Devuan: Opensmtpd Client Auth

Article published the27 April 2020 ; modified the23 June 2023
4 minutes to read

This article has 800 words.
RAW source of the article:
Commit version: fce98db

Description

OpenSMTPD is a free implementation of the SMTP protocol, as defined in RFC 5321 , with some additional standard extensions. It allows the machines to exchange mail.

OpenSMTPD is a part the OpenBSD base system. It was ported to others OSes, as Devuan.

Informations:

Website: https://www.opensmtpd.org

Q : Why do I use OpenSMTPD?

Because, OpenSMTPD is:

easy to config : only one file text!
recognized as reliable AND secure.

Fully functional and tested on:

Debian Sid, Devuan Ceres
Linux Mint

Installation

apt install opensmtpd

the file log: /var/log/mail.log

Configuration

The file config: /etc/smtpd.conf

To send a mail by SMTP to a mail service requiring identification, it is necessary to first create a file secrets with the appropriate rights on your system, then we have to configure the file smtpd.conf.

File secrets

To create the secrets file:

$ mkdir -p .config/mail $ touch .config/mail/secrets $ chmod 0640 .config/mail/secrets

Then, it’s necessary to write: identifiant username:password Do Not Write TEXTUALLY this information , replace with:

identifiant: your choosed id — this will use later on your config file.
username: usually, your email.
password: the password for your email identification.

Warning

It’s possible to (re?)name the secrets file as you want, and put in other place on your system.

It’s better put rights 0400 on this secrets file. Default: 0640.

Even, it’s possible for the service to access at your secrets file, with your personal rights as $USER:$USER, it’s better to put the group right opensmtpd.

File smtpd.conf

Now, edit the config file /etc/smtpd.conf

#	$OpenBSD: smtpd.conf,v 1.10 2018/05/24 11:40:17 gilles Exp $

# This is the smtpd server system-wide configuration file.
# See smtpd.conf(5) for more information.

table aliases file:/etc/aliases
table secrets file:/home/your-id/.config/mail/secrets

queue compression

# To accept external mail, replace with: listen on all

listen on localhost

action "local" maildir alias <aliases>
action "relay" relay host smtp+tls://identifiant@server auth <secrets> mail-from "@your-domain.tld"

# Uncomment the following to accept external mail for domain "example.org"
#
# match from any for domain "example.org" action "local"
match for local action "local"
match from local for any action "relay"

Explainations

So compared to the original version, we added:

the line table secrets: it call the secrets file — write your custom filename.
the line action relay: to define the necessary action to send emails to the server.
- NOTE about identifiant@serveur:
  - you have to replace the string identifiant by your created.
  - and too, to replace the serveur by the name of SMTP server.
- the string smtp+tls is the used protocol to connect at the SMTP server. others protocols are:
  - lmtp: to connect on a LMTP session.
  - smtp: to attempt a connection with a STARTTLS session, if possible.
  - smtp+tls: to force the connection on a STARTTLS session.
  - smtp+notls: to use a plain text SMTP session without TLS.
  - smtps: to force the connexion via TLS — default port: 465
  - with no specified protocol, the connection will be done on the default port: 25.
- the string auth: to specify the secrets table.
- the string mail-from: to specify the domain name to use.
- the line match … action "relay": this is the action that will be triggered to send the emails.

aliases

About aliases system:

It is interesting to manage the alias related to your root account or even that of your main user…

Edit the file /etc/aliases, with rights admin. At the end of file, modify root with your desired address email. Do the same for your system user. ;)

And, do not forget to reload the aliases base, with the command newaliases!

Utilisation

Warning

Before restart the opensmtpd service, we need to test the config file: # smtpd -n

If the result is: configuration OK that’s folk!

Otherwise, re-edit the file, at the line indicated first!

Now, restart the service: # service opensmtpd restart

Send

So:

echo "Test to send email on $(hostname); date: $(date)" | mail -s "Email test" email
or, echo "Test to send email on $(hostname); date: $(date)" | mail -s "Email test" root

For all cases, the log will display messages, as:

(…)
Apr 27 09:16:47 pc-z smtpd[1718]: 09cca279ca1178e4 smtp connected address=local host=***
Apr 27 09:16:47 pc-z smtpd[1718]: 09cca279ca1178e4 smtp message msgid=85868a25 size=474 nrcpt=1 proto=ESMTP
Apr 27 09:16:47 pc-z smtpd[1718]: 09cca279ca1178e4 smtp envelope evpid=85868a25fcb1569a from=<my-id@***> to=<my-id@***>
Apr 27 09:16:47 pc-z smtpd[1718]: 09cca279ca1178e4 smtp disconnected reason=quit
Apr 27 09:16:51 pc-z smtpd[1718]: 09cca27892fa38ea mta delivery evpid=85868a25fcb1569a from=<my-id@huc.fr.eu.org> to=<email@nom-de-domaine.tld> rcpt=<my-id@***> source="192.168.47.47" relay="80.67.160.70 (lautre.net)" delay=4s result="Ok" stat="250 2.0.0 Ok: queued as 53C92112839"
Apr 27 09:17:02 pc-z smtpd[1718]: 09cca27892fa38ea mta disconnected reason=quit messages=2
(…)

Now, you can send email from console/terminal or yours scripts shell with SMTP authentification!

Errors

Look the different possible errors on my article OpenBSD: configure smtpd.conf to auth email client (≥ v6.4)

Documentations

The SMTP protocol defined by RFC 5321:

RFC 5321

IETF Tools: HTML, PDF, TXT
RFC Editor: HTML, PDF, TXT

Manpages

smtpd.conf(5)

Wikipedia

Local_Mail_Transfer_Protocol ^WP