As a small, flexible program, ssmtp, can perform secure authentication on mailservers - without the need for a dedicated mail-daemon (such as exim4) installed. Email is sent through encrypted tunnels to a mailserver's secure port. Ssmtp can easily be configured to work with port 587 on Gmail's mailserver.

Installation and configuration

Install ssmtp, with the package manager of your Linux distro (or other UNIX operating system).

Open up /etc/ssmtp/ssmtp.conf in a text editor. Make the necessary edits. My comments in explaining the various options can be removed.

# Config file for sSMTP sendmail
#
# The username which gets the mail for userids < 1000
# To disable rewriting, make this option empty.
#
# The syntax below: your_local_UNIX_username:your_gmail_email_address
# Uncomment and replace, if local, mail delivery failures are experienced.
#
# goofy=john.fool007@gmail.com

# The server where the mail goes. The actual machine name is required
# since no MX records are consulted.
mailhub=smtp.gmail.com:587

# Where will the mail seem to come from?
rewriteDomain=gmail.com

# The full hostname of your machine. Fill out and
# uncomment if mail delivery fails.
# hostname=

# Are users allowed to set their own From: address?
# YES - Allow the user to specify their own From: address
# NO - Use the system generated From: address
FromLineOverride=YES

AuthMethod=LOGIN

# Replace the following two lines with your Gmail username and password.
AuthUser=john.fool007@gmail.com
AuthPass=UFOs_RoSWeLl_!

# Use SSL/TLS to send secure messages to server.
UseTLS=YES

# Use SSL/TLS certificate to authenticate against smtp host.
UseTLSCert=YES

UseSTARTTLS=YES

# Use this RSA certificate. Full path to the cert.
TLSCert=/etc/ssmtp/ssmtp.crt

Use a previously signed cert or create a new one. The step-wise procedure on how to generate a self-signed cert is covered here. Copy the cert to the correct destination:

$ sudo   cp /path-to-your-cert   /etc/ssmtp/ssmtp.crt

/etc/ssmtp/ssmtp.conf holds the username and password for your mailbox. By default, it is world-readable. For the sake of security, remove the world-readable bit, change the group-ownership and place your username in the mail group.

$ sudo   chmod 640   /etc/ssmtp/ssmtp.conf

$ sudo   chown root:mail   /etc/ssmtp/ssmtp.conf

$ sudo   usermod -G mail   your_username

On FreeBSD - for the last (group addition) command, do:

$ sudo   pw usermod your_username -G   mail

Mutt and fecthmail

If using mutt and fetchmail, there are two rubs to the otherwise rosy, ssmtp senario. Both mutt's and fetchmail's config files need to be altered - in order to make the setup functional.

If ~/.muttrc does not exist, copy it to your $HOME, with the following command:

$ cp   /etc/Muttrc   ~/.muttrc

Open ~/.muttrc in a text editor. Add the following to .muttrc:

set sendmail="/usr/sbin/ssmtp"
set from="your_email@gmail.com"
set use_from=yes

As it was designed, fetchmail "looks" for the open localhost port 25. Ssmtp does not live on port 25. To force fetchmail into delivering mail correctly, an MDA (mail delivery agent), such as maildrop, needs to be installed. After installing maildrop, a last line to .fetchmailrc needs to be added, and the path to the local mailbox put into ~/.mailfilter, as follows:

$ echo   "mda maildrop"   >>   ~/.fetchmailrc

$ echo   "DEFAULT=/var/mail/your_username"   >   ~/.mailfilter

note

To test gmail's mailserver, install swaks with your package manager. Swaks can do secure ssmtp auth with ssl and/or certs. To send a test email in interactive mode, follow the commandline below, making the necessary substitutions for the sender and recipient. You will be prompted for a username and password.

$ swaks -tls -f john.fool007@gmail.com -t ron.cool123@yahoo.com -s smtp.gmail.com:587 -a LOGIN