This morning I was asked whether I could answer some questions about a thirteen year old post about Heirloom mailx / nail. It turned out my correspondent wanted to set up their FreeBSD system to send mail from the command line. I had done that previously so I showed them how.
You owe it to the world to make a new post!
was the response, and that made me grin, so here goes.
dma
dma(8) is the DragonFly Mail Agent, and it is in base, so we don’t need to install anything. (Thanks to Ronald for teaching me about this.)
I’m not interested in receiving mail, so I completely disable sendmail by adding this to /etc/rc.conf:
sendmail_enable="NONE"
I then populate /etc/dma/dma.conf with my settings. The dma(8) man page explains these settings in detail:
SMARTHOST mail.provider.example.org
PORT 587
AUTHPATH /etc/dma/auth.conf
SECURETRANSFER
STARTTLS
MAILNAME your.host.name
Furthermore, I create the file /etc/dma/auth.conf with the authentication data (note the vertical bar and the colon); each line is of the format "user|smarthost:password":
jp@example.com|mail.provider.example.org:<mipalabrasecreta>
Both dma.conf and auth.conf files should be owned by root:mail and have permissions 0640 or 0440 for dma (which is a setgid binary) to be able to read them.
And finally, I set up mailer.conf to actually use it:
# cat > /etc/mail/mailer.conf <<EOF
sendmail /usr/libexec/dma
mailq /usr/libexec/dma
newaliases /usr/libexec/dma
rmail /usr/libexec/dma
EOF
Reboot if you modified rc.conf and try sending a message; follow with a tail -f /var/log/maillog.
$ echo hola | mail -v -s testing01 jp@example.com
What I then do is to make sure mail to root is directed to me, so I edit /etc/aliases accordingly:
echo "root: jp@example" >> /etc/aliases
This works quite nicely, but the bad news: no sign of Charlie. :-)
ssmtp
If you prefer using a port/package external to the base system, I used ssmtp before learning about dma, and this is what I did then:
sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"
Then I install ssmtp from ports or packages. (I submitted a suggestion to add a mention of user/password authentication to the configuration, but that’s not yet been seen to yet, unfortunately.)
I then configure ssmtp by editing /usr/local/etc/ssmtp/ssmtp.conf. That file is heavily commented, but I show here the parameters I’m typically interested in. Your mileage may vary, specifically also the TCP port number used to submit mail to your provider:
root=jp@example.com
mailhub=mail.provider.example.org:587
hostname=your.host.name
UseSTARTTLS=YES
AuthUser=jp@example.com
AuthPass=<mipalabrasecreta>
That gives me a minimal outgoing-only SMTP transmission program.
Finally, we ensure the machine actually uses ssmtp for delivering mail:
# cat > /etc/mail/mailer.conf <<EOF
sendmail /usr/local/sbin/ssmtp
newaliases /usr/local/sbin/ssmtp
mailq /usr/local/sbin/ssmtp
EOF
Reboot, and then try sending a message; we should be able to see ssmtp connect to our mail provider and deliver the mail:
$ echo hola | mail -v -s testing01 jp@example.com
[<-] 220 mail.provider.example.org ESMTP
[->] EHLO your.host.name
[<-] 250 X-NOTHING
[->] STARTTLS
[<-] 220 Proceed.
[->] EHLO your.host.name
[<-] 250 AUTH LOGIN PLAIN
[->] AUTH LOGIN
...
[->] .
[<-] 250 ok 1583418332 qp 25415
[->] QUIT
[<-] 221 mail.provider.example.org
This dialogue might be different when you do it, but you get the message (pun intended :-)
So, what are some of the differences between dma(8) and ssmtp(8)?
ssmtpadds aFrom:header to mails which don’t have one; this can make the message look more pleasing for the recipient. When sending via the likes ofmutt(1)oralpine(1)this won’t matter, but if you use a CLI utility likemail(1)it will make a small difference.- Both
dmaandssmtplog viamaillog, butssmtphas a “debug” mode which integrates intomail(1)’s-vas shown earlier. dma(8)is built into the base operating system which means it doesn’t require specific installation; it’s there by default.- Both programs are setgid programs (to
mailandssmtprespectively) which means their configuration files can be protected from normal users.