sSMTP – Simple MTA to get Mail off the System

sSMTP – Simple MTA to get Mail off the System

By |

Last Updated on 2025-02-03 16:24 by Sture

Description

A secure, effective, and simple way of getting mail off a system to your mail hub. It does not include a mail spool to poke around in and no daemons running in the background. Mail is forwarded to the configured email host. It is extremely easy to configure.

WARNING: the above is all it does; it does not receive mail, expand aliases, or manage a queue. That belongs on a mail hub with a system administrator.

WWW: http://packages.debian.org/stable/mail/ssmtp.

Installation

Install sSMTP with;

user@freebsdsrv:~ $ sudo pkg install -y ssmtp [enter]
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 1 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
	ssmtp: 2.64_7

Number of packages to be installed: 1

21 KiB to be downloaded.
[1/1] Fetching ssmtp-2.64_7.pkg: 100%   21 KiB  21.6kB/s    00:01    
Checking integrity... done (0 conflicting)
[1/1] Installing ssmtp-2.64_7...
===> Creating groups
Creating group 'ssmtp' with gid '916'
[1/1] Extracting ssmtp-2.64_7: 100%
=====
Message from ssmtp-2.64_7:

--
sSMTP has been installed successfully.

Firstly, edit /etc/mail/mailer.conf to replace sendmail with ssmtp:

sendmail	/usr/local/sbin/ssmtp
send-mail	/usr/local/sbin/ssmtp
mailq		/usr/local/sbin/ssmtp
newaliases	/usr/local/sbin/ssmtp
hoststat	/usr/bin/true
purgestat	/usr/bin/true

Hint: in case sSMPT is being installed directly from ports,
editing /etc/mail/mailer.conf can be done by running "make replace".

Secondly, edit the following files to configure sSMTP:

- /usr/local/etc/ssmtp/revaliases
- /usr/local/etc/ssmtp/ssmtp.conf

At this point sSMTP should be ready to go.
--
===>   NOTICE:

The ssmtp port currently does not have a maintainer. As a result, it is
more likely to have unresolved issues, not be up-to-date, or even be removed in
the future. To volunteer to maintain this port, please create an issue at:

https://bugs.freebsd.org/bugzilla

More information about port maintainership is available at:

https://docs.freebsd.org/en/articles/contributing/#ports-contributing
user@freebsdsrv:~ $

Configuration

Stop the Sendmail daemon if it is running:

user@freebsdsrv:~ $ sudo service sendmail stop [enter]
Stopping sendmail.
Waiting for PIDS: 739.
Stopping sendmail_msp_queue.
Waiting for PIDS: 742.
user@freebsdsrv:~ $

Disable sendmail on system boot with this commands:

user@freebsdsrv:~ $ sudo sysrc sendmail_enable="NONE" [enter]
sendmail_enable: YES -> NONE
user@freebsdsrv:~ $

Edit file /etc/mail/mailer.conf with:

user@freebsdsrv:~ $ sudo ee /etc/mail/mailer.conf [enter]

It should look like this:

#
# Use "ssmtp" for sending mail
#
sendmail	/usr/local/sbin/ssmtp
send-mail	/usr/local/sbin/ssmtp
mailq		/usr/local/sbin/ssmtp
newaliases	/usr/local/sbin/ssmtp
hoststat	/usr/bin/true
purgestat	/usr/bin/true

The command sendmail will invoke the ssmtp executable. But you have not told sSMTP which SMTP server to use with which credentials. These settings are looked for in the sSMTP configuration files /usr/local/etc/ssmtp/revaliases and /usr/local/etc/ssmtp/ssmtp.conf.

Copy the sample file /usr/local/etc/revaliases.sample to /usr/local/etc/revaliases with:

user@freebsdsrv:~ $ sudo cp /usr/local/etc/ssmtp/revaliases.sample /usr/local/etc/ssmtp/revaliases [enter]

…and edit appropriately with this command:

user@freebsdsrv:~ $ sudo ee /usr/local/etc/ssmtp/revaliases [enter]

Example:

# sSMTP aliases
#
# Format:       local_account:outgoing_address:mailhub
#
# Example: root:your_login@your.domain:mailhub.your.domain[:port]
# where [:port] is an optional port number that defaults to 25.
root:your.mail@example.net:mail.example.net
postmaster:your.mail@example.net:mail.example.net

Edit file ssmtp.conf appropriately with this command:

user@freebsdsrv:~ $ sudo ee /usr/local/etc/ssmtp/ssmtp.conf [enter]

Example:

#
# /etc/ssmtp.conf -- a config file for sSMTP sendmail.
#

# The person who gets all mail for userids < 1000
# Make this empty to disable rewriting.
root=your.mail@example.net

# The place where the mail goes. The actual machine name is required
# no MX records are consulted. Commonly mailhosts are named mail.domain.com
# The example will fit if you are in domain.com and your mailhub is so named.
mailhub=smtp.example.net:465

# Example for SMTP port number 2525
# mailhub=mail.your.domain:2525
# Example for SMTP port number 25 (Standard/RFC)
# mailhub=mail.your.domain
# Example for SSL encrypted connection
# mailhub=mail.your.domain:465

# Where will the mail seem to come from?
rewriteDomain=example.net

# The full hostname
hostname=freebsdsrv.example.net

# Set this to never rewrite the "From:" line (unless not given) and to
# use that address in the "from line" of the envelope.
FromLineOverride=YES

# Use SSL/TLS to send secure messages to server.
UseTLS=YES

# Use SSL/TLS certificate to authenticate against smtp host.
#UseTLSCert=YES

# Use this RSA certificate.
#TLSCert=/usr/local/etc/ssmtp/ssmtp.pem

# Get enhanced (*really* enhanced) debugging information in the logs
# If you want to have debugging of the config file parsing, move this option
# to the top of the config file and uncomment
#Debug=YES

# Username/Password
AuthUser=username
AuthPass=password

Edit file /etc/crontab with:

user@freebsdsrv:~ $ sudo ee /etc/crontab [enter]

Add the following two lines (example):

# /etc/crontab - root's crontab for FreeBSD
#
#
SHELL=/bin/sh
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin
HOME=/var/log
MAILTO="your.mail@example.net"
#
...

Run some tests as an unprivileged user – user should not a member of groupe ssmtp – with:

user@freebsdsrv:~ $ cat /usr/local/etc/ssmtp/ssmtp.conf [enter]
cat: /usr/local/etc/ssmtp/ssmtp.conf: Permission denied
user@freebsdsrv:~ $

Test your mail settings with:

user@freebsdsrv:~ $ echo Testing | mail -v -s Testing your.name@example.net [enter]
[<-] 220 ts201-smtpout75.ddc.example.net ESMTP Service ready
[->] EHLO freebsdsrv.local.lan
[<-] 250 SIZE 78643200
[->] AUTH LOGIN
[<-] 334 V..........6
[->] c.........y
[<-] 334 U........6
[<-] 235 LOGIN authentication successful
[->] MAIL FROM:
[<-] 250 MAIL FROM: OK
[->] RCPT TO:
[<-] 250 RCPT TO: OK
[->] DATA
[<-] 354 Start mail input; end with .
[->] Received: by freebsdsrv.local.lan (sSMTP sendmail emulation); Mon, 03 Feb 2025 15:48:39 +0100
[->] From: "Admin User" 
[->] Date: Mon, 03 Feb 2025 15:48:39 +0100
[->] To: your.name@example.net
[->] Subject: Testing
[->] 
[->] Testing
[->] .
[<-] 250 <66E9614204233F1E> Mail accepted
[->] QUIT
[<-] 221 ts201-smtpout75.ddc.example.net QUIT
user@freebsdsrv:~ $

N.B.: Mail transfer output to the terminal has been edited for security reasons!

user@freebsdsrv:~ $ mail -s "Testing sSMTP" your.address@example.net [enter]
This is a test with sSMTP [enter]

Type <Ctr><D> on a blank line to send message.

user@freebsdsrv:~ $

Change user to root and heck error log with:

user@freebsdsrv:~ $ tail /var/log/maillog [enter]
Feb  3 16:08:04 freebsdsrv sSMTP[2113]: Creating SSL connection to host
Feb  3 16:08:04 freebsdsrv sSMTP[2113]: SSL connection using ECDHE-RSA-AES256-GCM-SHA384
Feb  3 16:08:05 freebsdsrv sSMTP[2113]: Sent mail for user@local.lan (221 ts201-smtpout73.ddc.example.net QUIT) uid=1001 username=user outbytes=370
user@freebsdsrv:~ $
Comments are closed.