dt.iki.fi

Getting email off my (non-mail) server with sSMTP

This article is originally from 2016, but I edited it a few times. Instead of trying to cover all sorts of usage scenarios, here's the disclaimer: this works on my setup. Yours may be different.

My server is not a mail server, and I never learned to use UNIX' internal mailing system.
But sometimes I want to get email from it.
Just please send diagnostic messages from services (e.g. SMART daemon, fail2ban) to one of my email addresses.
And do the same if someone tries to contact me on my website.

The server runs debian stable (written when jessie was stable, all this still applies to stretch).

I had been messing around with dovecot and exim4, which only resulted in breakage.
Then I realised that these are overkill for my needs and what I really want is sSMTP, an "extremely simple MTA to get mail off the system to a mail hub".

Remove unneeded stuff

I purged all packages that contain 'dovecot' and 'exim4' in their names, and performed apt-get --purge autoremove afterwards. Then I went through all leftover configuration/modification in /etc and removed/undid it manually.
There was a lot of it, even after purging the packages.

It seems that even after that some residual configuration files are interfering.
This command: aptitude search ~c will show what is leftover (I should probably have started with that).
This command: aptitude -s purge ~c will simulate the removal, and this: aptitude purge ~c will finally do it.

If you don't want to use aptitude, this has similar functionality:
dpkg -l | grep ^rc to see what residual config files are left over and
for i in $(dpkg -l | grep ^rc | cut -d” ” -f3); do dpkg –purge $i; done
to commit (source).

Installation

With a hopefully clean system, I installed ssmtp and mailutils: apt-get install ssmtp mailutils.

General Configuration

sSMTP is not a daemon, it provides an ssmtp binary which can be invoked manually or by other processes. sendmail is linked to ssmtp.

Just edit /etc/ssmtp/ssmtp.conf along these lines:

# Config file for sSMTP sendmail
#
# The person who gets all mail for userids < 1000
# Make this empty to disable rewriting.
#root=

# The place where the mail goes. The actual machine name is required no 
# MX records are consulted. Commonly mailhosts are named mail.domain.com
# (not my mail provider though - it's just domain.com)
mailhub=domain.com:465

# Where will the mail seem to come from?
#rewriteDomain=

# The full hostname
# (can be the server name or an IP address)
#hostname= # probably not required

# Are users allowed to set their own From: address?
# YES - Allow the user to specify their own From: address
# NO - Use the system generated From: address
FromLineOverride=NO

AuthMethod=LOGIN
UseTLS=YES

#UseSTARTTLS=YES 
# this way is safer, but you may need to uncomment. in this case you likely
# also need to change the port for mailhub, probably to 587

AuthUser=someone@domain.com
AuthPass=verysecret

I gleaned most of this information from my email client.

Sending a test mail

# ssmtp recipient_email@example.com

I needed to be root for this.

sSMTP will then wait for you to type your message, which needs to be formatted like this:

To: recipient_email@example.com
From: myemailaddress@gmail.com
Subject: test email

hello world!

^D

Note the blank like after the subject, everything after this line is the body of the email. Then I pressed Ctrl-D. sSMTP may take a few seconds to send the message before closing (source).

If that worked, try again from your website's contact form. If that doesn't work, you need to go searching for helpful log entries. There's /var/log/mail.* which might provide the answers you need. After that it's server logs.

Here's what I had to do, more than once:

More Configuration

Fix permissions on /etc/ssmtp/ssmtp.conf (also for /etc/ssmtp/revaliases, see below):
The files in /etc/ssmtp should probably look like this:

-rw-r----- 1 root mail 111 Mar 23 10:00 revaliases
-rw-r----- 1 root mail 840 Mar 23 11:25 ssmtp.conf

This means that users that want to use sSMTP need to be in the mail group (in my experience contrary to what the arch wiki says). This is what I had to do to enable my web server's PHP processes to send mail:

# usermod -a -G mail www-data

But that only enabled me to send mail with the same "From" address as is my account's, and the software sending out the mails usually fills this automatically with something like root@localhost :(.

To make it work more generally I additionally had to:

Set up both rewriting in /etc/ssmtp/ssmtp.conf and /etc/ssmtp/revaliases both for all involved users:

# /etc/ssmtp/ssmtp.conf:

root=someone@somemailbox.org
normaluser=someone@somemailbox.org
www-data=someone@somemailbox.org
# /etc/ssmtp/revaliases:

root:someone@somemailbox.org:smtp.somemailbox.org:465
normaluser:someone@somemailbox.org:smtp.somemailbox.org:465
www-data:someone@somemailbox.org:smtp.somemailbox.org:465

(These are just example entries, replace with actual usernames / servers / ports)

Disallow users to set their own from address in /etc/ssmtp/ssmtp.conf:

FromLineOverride=NO

Source

Now sSMTP is able to send both system mail (generated by services) and website mail to my email address.

Configuration for Gmail

This might be outdated; I wrote it three years ago and haven't used gmail since then.

Activate 'allow less secure apps' from your gmail profile.

/etc/ssmtp/ssmtp.conf should look like this:

root=someone@gmail.com
mailhub=smtp.gmail.com:587
#rewriteDomain=nn.nn.nn.nn (my IP) # should not be required
#hostname=nn.nn.nn.nn # should not be required
FromLineOverride=YES
UseTLS=YES
UseSTARTTLS=YES
AuthUser=someone@gmail.com # same as above
AuthPass=verysecret
AuthMethod=LOGIN