Blog‎ > ‎Tech Blog‎ > ‎

Simple MUA

posted 19 Mar 2013, 08:28 by Flip Pipe   [ updated 24 Mar 2013, 08:05 ]
Each time I install a new machine I loose all configuration how the MUA was configured to send emails via google.

Today I send a little time to find a way to have a simple configuration... and found a simple MUA: MSMTP

I've several goals in mind:
  1. System wide configuration, not per user;
  2. Scripts make by user and using command mail should work out of the shelf;
  3. I should receive email from cron jobs;
  4. No plain text passwords;

Googling a bit, I've find lots of howtos to configure msmtp, but it was in user land or to system, not combined, and with the touch of no plain text passwords.

Lets, begin.

First I remove all packages from previous MUA/MTA, in my case, sendmail.

# sudo dpkg --get-selections | grep sendmail

# sudo apt-get remove libmail-sendmail-perl sendmail-base sendmail-bin sendmail-cf


Then install MSMTP and certificates:

# sudo apt-get install msmtp ca-certificates

After, create the configurations files:

/etc/msmtprc

defaults
tls on
tls_starttls on
tls_trust_file /etc/ssl/certs/ca-certificates.crt
aliases /etc/msmtp_aliases
 
account default
host smtp.gmail.com
port 587
auth on
user <gmail email user>
password <gmail email password>
from <gmail email user>
logfile ~/.msmtp.log



Then create a aliases file (as configured before)

/etc/msmtp_aliase

root: <email address>

Now it should work, if you test it. But it isn't ready for system wide.

First, lets put the command mail working.In each user home directory it is needed to create this file

# cat .mailrc
set sendmail="/usr/bin/msmtp"


And for new accounts, you should also create this file inside /etc/skell, because each new user is created, the content of this directory is copied to the user home.

But at this time, cron still not send email to you, because it has hard coded the path to sendmail.

So, it is needed to create a sym link:

# ln -s /usr/bin/msmtp /usr/lib/sendmail

Probably it is not needed, but lets create a sym link to sendmail

# ln -s /usr/bin/msmtp /usr/sbin/sendmail


note:  before create this sym link, check if they already exist, and if yes, do a backup first.

The system wide logs should be in /var/log, but with this configuration, msmtp are in home directory of each user. Usually, cron and other jobs run as root, so, let's do a sym link:

# ln -s /root/.msmtp.log /var/log/msmtp.log

One last problem to solve.... a password in text plain.

To workaround this problem, I used the option passwordeval, but if is not a problem to you, you do not need to read more. But this workaround make cron jobs not send emails.

First, change in /etc/msmtorc from

password <gmail email password>

to

passwordeval /usr/local/bin/getPass.sh

and the content of that script is

#!/bin/bash
/usr/bin/gpg -q --batch -d ~/.msmtp.password.txt.gpg


note: don't forget to do chmod +x /usr/local/bin/getPass.sh to turn it executable

From now on, msmtp will use gpg to decrypt a file where the password is. The problem of this solution is the management, because each user must have in it his own home the encrypted file with it own key ring.

First, you need to create your key ring which the command "gpg --gen-key". It will ask some questions. Keep the information you provide in this questions: Real Name, Email address and comment. This information is needed to identify your key later. I've attached an example of the output in the files of this post.

After the key ring is created, just create a file with the password inside it, and encrypt it with:

$ gpg  --output ~/.msmtp.password.txt.gpg -e <file>
You did not specify a user ID. (you may use "-r")

Current recipients:

Enter the user ID.  End with an empty line:


At this time provide any part of the Real Name, Email address or comment, in order gpg find the key to encrypt the file.

After the key found, just press enter again to encrypt the file.

Remove the files with clear text password, and its done...

Now, just test your cron and mail program...

Lessons learned:
  • Trying solve the problem of manage the encrypted files, I've recall there is a way to create a script and make a normal user run it as root if the file is owned by root. This is done changing the file mode bits, and set user or group ID on execution (s) (in practice, doing chmod +s <file>). But in the end, it was the same effect of put the password in clear text in the config file.
  • You can ask me, why I didn't put in the msmtp configuration file the content of the script. For some reason, it work fine if the user send emails, but not when cron send emails, and this happens when using relative path and not full paths. Probably cron don't read environment variables or do not pass it to msmtp.

ċ
Flip Pipe,
19 Mar 2013, 08:28
Comments