Setting up sSMTP

I've standardised on sSMTP as a drop in sendmail replacement across my estate that suits my needs.

Essentially I want any local email to be sent out via a common mail host, which usually ends up in one of few central mailboxes accessed via IMAP. sSMTP gives me this ability in a simple and lightweight form.

I'm running FreeBSD, so first I need to install the package using pkg:

pkg install ssmtp

Once installed there are some configuration file changes that are needed. First let's configure sSMTP itself. There are 2 files of interest here, one for the application itself, the other is a list of aliases.

sSMTP configuration is stored in /usr/local/etc/ssmtp/ssmtp.conf:

# /etc/ssmtp.conf -- a config file for sSMTP sendmail.

# The person who gets all mail for userids < MinUserId
# Make this empty to disable rewriting.
root=<real email address you wish to receive all email addressed to 'root'>

# All mail delivered to userid >= MinUserId goes to user, not root.

# The place where the mail goes. The actual machine name is required
# no MX records are consulted. Commonly mailhosts are named
# The example will fit if you are in and your mailhub is so named.
mailhub=<smart host to send email to>

# Example for SMTP port number 2525
# mailhub=mail.your.domain:2525
# Example for SMTP port number 25 (Standard/RFC)
# mailhub=mail.your.domain
# Example for SSL encrypted connection
# mailhub=mail.your.domain:465

# Where will the mail seem to come from?
rewriteDomain=<domain email should appear to come from>

# The full hostname

# Gentoo bug #47562
# Commenting the following line will force ssmtp to figure
# out the hostname itself.

# hostname=_HOSTNAME_

# Set this to never rewrite the "From:" line (unless not given) and to
# use that address in the "from line" of the envelope.

# Use SSL/TLS to send secure messages to server.

# Use SSL/TLS certificate to authenticate against smtp host.

# Use this RSA certificate.

# Get enhanced (*really* enhanced) debugging information in the logs
# If you want to have debugging of the config file parsing, move this option
# to the top of the config file and uncomment

For basic operation only 3 values really need to be changed, the value for 'root', the 'mailhub' that email should be sent via, and 'rewriteDomain' which will adjust the apparent source email address of the message by suffixing the username with a specific domain name.

Next we have the file /usr/local/etc/ssmtp/revaliases. This is where aliases for local accounts are stored. Originally I only had one entry, that to give root a valid address, but the one I selected was also the one I was forwarding emails to which in turn made my email client think the mail had come from the same account. Now I generally make them look like they come from root on a specific device, which is also pretty close to not needing to update the file at all. YMMV, but I thought it best to share all the same:

# sSMTP aliases
# Format:       local_account:outgoing_address:mailhub
# Example: root:your_login@your.domain:mailhub.your.domain[:port]
# where [:port] is an optional port number that defaults to 25.
#root:<target email address>:<smarthost>
root:root@<device>.<domain suffix>:<smarthost>

There are also some system files that should be updated for proper operation. Firstly sendmail should be disabled via entries in /etc/rc.conf:


The system also needs to know what mail agent it should use for particular commands, these are configured in /etc/mail/mailer.conf:

# $FreeBSD: releng/12.2/etc/mail/mailer.conf 363973 2020-08-06 18:13:45Z kevans $
# Execute the "real" sendmail program, named /usr/libexec/sendmail/sendmail
# If dma(8) is installed, an example mailer.conf that uses dma(8) instead can
# can be found in /usr/share/examples/dma.
sendmail        /usr/local/sbin/ssmtp
send-mail       /usr/local/sbin/ssmtp
mailq           /usr/local/sbin/ssmtp
newaliases      /usr/local/sbin/ssmtp
hoststat        /usr/bin/true
purgestat       /usr/bin/true

These steps should be sufficient to get up and running using sSMTP.


I've recently become aware that there is an alternative application called 'DragonFly Mail Agent' or dma that is included in the FreeBSD base code. I've yet to look into it in detail, if suitable it would mean i'd need to provision one less application, just tweak an existing configuration, which can only be a good thing eh?


Previous Post Next Post

Add a comment


Written on Tue, 28 May 2024 18:20:15 by sCrdgbanWTUyD
Written on Tue, 14 May 2024 11:42:02 by dMnBliOo