A quick note to self about configuration of servers with ssmtp and yandex mail service (any other would work too, of course). I keep forgetting how it is done and keep spending time looking about so here goes the summary.
Install ssmtp package, if missing, install also bsd-mailx.
Configuration for ssmtp goes into /etc/ssmtp/ssmtp.conf
MailHub=smtp.yandex.ru:587 # Provider SMTP server hostname and port UseStartTLS=YES # Secure connection (SSL/TLS) FromLineOverride=YES # Force the From: line Hostname=example.com # The name of this host RewriteDomain=example.com # The host the mail appears to be coming from Rootemail@example.com # Redirect mail for root@ to firstname.lastname@example.org AuthUseremail@example.com # Provider mail account AuthPass=password # The password for the mail account
Note that it is not UseTLS anymore but UseStartTLS, otherwise you’ll get
May 25 18:47:18 example sSMTP: Creating SSL connection to host May 25 18:47:18 example sSMTP: SSL connection using (null) May 25 18:47:18 example sSMTP: Cannot open smtp.yandex.ru:587
Now all of the accounts that send email must be mentioned in the /etc/ssmtp/revaliases file and be mapped to this existing account at the provider:
root:firstname.lastname@example.org:smtp.yandex.ru www-data:email@example.com:smtp.yandex.ru cron:firstname.lastname@example.org:smtp.yandex.ru
Now we have a working configuration but the password for the service is exposed in a world-readable config file. To fix that, we create a new group:
Change the ownership of both the config file and the sSMTP binary to this group:
chown :ssmtp /etc/ssmtp/ssmtp.conf chown :ssmtp /usr/sbin/ssmtp
Set the SGID bit for the binary so that others invoking it get the proper permissions:
chmod g+s /usr/sbin/ssmtp
And restrict the permissions of the config file:
chmod 640 /etc/ssmtp/ssmtp.conf
Now everything should work like a charm… unless I forgot something again :)