Difference between revisions of "Msmtp"

From ArchWiki
Jump to: navigation, search
m (Using the mail command: Fix installation style.)
m (GnuPG)
 
(55 intermediate revisions by 27 users not shown)
Line 1: Line 1:
[[Category:Email Client]]
 
[[Category:Mail Server]]
 
 
{{Lowercase title}}
 
{{Lowercase title}}
 +
[[Category:Email clients]]
 +
[[Category:Mail server]]
 +
[[ja:Msmtp]]
 +
{{Related articles start}}
 +
{{Related|mutt}}
 +
{{Related|OfflineIMAP}}
 +
{{Related articles end}}
  
{{Article summary start}}
+
[http://msmtp.sourceforge.net/ msmtp] is a very simple and easy to use SMTP client with fairly complete [[Wikipedia:sendmail|sendmail]] compatibility.
{{Article summary text|msmtp configuration and usage hints.}}
+
{{Article summary heading|Required software}}
+
{{Article summary link|msmtp|http://msmtp.sourceforge.net/}}
+
{{Article summary heading|Related}}
+
{{Article summary wiki|mutt}}
+
{{Article summary wiki|OfflineIMAP}}
+
{{Article summary end}}
+
  
'''msmtp''' is a very simple and easy to use smtp client with excellent [[Wikipedia:sendmail|sendmail]] compatibility.
+
== Installing ==
  
An alternative lightweight MTA that also handles local mail is {{AUR|dma}}, available in the [[AUR]].
+
msmtp can be [[installed]] with the package {{Pkg|msmtp}}.  Additionally install {{Pkg|msmtp-mta}} that creates a sendmail alias to msmtp.
  
==Installing==
+
== Basic setup ==
msmtp can be [[pacman|installed]] with package {{Pkg|msmtp}}, available in the [[official repositories]]. Optionally, installing {{Pkg|msmtp-mta}} creates a sendmail alias to msmtp.
+
 
 +
The following is an example of a msmtp configuration (the file is based on the packaged, regular-user, example located at {{ic|/usr/share/doc/msmtp/msmtprc-user.example}}; the system configuration file belongs at {{ic|/etc/msmtprc}} and it's example is located at {{ic|/usr/share/doc/msmtp/msmtprc-system.example}}):
  
==Quick start==
 
The following is an example of a msmtp configuration file for several accounts. If msmtp throws errors when using this file, search for double byte '\xc2\xa0' characters that may have been erroneously inserted.
 
 
{{hc|~/.msmtprc|
 
{{hc|~/.msmtprc|
# Accounts will inherit settings from this section
+
# Set default values for all following accounts.
 
defaults
 
defaults
auth             on
+
auth           on
tls             on
+
tls           on
tls_trust_file   /usr/share/ca-certificates/mozilla/Thawte_Premium_Server_CA.crt
+
tls_trust_file /etc/ssl/certs/ca-certificates.crt
 +
logfile        ~/.msmtp.log
  
# A first gmail address
+
# Gmail
 
account        gmail
 
account        gmail
 
host          smtp.gmail.com
 
host          smtp.gmail.com
 
port          587
 
port          587
from          username@gmail.com
+
from          ''username''@gmail.com
user          username@gmail.com
+
user          ''username''
password      password
+
password      ''plain-text-password''
tls_trust_file /etc/ssl/certs/ca-certificates.crt
+
 
+
# A second gmail address
+
account    gmail2 : gmail
+
from      username2@gmail.com
+
user      username2@gmail.com
+
password   password2
+
  
 
# A freemail service
 
# A freemail service
account   freemail
+
account       freemail
host       smtp.freemail.example
+
host           smtp.freemail.example
from       joe_smith@freemail.example
+
from           joe_smith@freemail.example
user      joe.smith
+
...
password  secret
+
 
+
# A provider's service
+
account  provider
+
host      smtp.provider.example
+
  
 
# Set a default account
 
# Set a default account
Line 58: Line 44:
 
}}
 
}}
  
msmtp will refuse to start if ''user'' configuration file is readable and writeable to anyone else but the owner:
+
{{Note|If you are using SSL/TLS and receive a "Server sent empty reply" error message, see [[#Server sent empty reply]].}}
 +
 
 +
The ''user'' configuration file must be explicitly readable/writeable to only it's owner or msmtp will fail:
 +
 
 
  $ chmod 600 ~/.msmtprc
 
  $ chmod 600 ~/.msmtprc
  
This does not apply to system configuration file (in Arch, this is /etc/msmtprc; copy the example over from /usr/share/doc/msmtp/ ).
+
To avoid saving the password in plain text in the configuration file, use ''passwordeval'' to launch an external program. This example using Gnu PG is commonly used to perform decryption of a password:
  
==Using the mail command==
+
  echo -e "password\n" | gpg --encrypt -o .msmtp-gmail.gpg # enter id (email...)
To send mails using the 'mail' command you have to [[Pacman|install]] package {{Pkg|heirloom-mailx}} (some applications require it, e.g. smartd):
+
 
 +
{{Warning |Most shells save command history(e.g. .bash_history .zhistory). To avoid this, use gpg with shell stdin:
 +
<code>gpg --encrypt -o .msmtp-gmail.gpg -r <email> -</code>. The ending dash is not a typo, rather it causes gpg to use stdin. After running that snippet of code, type in your password, press enter, and press Control-d so gpg can encrypt your password.}}
 +
 
 +
{{hc|~/.msmtprc|
 +
passwordeval    "gpg --quiet --for-your-eyes-only --no-tty --decrypt ~/.msmtp-gmail.gpg"
 +
}}
 +
 
 +
== Using the mail command ==
 +
 
 +
To send mails using the {{ic|mail}} command you must install the package {{Pkg|s-nail}}. Either install {{Pkg|msmtp-mta}} or edit {{ic|/etc/mail.rc}} to set sendmail client:
  
Either install {{Pkg|msmtp-mta}} or edit /etc/mail.rc to set sendmail
 
 
{{hc|/etc/mail.rc|2=set sendmail=/usr/bin/msmtp}}
 
{{hc|/etc/mail.rc|2=set sendmail=/usr/bin/msmtp}}
  
You need to have a .msmtprc file in the home of every users who want to send mail (for example if you want to send mails as root), or alternatively you can use a system wide /etc/msmtprc
+
A {{ic|.msmtprc}} file will need to be in the home of every user who want to send mail or alternatively the system wide {{ic|/etc/msmtprc}} can be used.
 +
 
 +
msmtp also understands aliases.  Add the following line to the defaults section of msmtprc or your local configuration file:
  
msmtp also understands aliases. Add the following line to the defaults section of msmtprc or your local configuration file:
 
 
{{hc|/etc/msmtprc|2=aliases              /etc/aliases}}
 
{{hc|/etc/msmtprc|2=aliases              /etc/aliases}}
  
and create an aliases file in /etc
+
and create an aliases file in {{ic|/etc}}
 +
 
 
{{hc|/etc/aliases|2=# Example aliases file
 
{{hc|/etc/aliases|2=# Example aliases file
 
      
 
      
 
# Send root to Joe and Jane
 
# Send root to Joe and Jane
 
root: joe_smith@example.com, jane_chang@example.com
 
root: joe_smith@example.com, jane_chang@example.com
   
 
# Send cron to Mark
 
cron: mark_jones@example.com
 
 
    
 
    
 
# Send everything else to admin
 
# Send everything else to admin
 
default: admin@domain.example}}
 
default: admin@domain.example}}
  
==Test msmtp==
+
== Test functionality ==
The {{Ic|-a}} flag specifies the account to use as sender; {{Ic|<username>@domain.com}} is the recipient.
+
 
 +
The account option ({{ic|1=--account=,-a}} tells which account to use as sender:
 +
 
 +
$ echo "hello there username." | msmtp -a default ''username''@domain.com
 +
 
 +
Or, with the addresses in a file:
  
Save (with the addresses you want to use)
+
  To: ''username''@domain.com
  To: <username>@domain.com
+
  From: ''username''@gmail.com
  From: username@gmail.com
+
 
  Subject: A test
 
  Subject: A test
 
   
 
   
  Yadda, yadda, yadda.
+
  Hello there.
  
as, say, "test.mail".
+
$ cat test.mail | msmtp -a default <username>@domain.com
  
Then execute
+
{{Tip|If using Gmail you'll need to either
 +
* Allow "Less Secure Apps" in ''Settings'' > ''Security''. Make sure to sign out of your other Gmail accounts first because the security settings part of Google Accounts can not manage concurrent sessions of more than one account.
 +
* Enable two factor authemtication and create an app password.
 +
}}
 +
{{Tip|You can use ''--read-envelope-from'' instead of ''-a default'' to automatically chose account by ''From:'' field in message you are going to send.}}
  
$ cat test.mail | msmtp -a default <username>@domain.com
+
== Cronie default email client ==
 +
 
 +
{{Out of date|Arch uses [[systemd/Timers]] instead of cronie}}
 +
 
 +
To make {{Pkg|cronie}} use msmtp rather than sendmail, make sure {{Pkg|msmtp-mta}} is installed, or edit the {{ic|cronie.service}} systemd unit:
 +
 
 +
{{hc|/etc/systemd/system/cronie.service.d/msmtp.conf|[Service]
 +
ExecStart&#61;
 +
ExecStart&#61;/usr/bin/crond -n -m '/usr/bin/msmtp -t'}}
 +
 
 +
Then you must tell cronie or msmtp what your email address is, either by:
 +
 
 +
# Add to {{ic|/etc/msmtprc}}: {{bc|aliases /etc/aliases}} and create {{ic|/etc/aliases}}: {{bc|your_username: email@address.com}}&mdash; OR &mdash;.
 +
* Add a {{ic|MAILTO}} line to the crontab: {{bc|MAILTO&#61;email@address.com}}
 +
 
 +
== Password management ==
 +
 
 +
Passwords for msmtp [http://msmtp.sourceforge.net/doc/msmtp.html#Authentication can be stored] in plaintext, encrypted files, or a keyring.
 +
 
 +
=== GNOME Keyring ===
 +
 
 +
Storing passwords in [[GNOME Keyring]] is supported natively in msmtp. Setup the keyring as described on the linked wiki page and install {{Pkg|libsecret}}. Then, store a password by running:
 +
 
 +
  secret-tool store --label=msmtp host ''smtp.your.domain'' service smtp user ''yourusername''
 +
 
 +
That's all, now msmtp should find the password automatically.
 +
 
 +
=== GnuPG ===
 +
 
 +
The {{Ic|password}} directive may be omitted. In that case, if the account in question has {{Ic|auth}} set to a legitimate value other than {{Ic|off}}, invoking msmtp from an interactive shell will ask for the password before sending mail. msmtp will not prompt if it has been called by another type of application, such as [[Mutt]]. For such cases, the {{ic|--passwordeval}} parameter
 +
can be used to call an external keyring tool like [[GnuPG]].
 +
 
 +
To do this, set up [[GnuPG]], including [[GnuPG#gpg-agent|gpg-agent]] to avoid having to enter the password every time. Then, create an encrypted password file for msmtp, as follows. Create a secure directory with {{ic|700}} permissions located on a [[tmpfs]] to avoid writing the unencrypted password to the disk. In that directory create a plain text file with the mail account password. Then, encrypt the file with your private key:
 +
 
 +
$ gpg --default-recipient-self -e ''/path/to/plain/password''
  
Do ''not'' merely use "echo 'Yadda, yadda, yadda.'" instead of "cat test.mail". This causes at least Gmail and Yahoo to deliver the mail incorrectly.
+
Remove the plain text file and move the encrypted file to the final location, e.g. {{ic|~/.mail/.msmtp-credentials.gpg}}. In {{ic|~/.msmtprc}} add:
  
==Configuring cron for msmtp==
+
{{hc|~/.msmtprc|passwordeval  "gpg --quiet --for-your-eyes-only --no-tty --decrypt ~/.mail/.msmtp-credentials.gpg"}}
Assuming you're using the default cron daemon, {{Pkg|cronie}}, you'll want to make sure it knows to use msmtp rather than sendmail.
+
  
You can do this by either installing {{Pkg|msmtp-mta}} or by adding the proper crond option in /etc/conf.d/crond:
+
Normally this is sufficient for a GUI password prompt to appear when, for example, sending a message from [[Mutt]]. If gpg prompt for the passphrase cannot be issued, then start the [[GPG#gpg-agent|gpg-agent]] before. A simple hack to start the agent is to execute a external command in your muttrc using  the backtick {{ic| ` command ` }} syntax. For example, you can put something like the following in your muttrc
CRONDARGS=-m/usr/bin/msmtp
+
  
==Miscellaneous==
+
{{hc|muttrc|set my_msmtp_pass&#61;`gpg -d mypwfile.gpg`}}
  
===Practical password management===
+
Mutt will execute this when it starts, gpg-agent will cache your password, msmtp will be happy and you can send mail.  
The {{Ic|password}} directive may be omitted. In that case, if the account in question has {{Ic|auth}} set to a legitimate value other than {{Ic|off}}, invoking msmtp from an interactive shell will ask for the password before sending mail. msmtp will not prompt if it has been called by another type of application, such as [[Mutt]].
+
{{Note| If you do this, you will have to restart mutt after gpg-agent clears the password to start sending emails again}}
There is a solution for such cases: the {{ic|--passwordeval}} parameter.
+
You can call msmtp to use an external keyring tool like gpg:
+
{{bc|msmtp --passwordeval 'gpg -d mypwfile.gpg'}}
+
If gpg prompt for the passphrase cannot be issued (e.g. when called from Mutt) then start the gpg-agent before.
+
  
If you cannot use a keyring tool for any reason, you may want to use the password directly. There is a patched version {{aur|msmtp-pwpatched}} in the AUR that provides the {{ic|--password}} parameter. Note that it is a '''huge security flaw''', since any user connected to you machine can see the parameter of any command (in the /proc filesystem for example).
+
If you cannot use a keyring tool for any reason, you may want to use the password directly. There is a patched version {{AUR|msmtp-pwpatched}}{{Broken package link|{{aur-mirror|msmtp-pwpatched}}}} in the AUR that provides the {{ic|--password}} parameter. Note that it is a '''huge security flaw''', since any user connected to you machine can see the parameter of any command (in the /proc filesystem for example).
  
 
If this is not desired, an alternative is to place passwords in {{ic|~/.netrc}}, a file that can act as a common pool for msmtp, [[OfflineIMAP]], and associated tools.
 
If this is not desired, an alternative is to place passwords in {{ic|~/.netrc}}, a file that can act as a common pool for msmtp, [[OfflineIMAP]], and associated tools.
 +
 +
== Miscellaneous ==
  
 
===Using msmtp offline===
 
===Using msmtp offline===
Line 165: Line 200:
 
it probably means your tls_trust_file is not right.
 
it probably means your tls_trust_file is not right.
  
Just follow the [http://msmtp.sourceforge.net/doc/msmtp.html#Transport-Layer-Security fine manual]. It explains you how to find out the server certificate issuer of a given smtp server. Then you can explore the {{ic|/usr/share/ca-certificates/}} directory to find out if by any chance, the certificate you need is there. If not, you will have to get the certificate on your own.
+
Just follow the [http://msmtp.sourceforge.net/doc/msmtp.html#Transport-Layer-Security fine manual]. It explains you how to find out the server certificate issuer of a given smtp server. Then you can explore the {{ic|/usr/share/ca-certificates/}} directory to find out if by any chance, the certificate you need is there. If not, you will have to get the certificate on your own. If you are using your own certificate, you can make msmtp trust it by adding the following to your '''~/.msmtprc''':
 +
 
 +
  tls_fingerprint <SHA1 (recommended) or MD5 fingerprint of the certificate>
  
 
If you are trying to send mail through GMail and are receiving this error, have a look at [http://www.mail-archive.com/msmtp-users@lists.sourceforge.net/msg00141.html this] thread or just use the second GMail example above.
 
If you are trying to send mail through GMail and are receiving this error, have a look at [http://www.mail-archive.com/msmtp-users@lists.sourceforge.net/msg00141.html this] thread or just use the second GMail example above.
Line 171: Line 208:
 
If you are completely desperate, but are 100% sure you are communicating with the right server, you can always temporarily disable the cert check:
 
If you are completely desperate, but are 100% sure you are communicating with the right server, you can always temporarily disable the cert check:
 
  $ msmtp --tls-certcheck off
 
  $ msmtp --tls-certcheck off
 +
 +
If you see the following message:
 +
  msmtp: TLS handshake failed: the operation timed out
 +
You may be affected by this [https://bugs.archlinux.org/task/44994 bug]. Recompile with "--with-ssl=openssl" (msmtp is compiled with GnuTLS by default).
 +
 +
===Server sent empty reply===
 +
If you get a "server sent empty reply" error, add the following line to '''~/.msmtprc''':
 +
 +
tls_starttls off
 +
 +
This allows msmtp to use SSL/TLS (port 465) in place of STARTTLS (port 587) [https://www.fastmail.com/help/technical/ssltlsstarttls.html].
 +
 +
===Issues with GSSAPI===
 +
 +
If you get the following error
 +
 +
GNU SASL: GSSAPI error in client while negotiating security context in gss_init_sec_context() in SASL library.  This is most likely due insufficient credentials or malicious interactions.
 +
 +
Try changing your auth setting to plain, instead of gssapi in your .msmtprc file [https://bbs.archlinux.org/viewtopic.php?id=138727]:
 +
 +
auth plain

Latest revision as of 08:31, 26 September 2016

Related articles

msmtp is a very simple and easy to use SMTP client with fairly complete sendmail compatibility.

Installing

msmtp can be installed with the package msmtp. Additionally install msmtp-mta that creates a sendmail alias to msmtp.

Basic setup

The following is an example of a msmtp configuration (the file is based on the packaged, regular-user, example located at /usr/share/doc/msmtp/msmtprc-user.example; the system configuration file belongs at /etc/msmtprc and it's example is located at /usr/share/doc/msmtp/msmtprc-system.example):

~/.msmtprc
# Set default values for all following accounts.
defaults
auth           on
tls            on
tls_trust_file /etc/ssl/certs/ca-certificates.crt
logfile        ~/.msmtp.log

# Gmail
account        gmail
host           smtp.gmail.com
port           587
from           username@gmail.com
user           username
password       plain-text-password

# A freemail service
account        freemail
host           smtp.freemail.example
from           joe_smith@freemail.example
...

# Set a default account
account default : gmail
Note: If you are using SSL/TLS and receive a "Server sent empty reply" error message, see #Server sent empty reply.

The user configuration file must be explicitly readable/writeable to only it's owner or msmtp will fail:

$ chmod 600 ~/.msmtprc

To avoid saving the password in plain text in the configuration file, use passwordeval to launch an external program. This example using Gnu PG is commonly used to perform decryption of a password:

 echo -e "password\n" | gpg --encrypt -o .msmtp-gmail.gpg # enter id (email...)
Warning: Most shells save command history(e.g. .bash_history .zhistory). To avoid this, use gpg with shell stdin: gpg --encrypt -o .msmtp-gmail.gpg -r <email> -. The ending dash is not a typo, rather it causes gpg to use stdin. After running that snippet of code, type in your password, press enter, and press Control-d so gpg can encrypt your password.
~/.msmtprc
passwordeval    "gpg --quiet --for-your-eyes-only --no-tty --decrypt ~/.msmtp-gmail.gpg"

Using the mail command

To send mails using the mail command you must install the package s-nail. Either install msmtp-mta or edit /etc/mail.rc to set sendmail client:

/etc/mail.rc
set sendmail=/usr/bin/msmtp

A .msmtprc file will need to be in the home of every user who want to send mail or alternatively the system wide /etc/msmtprc can be used.

msmtp also understands aliases. Add the following line to the defaults section of msmtprc or your local configuration file:

/etc/msmtprc
aliases               /etc/aliases

and create an aliases file in /etc

/etc/aliases
# Example aliases file
     
# Send root to Joe and Jane
root: joe_smith@example.com, jane_chang@example.com
   
# Send everything else to admin
default: admin@domain.example

Test functionality

The account option (--account=,-a tells which account to use as sender:

$ echo "hello there username." | msmtp -a default username@domain.com

Or, with the addresses in a file:

To: username@domain.com
From: username@gmail.com
Subject: A test

Hello there.
$ cat test.mail | msmtp -a default <username>@domain.com
Tip: If using Gmail you'll need to either
  • Allow "Less Secure Apps" in Settings > Security. Make sure to sign out of your other Gmail accounts first because the security settings part of Google Accounts can not manage concurrent sessions of more than one account.
  • Enable two factor authemtication and create an app password.
Tip: You can use --read-envelope-from instead of -a default to automatically chose account by From: field in message you are going to send.

Cronie default email client

Tango-view-refresh-red.pngThis article or section is out of date.Tango-view-refresh-red.png

Reason: Arch uses systemd/Timers instead of cronie (Discuss in Talk:Msmtp#)

To make cronie use msmtp rather than sendmail, make sure msmtp-mta is installed, or edit the cronie.service systemd unit:

/etc/systemd/system/cronie.service.d/msmtp.conf
[Service]
ExecStart=
ExecStart=/usr/bin/crond -n -m '/usr/bin/msmtp -t'

Then you must tell cronie or msmtp what your email address is, either by:

  1. Add to /etc/msmtprc:
    aliases /etc/aliases
    and create /etc/aliases:
    your_username: email@address.com
    — OR —.
  • Add a MAILTO line to the crontab:
    MAILTO=email@address.com

Password management

Passwords for msmtp can be stored in plaintext, encrypted files, or a keyring.

GNOME Keyring

Storing passwords in GNOME Keyring is supported natively in msmtp. Setup the keyring as described on the linked wiki page and install libsecret. Then, store a password by running:

 secret-tool store --label=msmtp host smtp.your.domain service smtp user yourusername

That's all, now msmtp should find the password automatically.

GnuPG

The password directive may be omitted. In that case, if the account in question has auth set to a legitimate value other than off, invoking msmtp from an interactive shell will ask for the password before sending mail. msmtp will not prompt if it has been called by another type of application, such as Mutt. For such cases, the --passwordeval parameter can be used to call an external keyring tool like GnuPG.

To do this, set up GnuPG, including gpg-agent to avoid having to enter the password every time. Then, create an encrypted password file for msmtp, as follows. Create a secure directory with 700 permissions located on a tmpfs to avoid writing the unencrypted password to the disk. In that directory create a plain text file with the mail account password. Then, encrypt the file with your private key:

$ gpg --default-recipient-self -e /path/to/plain/password

Remove the plain text file and move the encrypted file to the final location, e.g. ~/.mail/.msmtp-credentials.gpg. In ~/.msmtprc add:

~/.msmtprc
passwordeval  "gpg --quiet --for-your-eyes-only --no-tty --decrypt ~/.mail/.msmtp-credentials.gpg"

Normally this is sufficient for a GUI password prompt to appear when, for example, sending a message from Mutt. If gpg prompt for the passphrase cannot be issued, then start the gpg-agent before. A simple hack to start the agent is to execute a external command in your muttrc using the backtick ` command ` syntax. For example, you can put something like the following in your muttrc

muttrc
set my_msmtp_pass=`gpg -d mypwfile.gpg`

Mutt will execute this when it starts, gpg-agent will cache your password, msmtp will be happy and you can send mail.

Note: If you do this, you will have to restart mutt after gpg-agent clears the password to start sending emails again

If you cannot use a keyring tool for any reason, you may want to use the password directly. There is a patched version msmtp-pwpatchedAUR[broken link: archived in aur-mirror] in the AUR that provides the --password parameter. Note that it is a huge security flaw, since any user connected to you machine can see the parameter of any command (in the /proc filesystem for example).

If this is not desired, an alternative is to place passwords in ~/.netrc, a file that can act as a common pool for msmtp, OfflineIMAP, and associated tools.

Miscellaneous

Using msmtp offline

Although msmtp is great, it requires that you be online to use it. This isn't ideal for people on laptops with intermittent connections to the Internet or dialup users. Several scripts have been written to remedy this fact, collectively called msmtpqueue.

The scripts are installed under /usr/share/doc/msmtp/msmtpqueue. You might want to copy the scripts to a convenient location on your computer, (/usr/local/bin is a good choice).

Finally, change your MUA to use msmtp-enqueue.sh instead of msmtp when sending e-mail. By default, queued messages will be stored in ~/.msmtpqueue. To change this location, change the QUEUEDIR=$HOME/.msmtpqueue line in the scripts (or delete the line, and export the QUEUEDIR variable in .bash_profile like so: export QUEUEDIR="$XDG_DATA_HOME/msmtpqueue").

When you want to send any mail that you've created and queued up run:

$ /usr/local/bin/msmtp-runqueue.sh

Adding /usr/local/bin to your PATH can save you some keystrokes if you're doing it manually. The README file that comes with the scripts has some handy information, reading it is recommended.

Vim syntax highlighting

The msmtp source distribution includes a msmtprc highlighting script for Vim. Install it from ./scripts/vim/msmtp.vim.

Send mail with PHP using msmtp

Look for sendmail_path option in your php.ini and edit like this:

sendmail_path = "/usr/bin/msmtp -C /path/to/your/config -t"

Note that you can not use a user configuration file (ie: one under ~/) if you plan on using msmtp as a sendmail replacement with php or something similar. In that case just create /etc/msmtprc, and remove your user configuration (or not if you plan on using it for something else). Also make sure it's readable by whatever you're using it with (php, django, etc...)

From the msmtp manual: Accounts defined in the user configuration file override accounts from the system configuration file. The user configuration file must have no more permissions than user read/write

So it's impossible to have a conf file under ~/ and have it still be readable by the php user.

To test it place this file in your php enabled server or using php-cli.

<?php
mail("your@email.com", "Test email from PHP", "msmtp as sendmail for PHP");
?>

Troubleshooting

Issues with TLS

If you see the following message:

 msmtp: TLS certificate verification failed: the certificate hasn't got a known issuer

it probably means your tls_trust_file is not right.

Just follow the fine manual. It explains you how to find out the server certificate issuer of a given smtp server. Then you can explore the /usr/share/ca-certificates/ directory to find out if by any chance, the certificate you need is there. If not, you will have to get the certificate on your own. If you are using your own certificate, you can make msmtp trust it by adding the following to your ~/.msmtprc:

 tls_fingerprint <SHA1 (recommended) or MD5 fingerprint of the certificate>

If you are trying to send mail through GMail and are receiving this error, have a look at this thread or just use the second GMail example above.

If you are completely desperate, but are 100% sure you are communicating with the right server, you can always temporarily disable the cert check:

$ msmtp --tls-certcheck off

If you see the following message:

 msmtp: TLS handshake failed: the operation timed out

You may be affected by this bug. Recompile with "--with-ssl=openssl" (msmtp is compiled with GnuTLS by default).

Server sent empty reply

If you get a "server sent empty reply" error, add the following line to ~/.msmtprc:

tls_starttls off

This allows msmtp to use SSL/TLS (port 465) in place of STARTTLS (port 587) [1].

Issues with GSSAPI

If you get the following error

GNU SASL: GSSAPI error in client while negotiating security context in gss_init_sec_context() in SASL library.  This is most likely due insufficient credentials or malicious interactions.

Try changing your auth setting to plain, instead of gssapi in your .msmtprc file [2]:

auth plain