmtp-test.txt [enter]Example Test Message:
To: youre.mail@example.net
From: youre.mail@example.net
Subject: Test message via sSMTP
This is a test message sent via sSMTPRun this two command to send the testmessage:
[user@server ~]$ ssmtp -v youre.mail@example.net < ~/ssmtp-test.txt [enter]
[<-] 220 smtpout.example.net cmsmtp ESMTP server ready
[->] EHLO server.example.net
[<-] 250 OK
[->] AUTH LOGIN
[<-] 334 VXNlcm5hbWU6
[->] dTMxNTE0NDE1
[<-] 334 UGFzc3dvcmQ6
[<-] 235 2.7.0 ... authentication succeeded
[->] MAIL FROM:<youre.mail@example.net>
[<-] 250 2.1.0 <youre.mail@example.net> sender ok
[->] RCPT TO:<youre.mail@example.net>
[<-] 250 2.1.5 <youre.mail@example.net> recipient ok
[->] DATA
[<-] 354 OK
[->] Received: by server.example.net (sSMTP sendmail emulation); Wed, 06 Jan 2016 13:09:02 +0100
[->] Date: Wed, 06 Jan 2016 13:09:02 +0100
[->] To: youre.mail@example.net
[->] From: youre.mail@example.net
[->] Subject: Test message
[->]
[->] This is a test meesage sent via sSMTP
[->] .
[<-] 250 2.0.0 Gmt................U9X mail accepted for delivery
[->] QUIT
[<-] 221 2.0.0 smtpout.example.net cmsmtp closing connection
[user@server ~]$N.B.: Mail transfer output to the terminal has been edited for security reasons!
[user@server ~]$ sendmail your.mail@example.net < ~/ssmtp-test.txt [enter]
[user@server ~]$[root@user ~]# mail -s "Testing sSMTP" your.address@example.net [enter]
This is a test with sSMTP [enter]
Type <Ctr><D> on a blank line to send message.
[root@user ~]$Change user to root and heck error log with:
[root@server /usr/home/user]# tail /var/log/maillog [enter]
Jan 6 13:00:00 server newsyslog[1427]: logfile first created
Jan 6 13:09:02 server sSMTP[8552]: Creating SSL connection to host
Jan 6 13:09:03 server sSMTP[8552]: SSL connection using DHE-RSA-AES256-GCM-SHA384
Jan 6 13:09:04 server sSMTP[8552]: Sent mail for your.mail@example.net (221 2.0.0 smtpout.example.net cmsmtp closing connection) uid=1000 username=user outbytes=404
Jan 6 13:24:48 server sSMTP[8735]: Creating SSL connection to host
Jan 6 13:24:48 server sSMTP[8735]: SSL connection using DHE-RSA-AES256-GCM-SHA384
Jan 6 13:24:49 server sSMTP[8735]: Sent mail for your.mail@example.net (221 2.0.0 smtpout.example.net cmsmtp closing connection) uid=1000 username=user outbytes=404
Jan 6 13:25:12 server sSMTP[8740]: Creating SSL connection to host
Jan 6 13:25:12 server sSMTP[8740]: SSL connection using DHE-RSA-AES256-GCM-SHA384
Jan 6 13:25:14 server sSMTP[8740]: Sent mail for your.mail@example.net (221 2.0.0 smtpout.example.net cmsmtp closing connection) uid=1000 username=user outbytes=404
[root@server /usr/home/user]#