sSMTP

As a small, flexible program, ssmtp can perform secure authentication on mailservers - without the need for a dedicated mail-daemon (such as exim4) installed. Email is sent through encrypted tunnels to a mailserver's secure port. Ssmtp can easily be configured to work with port 465 on csoft.net mailservers.

Installation and configuration

Install ssmtp with the package manager of your Linux distro (or other UNIX operating system).

In a text editor, open up /etc/ssmtp/ssmtp.conf. Make the necessary edits. My comments in explaining the various options can be removed.

# Config file for sSMTP sendmail
#
# The username which gets mail for userids < 1000
# To disable rewriting, make this option empty.
#
# The syntax below: local UNIX username=csoft email address
# Uncomment and replace, if local mail delivery failures are experienced.
#
# john=mouth@claptrap.net

# The server where the mail goes. The actual machine name is required
# since MX records are NOT consulted.
# Replace "mailXXX.csoft.net" with the hostname of your assigned mailserver.
mailhub=mailXXX.csoft.net:465

# Where will the mail seem to come from?
# Replace with your domain name hosted on our servers.
rewriteDomain=claptrap.net

# The full hostname of your computer. Fill out and
# uncomment if mail delivery fails.
# hostname=

# Are users allowed to set their own From: address?
# YES - Allow the user to specify their own From: address
# NO - Use the system generated From: address
FromLineOverride=YES

AuthMethod=LOGIN

# Replace the two lines below with the username and password of your
# csoft.net mailbox
AuthUser=goofy

AuthPass=I_Am_No_LUSER!

# Use SSL/TLS to send secure messages to server.
UseTLS=YES

# Use SSL/TLS certificate to authenticate against smtp host.
UseTLSCert=YES

# Use this RSA certificate. The full path to the cert.
TLSCert=/etc/ssmtp/ssmtp.crt

Use a previously signed cert or create a new one. The step-wise procedure on how to generate a self-signed cert is covered here. Copy the cert into the /etc/ssmtp directory:

$ sudo cp /path-to-your-cert /etc/ssmtp/ssmtp.crt

The /etc/ssmtp/ssmtp.conf file holds the username and password for your csoft.net mailbox. By default, it is world-readable. For the sake of security, remove the world-readable bit, change the group-ownership to "mail" and place your local username in the mail group.

$ sudo chmod 640 /etc/ssmtp/ssmtp.conf

$ sudo chown root:mail /etc/ssmtp/ssmtp.conf

$ sudo usermod -G mail your_username

On FreeBSD - for the last (group addition) command, do:

$ sudo pw usermod your_username -G mail

Mutt and fetchmail

If using mutt and fecthmail, there are two rubs to an otherwise rosy, ssmtp senario. In order to make the setup functional, both mutt's and fetchmail's config files need to be altered. Install mutt and fetchmail, then follow the instructions below for their configuration with ssmtp.

If ~/.muttrc does not exist, copy it to your $HOME with the following command:

$ cp /etc/Muttrc ~/.muttrc

Open ~/.muttrc in a text editor. Add the following to .muttrc - substituting your email address in the "set from=" option:

set sendmail="/usr/sbin/ssmtp"
set from="mouth@claptrap.net"
set use_from=yes

As it was designed, fetchmail "looks" for the open localhost port 25. Ssmtp does not live on port 25. To force fetchmail into delivering mail correctly, an MDA (mail delivery agent), such as maildrop, needs to be installed. After installing maildrop, a last line to ~/.fetchmailrc needs to be added, and the path to the local mailbox put into ~/.mailfilter, as follows:

$ echo "mda maildrop" >> ~/.fetchmailrc

$ echo "DEFAULT=/var/mail/your_username" > ~/.mailfilter


note

Before configuring ssmtp - to test a mailserver's connectivity and available ports by sending test mail, install swaks. Given the correct options, Swaks can do secure smtp with ssl and/or certs. Substitute as needed in the following command:

$ swaks -tlsc -f mouth@claptrap.net -t joe.the.plumber@verizon.net -s mailXXX.csoft.net -a LOGIN