FreeBSD is Fun

Practical recipes for FreeBSD

SSMTP, or e-mail delivery made simple

Posted

by

shogun

Category

Update: FreeBSD 14 has replaced Sendmail with Dragonfly MTA (do not confuse with the operating system, Dragonfly BSD). Since Dragonfly is easy to configure and the SSMTP port mentioned in this article is not updated anymore, I suggest using Dragonfly instead – even if you are not using FreeBSD 14 yet.

One of the least popular quirks of FreeBSD is the inclusion, out of the box, of the ancient mail delivery agent Sendmail. The complexity of its configuration and the security risk it poses leads to many tutorials to recommend disabling it straight away, by setting sendmail_enable to NO in rc.conf. This disables the e-mail reception features, while NONE disables sendmail completely on the system.

This is all well and good for most users, but it also means losing some handy features, namely:

  • If we are running a website which delivers e-mail messages, we are limited to PHP-Mailer, which is unreliable and makes it harder to detect and weed out delivery issues.
  • We will not receive useful system messages such as our daily and weekly system check up, or errors generated by our cron jobs.

How can we enjoy all that FreeBSD has to offer without having to read a thousand page book on Sendmail? The answer is SSMTP or Simple SMTP, a drop in Sendmail replacement which simplifies the task of running a proper MTA (Mail Transport Agent) enormously.

Installation

First we will disable receiving external messages and stop sendmail.

sysrc sendmail_enable="NO"
service sendmail stop

Thereafter we install the SSMTP package:

pkg install ssmtp

Once it’s done, the package message will ask us to change the file /etc/mail/mailer.conf as follows:

sendmail        /usr/local/sbin/ssmtp
send-mail       /usr/local/sbin/ssmtp
mailq           /usr/local/sbin/ssmtp
newaliases      /usr/local/sbin/ssmtp
hoststat        /usr/bin/true
purgestat       /usr/bin/true

Configuration

Before we continue, let’s collect the necessary information. SSMTP will connect to another SMTP server to deliver our e-mail, where we should have:

  • A user and password for the mail account, in our case [email protected] with password “password”
  • The mail server hostname, ie mail.example.com. The mail server doesn’t necessarily have the same domain as your account or your machine.
  • Port for delivery, this will vary depending on whether we are sending secure mail via SSL or not.

Since the server we are delivering from will also be included in the headers, it’s a good idea for it to have its own hostname, and for it to have a reverse DNS (also known as PTR record). Let’s assume this machine has as hostname server.example.com.

Armed with this data, we will create the file /usr/local/etc/ssmtp:

cp /usr/local/etc/ssmtp/ssmtp.conf.sample /usr/local/etc/ssmtp/ssmtp.conf

And edit it as follows:

#
# /etc/ssmtp.conf -- a config file for sSMTP sendmail.
#

# The person who gets all mail for userids < 1000
# Make this empty to disable rewriting.
root=root

# The place where the mail goes. The actual machine name is required
mailhub=mail.example.com:587


# Where will the mail seem to come from?
rewriteDomain=example.com

# The full hostname
hostname=this.example.com

# Set this to never rewrite the "From:" line (unless not given) and to
# use that address in the "from line" of the envelope.
FromLineOverride=YES

# Use SSL/TLS to send secure messages to server.
UseTLS=YES

# Use SSL/TLS certificate to authenticate against smtp host.
#UseTLSCert=YES

# Use this RSA certificate.
#TLSCert=/usr/local/etc/ssmtp/ssmtp.pem

# Get enhanced (*really* enhanced) debugging information in the logs
# If you want to have debugging of the config file parsing, move this option
# to the top of the config file and uncomment
Debug=YES

# Use these parameters for securely authenticating against your
# mailhub; check ssmtp.conf(5) for further details.
UseSTARTTLS=YES
[email protected]
AuthPass=password

The revaliases file contains the mapping of local users to addresses. I have only included root here:

root:[email protected]:mail.example.com

Now we can test our setup by sending ourselves the contents of some file:

sendmail [email protected] < "/etc/motd"

In my configuration file, I have enabled Debug mode. This will show the full e-mail messages in /var/log/maillog. You can use this to troubleshoot delivery issues.

Bonus: daily system reports

If you want to receive the daily and weekly freebsd status e-mails, which inform you in great detail of what’s going on in your server, you have to instruct FreeBSD to forward root email to you. Edit the file /etc/aliases and replace:

root:root

with

root:[email protected]

Sometime in the night, you will receive an e-mail with these and other informations about your system. This is generated by the periodic crons that you can find in the system cron (/etc/crontab):

Not feeling confident? You can always hire me to perform this or any other of the administrative tasks described in this blog.

Leave a Reply

Your email address will not be published. Required fields are marked *