Use sSMTP to send e-mail simply and securely
This article addresses sending e-mail with a simple SMTP client called sSMTP on Unix and Linux systems, including how to use it for secure encrypted connections to your outgoing mail server.
Secure SMTP server authentication:
Not only is sSMTP a simple, straightforward tool for handling outgoing mail, but it is a secure tool as well — when used properly. An important component of e-mail security, in addition to use of digital signatures and e-mail encryption, is protecting your authentication exchanges for connections to SMTP and incoming mail servers. Whenever you connect to any kind of mail server, you should be using a username and password to authenticate yourself:
- On a POP or IMAP server, authentication is used to ensure that only the “owner” of a given e-mail account can access the e-mails intended for that person.
- On an SMTP server, authentication is used to ensure that unauthorized people are not sending e-mail through that server. Among other important reasons for this, there’s the concern that spammers might use an SMTP server to spam others, and ultimately get the server blacklisted by spam filtering services.
That authentication process needs to be encrypted. Strong encryption for your e-mail account authentication keeps malicious security crackers from capturing your username and password by eavesdropping on network traffic. When people can acquire your usernames and passwords, the privacy and resource protection that authentication is meant to provide is ineffective, because others can then invade your privacy and misuse your resources.
I use TLS encryption to protect my mail server sessions from eavesdropping malicious security crackers. TLS is, as I mentioned in an article about basic Web security, effectively the next version of SSL. The sSMTP tool provides functionality for using TLS/SSL to secure your connections with your SMTP server.
Your SMTP server has to support encrypted sessions if you wish to establish a secure connection with it. Check with your ISP, hosting provider, network administrator, or whoever manages the server to see if encrypted sessions are supported. If the SMTP server does not support some form of encrypted authentication, get a different service provider if at all possible. As I pointed out in the article Basic e-mail security tips, it’s always a good idea to make sure your e-mail authentication process is encrypted.
I am providing my own sSMTP configuration file — with syntax modifications to protect my privacy, of course — called
ssmtp.conf, to illustrate how you might use sSMTP to secure connections with your SMTP server when sending e-mail. The file is located at
/usr/local/etc/ssmtp/ssmtp.conf on FreeBSD systems by default, and
/etc/ssmtp/ssmtp.conf on Debian GNU/Linux. Other systems may vary.
The contents of the file on my laptop, modified as indicated above, are:
I’ll explain each line in the file in turn:
email@example.com: This identifies what user account receives all mail for userid under 1000 on the local system. That basically means system accounts, such as the root user account. In other words, if your computer is trying to send your root account an e-mail message, it will send it to whatever e-mail address you specify her. This should normally be your primary e-mail account — probably the account for which you’re configuring sSMTP to send e-mails.
AuthUser=username: The username indicated here should be the username used to log into the remote SMTP server. In many cases, this is the part of the e-mail address that comes before the
@sign in your e-mail address. In some cases, it may be the entire e-mail address, possibly with the
@replaced by a plus sign. Using the
firstname.lastname@example.org above, this means it the username entry might be
user+example.com, depending on the SMTP server configuration.
AuthPass=password: When authenticating, this is the password used with the username above. Because my e-mail password is stored in the file, I make sure the
ssmtp.conffile permissions are set to 640 using the
chmodcommand. This ensures that the ssmtp and system administrator accounts can access the file as needed (both to make sure the ssmtp process works properly and that I can edit the file as root when needed), but no unprivileged accounts have access to the contents of the file. For this to work, you will also need to ensure that you create an ssmtp user (with a command like
pw useradd ssmtp -g nogroup -h - -s /sbin/nologin -d /nonexistent -c "sSMTP pseudo-user") and set ownership of
ssmtp.confto that user (with a command like
chown ssmtp ssmtp.conf).
mailhub=mail.example.com: Set the mailhub option to the fully qualified hostname for the SMTP server you will be using, so that sSMTP knows where to send outgoing e-mails. This option may actually take the form
mailhub=mail.example.com:465, which sets the port number to use when contacting the SMTP server to 465. This allows unencrypted connections to use 25 (the default port number for SMTP traffic), and 465 is the standard alternate port number for TLS- and SSL-protected SMTP connections.
rewriteDomain=example.com: This tells sSMTP that your mail headers need to be edited to say that the domain name you use for your e-mail address will be listed as the source of your e-mail address. Failing to rewrite the source domain name in this manner may cause problems at the receiving end when your e-mail address arrives at its intended destination.
hostname=hostname.domain: The hostname indicated here is the hostname of the computer you are using to compose and send e-mails. The
.domainpart may or may not be present. On Unix and Linux systems, you can find the hostname for your computer by entering the command
hostnameat the shell prompt.
From:header in an e-mail handled by sSMTP can be overwritten at this point. Setting this to
YESjust uses the
From:value provided by the program that sent the e-mail to sSMTP to be forwarded to the SMTP server in the first place. In my case, since I use mutt as my mail user agent, this means that setting
FromLineOverride=YESwill cause sSMTP to use whatever
From:header line mutt provides.
UseTLS=YES: At last, we’ve struck gold. This is the configuration line that tells sSMTP to encrypt its connection to the SMTP server, protecting your authentication username and password as well as the rest of the session.
For more information about sSMTP configuration, the program’s manpage (which you can access with the command
man ssmtp) should provide more useful information, as can a Google search for
ssmtp.conf. Most of the time, when you install sSMTP using the native software management system of a major free Unix-like system such as a BSD Unix or Linux-based system, an example configuration file will be provided with comment lines explaining the available options.
When we simply send email from Linux terminal, email send as system username@hostname. Some of SMTP servers can block these emails or mark them as spam. So we need a process which maximize the email delivery to inbox. Using this article we are configuring our server to send email from SMTP servers like Gmail, Amazon SES etc. This article will help you setup SSMTP server and send email through Gmail servers.
Step 1: Install SSMTP Server
SSMTP service packages are available under EPEL repository.
# yum install ssmtp
Step 2: Configure SSMTP
Now edit SSMTP configuration file and add following values. In this article, I am using Gmail SMTP server. If you also want to setup with Gmail, make sure you have an email account withGmail.
# vim /etc/ssmtp/ssmtp.conf
Change following values in configuration file
mailhub=smtp.gmail.com:587 UseSTARTTLS=YES AuthUseremail@example.com AuthPass=XXXXXXXXXXXXXXX TLS_CA_File=/etc/pki/tls/certs/ca-bundle.crt
mailhub: you smtp server host/ip with port.
UseSTARTTLS: Set it Yes if SMTP server uses TLS else No.
AuthUser: Use Gmail ID here
AuthPass: Use Gmail ID’s password
TLS_CA_File: This may required some time, If you face issue like “send-mail: Cannot open smtp.gmail.com:587”
Step 3: Send Test Email
Now test the setup by sending a test email to your own email address, to send email use following command.
# ssmtp firstname.lastname@example.org Subject: This is Subject Line Email content line 1 Email content line 2 Email content line 3 ^d
To send email press button CTRL+d (^d). Now check your mail box.
Step 4: Setup SSMTP as Default
Now set SSMTP as your default mail server, So that you can simply use mail command to send emails through SSMTP.
# alternatives --config mta There are 2 programs which provide 'mta'. Selection Command ----------------------------------------------- 1 /usr/sbin/sendmail.ssmtp *+ 2 /usr/sbin/sendmail.sendmail Enter to keep the current selection[+], or type selection number: 1
Verify the changes by
# sendmail -V sSMTP 2.61 (Not sendmail at all)