SSMTP

From ArchWiki
Revision as of 01:07, 13 March 2015 by Tal (talk | contribs) (The several lines that I deleted that touched on securing ssmtp.conf were almost useless. Anyone who needed to have the ability to send mail using the terminal needed to be part of the "mail" group, which gave them the ability to read ssmtp.conf.)
Jump to: navigation, search

SSMTP is a program which delivers email from a local computer to a configured mailhost (mailhub). It is not a mail server (like feature-rich mail server sendmail) and does not receive mail, expand aliases or manage a queue. One of its primary uses is for forwarding automated email (like system alerts) off your machine and to an external email address.

Installation

Install the package ssmtp from the official repositories.

Forward to a Gmail Mail Server

To configure SSMTP, you will have to edit its configuration file (/etc/ssmtp/ssmtp.conf) and enter your account settings:

# The user that gets all the mails (UID < 1000, usually the admin)
root=username@gmail.com

# The mail server (where the mail is sent to), both port 465 or 587 should be acceptable
# See also http://mail.google.com/support/bin/answer.py?answer=78799
mailhub=smtp.gmail.com:587

# The address where the mail appears to come from for user authentication.
rewriteDomain=gmail.com

# The full hostname
hostname=localhost

# Use SSL/TLS before starting negotiation
UseTLS=Yes
UseSTARTTLS=Yes

# Username/Password
AuthUser=username
AuthPass=password

# Email 'From header's can override the default domain?
FromLineOverride=yes
Note: Take note, that the shown configuration is an example for Gmail, You may have to use other settings. If it's not working as expected read the man page man 8 ssmtp, please.

Create aliases for local usernames (optional)

/etc/ssmtp/revaliases
root:username@gmail.com:smtp.gmail.com:587
mainuser:username@gmail.com:smtp.gmail.com:587

To test whether the Gmail server will properly forward your email:

echo test | mail -v -s "testing ssmtp setup" tousername@somedomain.com

Change the 'From' text by editing /etc/passwd to receive mail from 'root at myhost' instead of just 'root'.

chfn -f 'root at myhost' root
chfn -f 'mainuser at myhost' mainuser

Which changes /etc/passwd to:

grep myhostname /etc/passwd
root:x:0:0:root@myhostname,,,:/root:/bin/bash
mainuser:x:1000:1000:mainuser@myhostname,,,:/home/mainuser:/bin/bash

An alternate method for sending emails is to create a text file and send it with 'ssmtp' or 'mail'

test-mail.txt
To:username@somedomain.com
From:youraccount@gmail.com
Subject: Test

This is a test mail.

Send the test-mail.txt file

mail username@somedomain.com < test-mail.txt

Attachments

This method does not work with attachments. If you need to be able to add attachments, install and configure Mutt and Msmtp and then go see the tip at nixcraft.

Alternatively, you can attach using uuencode

uuencode file.txt file.txt | mail user@domain.com

Security

Because your email password is stored as cleartext in /etc/ssmtp/ssmtp.conf, it is important to secure the file. Securing ssmtp.conf will ensure that:

  • if any users have unprivileged access to your system, they cannot read the file and see your email password, while still letting them send out email
  • if your user account is ever compromised, the hacker cannot read the ssmtp.conf file, and therefore your email password, unless he gains access to the root account as well

To secure ssmtp.conf, do this:

Create an ssmtp group:

groupadd ssmtp

Set ssmtp.conf group owner to the new ssmtp group:

chown :ssmtp /etc/ssmtp/ssmtp.conf

Set the group owner of the ssmtp binary to the new ssmtp group:

chown :ssmtp /usr/bin/ssmtp

Make sure only root, and the ssmtp group can access ssmtp.conf:

chmod 640 /etc/ssmtp/ssmtp.conf

Set the SGID bit on the ssmtp binary.

chmod g+s /usr/bin/ssmtp

Now, all the regular users can still send email using the terminal, but none can read the ssmtp.conf file.

References