Sending e-mail using SMTP servers of Gmail or remote SMTP server

Use sSMTP to send e-mail simply and securely

This article addresses sending e-mail with a simple SMTP client called sSMTP on Unix and Linux systems, including how to use it for secure encrypted connections to your outgoing mail server.

Secure SMTP server authentication:

Not only is sSMTP a simple, straightforward tool for handling outgoing mail, but it is a secure tool as well — when used properly. An important component of e-mail security, in addition to use of digital signatures and e-mail encryption, is protecting your authentication exchanges for connections to SMTP and incoming mail servers. Whenever you connect to any kind of mail server, you should be using a username and password to authenticate yourself:

  1. On a POP or IMAP server, authentication is used to ensure that only the “owner” of a given e-mail account can access the e-mails intended for that person.
  2. On an SMTP server, authentication is used to ensure that unauthorized people are not sending e-mail through that server. Among other important reasons for this, there’s the concern that spammers might use an SMTP server to spam others, and ultimately get the server blacklisted by spam filtering services.

That authentication process needs to be encrypted. Strong encryption for your e-mail account authentication keeps malicious security crackers from capturing your username and password by eavesdropping on network traffic. When people can acquire your usernames and passwords, the privacy and resource protection that authentication is meant to provide is ineffective, because others can then invade your privacy and misuse your resources.

I use TLS encryption to protect my mail server sessions from eavesdropping malicious security crackers. TLS is, as I mentioned in an article about basic Web security, effectively the next version of SSL. The sSMTP tool provides functionality for using TLS/SSL to secure your connections with your SMTP server.

Configuring sSMTP:

Your SMTP server has to support encrypted sessions if you wish to establish a secure connection with it. Check with your ISP, hosting provider, network administrator, or whoever manages the server to see if encrypted sessions are supported. If the SMTP server does not support some form of encrypted authentication, get a different service provider if at all possible. As I pointed out in the article Basic e-mail security tips, it’s always a good idea to make sure your e-mail authentication process is encrypted.

I am providing my own sSMTP configuration file — with syntax modifications to protect my privacy, of course — called ssmtp.conf, to illustrate how you might use sSMTP to secure connections with your SMTP server when sending e-mail. The file is located at /usr/local/etc/ssmtp/ssmtp.conf on FreeBSD systems by default, and /etc/ssmtp/ssmtp.conf on Debian GNU/Linux. Other systems may vary.

The contents of the file on my laptop, modified as indicated above, are:

  root=user@example.com
AuthUser=username
AuthPass=password
mailhub=mail.example.com
rewriteDomain=example.com
hostname=hostname.domain
FromLineOverride=YES
UseTLS=YES

I’ll explain each line in the file in turn:

  • root=user@example.com: This identifies what user account receives all mail for userid under 1000 on the local system. That basically means system accounts, such as the root user account. In other words, if your computer is trying to send your root account an e-mail message, it will send it to whatever e-mail address you specify her. This should normally be your primary e-mail account — probably the account for which you’re configuring sSMTP to send e-mails.
  • AuthUser=username: The username indicated here should be the username used to log into the remote SMTP server. In many cases, this is the part of the e-mail address that comes before the @ sign in your e-mail address. In some cases, it may be the entire e-mail address, possibly with the @replaced by a plus sign. Using the user@example.com example above, this means it the username entry might be user+example.com, depending on the SMTP server configuration.
  • AuthPass=password: When authenticating, this is the password used with the username above. Because my e-mail password is stored in the file, I make sure the ssmtp.conf file permissions are set to 640 using the chmod command. This ensures that the ssmtp and system administrator accounts can access the file as needed (both to make sure the ssmtp process works properly and that I can edit the file as root when needed), but no unprivileged accounts have access to the contents of the file. For this to work, you will also need to ensure that you create an ssmtp user (with a command like pw useradd ssmtp -g nogroup -h - -s /sbin/nologin -d /nonexistent -c "sSMTP pseudo-user") and set ownership of ssmtp.conf to that user (with a command like chown ssmtp ssmtp.conf).
  • mailhub=mail.example.com: Set the mailhub option to the fully qualified hostname for the SMTP server you will be using, so that sSMTP knows where to send outgoing e-mails. This option may actually take the formmailhub=mail.example.com:465, which sets the port number to use when contacting the SMTP server to 465. This allows unencrypted connections to use 25 (the default port number for SMTP traffic), and 465 is the standard alternate port number for TLS- and SSL-protected SMTP connections.
  • rewriteDomain=example.com: This tells sSMTP that your mail headers need to be edited to say that the domain name you use for your e-mail address will be listed as the source of your e-mail address. Failing to rewrite the source domain name in this manner may cause problems at the receiving end when your e-mail address arrives at its intended destination.
  • hostname=hostname.domain: The hostname indicated here is the hostname of the computer you are using to compose and send e-mails. The .domain part may or may not be present. On Unix and Linux systems, you can find the hostname for your computer by entering the command hostname at the shell prompt.
  • FromLineOverride=YES: The From: header in an e-mail handled by sSMTP can be overwritten at this point. Setting this to YES just uses the From: value provided by the program that sent the e-mail to sSMTP to be forwarded to the SMTP server in the first place. In my case, since I use mutt as my mail user agent, this means that setting FromLineOverride=YES will cause sSMTP to use whatever From: header line mutt provides.
  • UseTLS=YES: At last, we’ve struck gold. This is the configuration line that tells sSMTP to encrypt its connection to the SMTP server, protecting your authentication username and password as well as the rest of the session.

For more information about sSMTP configuration, the program’s manpage (which you can access with the command man ssmtp) should provide more useful information, as can a Google search for ssmtp.conf. Most of the time, when you install sSMTP using the native software management system of a major free Unix-like system such as a BSD Unix or Linux-based system, an example configuration file will be provided with comment lines explaining the available options.

========

Example :-

========

When we simply send email from Linux terminal, email send as system username@hostname. Some of SMTP servers can block these emails or mark them as spam. So we need a process which maximize the email delivery to inbox. Using this article we are configuring our server to send email from SMTP servers like Gmail, Amazon SES etc. This article will help you setup SSMTP server and send email through Gmail servers.

Step 1: Install SSMTP Server

SSMTP service packages are available under EPEL repository.

# yum install ssmtp

Step 2: Configure SSMTP

Now edit SSMTP configuration file and add following values. In this article, I am using Gmail SMTP server. If you also want to setup with Gmail, make sure you have an email account withGmail.

# vim /etc/ssmtp/ssmtp.conf

Change following values in configuration file

mailhub=smtp.gmail.com:587
UseSTARTTLS=YES
AuthUser=myemail@gmail.com
AuthPass=XXXXXXXXXXXXXXX
TLS_CA_File=/etc/pki/tls/certs/ca-bundle.crt

mailhub: you smtp server host/ip with port.
UseSTARTTLS: Set it Yes if SMTP server uses TLS else No.
AuthUser: Use Gmail ID here
AuthPass: Use Gmail ID’s password
TLS_CA_File: This may required some time, If you face issue like “send-mail: Cannot open smtp.gmail.com:587”

Step 3: Send Test Email

Now test the setup by sending a test email to your own email address, to send email use following command.

# ssmtp user@domain.com
Subject: This is Subject Line
Email content line 1
Email content line 2
Email content line 3
^d

To send email press button CTRL+d (^d). Now check your mail box.

Step 4: Setup SSMTP as Default

Now set SSMTP as your default mail server, So that you can simply use mail command to send emails through SSMTP.

# alternatives --config mta

There are 2 programs which provide 'mta'.

  Selection    Command
-----------------------------------------------
   1           /usr/sbin/sendmail.ssmtp
*+ 2           /usr/sbin/sendmail.sendmail

Enter to keep the current selection[+], or type selection number: 1

Verify the changes by

# sendmail -V
sSMTP 2.61 (Not sendmail at all)