Configuring mutt, fetchmail, and ssmtp for secure email transfer
This post is about configuring mutt, fetchmail, and ssmtp to use a secure (encrypted) connection between your computer and your hosting provider when sending or retrieving email.
I have been using the Mutt email client on various flavors of Unix or Cygwin for a long time. I use fetchmail to retrieve email from my hosting provider, and ssmtp to send.
My hosting provider is Dreamhost, so the below examples should be perfect for Dreamhost users. Note that your hosting provider or ISP may not support encryption on email, or they may have slightly different instructions.
1. Retrieving email
This is trivial. Assuming you have fetchmail already configured to retrieve email, and your email host supports SSL (secure sockets layer), simply add “ssl” to the list of options. For example, here is a fetchmail configuration file (~/.fetchmailrc):
set logfile "/path/to/log/file"
set postmaster "LocalUsername"
set nobouncemail
set no spambounce
set properties ""
set daemon 600
poll mail.YourDomain.com with proto POP3
user 'MailUsername' there with password 'Password' is 'LocalUsername' here options \
fetchall ssl
Of course, you should change the logfile path, usernames, password, and domain name to appropriate values.
2. Sending email
This is a little more involved. First, mutt must be configured to send email using ssmtp. In your mutt configuration file (~/.muttrc), there is a variable “sendmail” that must be set to use ssmtp:
## sendmail
## Type: string
## Default: /usr/lib/sendmail -oi -oem
## Specifies the program and arguments used to deliver mail sent by Mutt.
## Mutt expects that the specified program interprets additional
## arguments as recipient addresses.
##
set sendmail = "/usr/sbin/ssmtp.exe -auMailUsername@YourDomain.com -apPassword -v"
Like many web hosts, Dreamhost requires a username and password to send email. This prevents people without accounts from sending spam through their computers. Your host may not require a username and password to send email, in which case you can use:
set sendmail = "/usr/sbin/ssmtp.exe -v"
I use the “-v” (verbose) option so I can see what happened if there is a problem while sending email. The extra output isn’t visible when mail is sent successfully.
Now that mutt is configured to use ssmtp, ssmtp needs to be configured to forward your outgoing email to your hosting provider or ISP. This information is normally stored in a configuration file that lives in /etc/ssmtp/ssmtp.conf.
To get things working the first time, configure ssmtp to send email without encryption. Here is an example of what the ssmtp configuration file looks like in this case:
mailhub=mail.YourDomain.com
FromLineOverride=YES
hostname=YourComputer.YourDomain.com
rewriteDomain=YourDomain.com
root=LocalUsername
Once you have ssmtp sending mail without encryption, change your ssmtp configuration file to specify UseTLS=Yes. This enables encryption. In addition, Dreamhost’s mail servers require you to use port 465, instead of the default port 25, for encrypted connections. This is standard, but check with your hosting provider or ISP to be sure. Making these changes to the above example:
mailhub=mail.YourDomain.com:465
FromLineOverride=YES
hostname=YourComputer.YourDomain.com
rewriteDomain=YourDomain.com
root=LocalUsername
UseTLS=Yes
This is where things get a little complicated. If you are using Cygwin, the version of ssmtp you have was probably compiled without support for encryption. (This may also be true if you are using Linux or some other flavor of Unix, depending on the distribution.) You’ll find out soon enough - try to send email. If it works, great! If you see something like this:
[<-]
ssmtp: Invalid response SMTP server
It may be that your configuration file is incorrect, or that your provider doesn’t support sending mail with encryption. Once you’re fairly certain that neither of those is true, it’s time to get the source for ssmtp and recompile it with support for encryption.
On Cygwin, use the setup utility to install the source for ssmtp. As of this writing, the current version is 2.60-9.3 and the source is installed into /usr/src/ssmtp-2.60.9-3.
Do the following steps (bold are commands I typed):
/>cd /usr/src/ssmtp-2.60.9-3
/usr/src/ssmtp-2.60.9-3>sh ./configure –enable-ssl
loading cache ./config.cache
checking for gcc… (cached) gcc
checking whether the C compiler (gcc ) works… yes
checking whether the C compiler (gcc ) is a cross-compiler… no
checking whether we are using GNU C… (cached) yes
checking whether gcc accepts -g… (cached) yes
checking for a BSD compatible install… (cached) /usr/bin/install -c
checking whether ln -s works… (cached) yes
checking how to run the C preprocessor… (cached) gcc -E
checking for ANSI C header files… (cached) yes
checking for limits.h… (cached) yes
checking for strings.h… (cached) yes
checking for syslog.h… (cached) yes
checking for unistd.h… (cached) yes
checking for obsolete openlog… (cached) no
checking for working const… (cached) yes
checking whether struct tm is in sys/time.h or time.h… (cached) time.h
checking for gethostname in -lnsl… (cached) no
checking for socket in -lsocket… (cached) no
checking return type of signal handlers… (cached) void
checking for vprintf… (cached) yes
checking for gethostname… (cached) yes
checking for socket… (cached) yes
checking for strdup… (cached) yes
checking for strstr… (cached) yes
creating ./config.status
creating Makefile
/usr/src/ssmtp-2.60.9-3>make
gcc -Wall -DSTDC_HEADERS=1 -DHAVE_LIMITS_H=1 -DHAVE_STRINGS_H=1 -DHAVE_SYSLOG_H=1 -DHAVE_UNISTD_H=1 -DRETSIGTYPE=void -DHAVE_VPRINTF=1 -DHAVE_GETHOSTNAME=1 -DHAVE_SOCKET=1 -DHAVE_STRDUP=1 -DHAVE_STRSTR=1 -DREWRITE_DOMAIN=1 -DHAVE_SSL=1 -DSSMTPCONFDIR=\”/etc/ssmtp\” -DCONFIGURATION_FILE=\”/etc/ssmtp/ssmtp.conf\” -DREVALIASES_FILE=\”/etc/ssmtp/revaliases\” -g -O2 -c -o ssmtp.o ssmtp.c
ssmtp.c: In function `header_parse’:
ssmtp.c:734: warning: ‘q’ might be used uninitialized in this function
gcc -Wall -DSTDC_HEADERS=1 -DHAVE_LIMITS_H=1 -DHAVE_STRINGS_H=1 -DHAVE_SYSLOG_H=1 -DHAVE_UNISTD_H=1 -DRETSIGTYPE=void -DHAVE_VPRINTF=1 -DHAVE_GETHOSTNAME=1 -DHAVE_SOCKET=1 -DHAVE_STRDUP=1 -DHAVE_STRSTR=1 -DREWRITE_DOMAIN=1 -DHAVE_SSL=1 -DSSMTPCONFDIR=\”/etc/ssmtp\” -DCONFIGURATION_FILE=\”/etc/ssmtp/ssmtp.conf\” -DREVALIASES_FILE=\”/etc/ssmtp/revaliases\” -g -O2 -c -o arpadate.o arpadate.c
gcc -Wall -DSTDC_HEADERS=1 -DHAVE_LIMITS_H=1 -DHAVE_STRINGS_H=1 -DHAVE_SYSLOG_H=1 -DHAVE_UNISTD_H=1 -DRETSIGTYPE=void -DHAVE_VPRINTF=1 -DHAVE_GETHOSTNAME=1 -DHAVE_SOCKET=1 -DHAVE_STRDUP=1 -DHAVE_STRSTR=1 -DREWRITE_DOMAIN=1 -DHAVE_SSL=1 -DSSMTPCONFDIR=\”/etc/ssmtp\” -DCONFIGURATION_FILE=\”/etc/ssmtp/ssmtp.conf\” -DREVALIASES_FILE=\”/etc/ssmtp/revaliases\” -g -O2 -c -o base64.o base64.c
gcc -o ssmtp ssmtp.o arpadate.o base64.o -lssl
ssmtp.o: In function `smtp_open’:
/usr/src/ssmtp-2.60.9-3/ssmtp.c:1119: undefined reference to `_X509_free’
collect2: ld returned 1 exit status
make: *** [ssmtp] Error 1
/usr/src/ssmtp-2.60.9-3>
Hmm, something isn’t right. Edit the makefile:
/usr/src/ssmtp-2.60.9-3>vi Makefile
Change
# Binaries:
ssmtp: $(OBJS)
$(CC) -o ssmtp $(OBJS) -lssl
to
# Binaries:
ssmtp: $(OBJS)
$(CC) -o ssmtp $(OBJS) -lssl -lcrypto
and try again:
/usr/src/ssmtp-2.60.9-3>make clean
rm -f ssmtp *.o core
/usr/src/ssmtp-2.60.9-3>make
gcc -Wall -DSTDC_HEADERS=1 -DHAVE_LIMITS_H=1 -DHAVE_STRINGS_H=1 -DHAVE_SYSLOG_H=1 -DHAVE_UNISTD_H=1 -DRETSIGTYPE=void -DHAVE_VPRINTF=1 -DHAVE_GETHOSTNAME=1 -DHAVE_SOCKET=1 -DHAVE_STRDUP=1 -DHAVE_STRSTR=1 -DREWRITE_DOMAIN=1 -DHAVE_SSL=1 -DSSMTPCONFDIR=\”/etc/ssmtp\” -DCONFIGURATION_FILE=\”/etc/ssmtp/ssmtp.conf\” -DREVALIASES_FILE=\”/etc/ssmtp/revaliases\” -g -O2 -c -o ssmtp.o ssmtp.c
ssmtp.c: In function `header_parse’:
ssmtp.c:734: warning: ‘q’ might be used uninitialized in this function
gcc -Wall -DSTDC_HEADERS=1 -DHAVE_LIMITS_H=1 -DHAVE_STRINGS_H=1 -DHAVE_SYSLOG_H=1 -DHAVE_UNISTD_H=1 -DRETSIGTYPE=void -DHAVE_VPRINTF=1 -DHAVE_GETHOSTNAME=1 -DHAVE_SOCKET=1 -DHAVE_STRDUP=1 -DHAVE_STRSTR=1 -DREWRITE_DOMAIN=1 -DHAVE_SSL=1 -DSSMTPCONFDIR=\”/etc/ssmtp\” -DCONFIGURATION_FILE=\”/etc/ssmtp/ssmtp.conf\” -DREVALIASES_FILE=\”/etc/ssmtp/revaliases\” -g -O2 -c -o arpadate.o arpadate.c
gcc -Wall -DSTDC_HEADERS=1 -DHAVE_LIMITS_H=1 -DHAVE_STRINGS_H=1 -DHAVE_SYSLOG_H=1 -DHAVE_UNISTD_H=1 -DRETSIGTYPE=void -DHAVE_VPRINTF=1 -DHAVE_GETHOSTNAME=1 -DHAVE_SOCKET=1 -DHAVE_STRDUP=1 -DHAVE_STRSTR=1 -DREWRITE_DOMAIN=1 -DHAVE_SSL=1 -DSSMTPCONFDIR=\”/etc/ssmtp\” -DCONFIGURATION_FILE=\”/etc/ssmtp/ssmtp.conf\” -DREVALIASES_FILE=\”/etc/ssmtp/revaliases\” -g -O2 -c -o base64.o base64.c
gcc -o ssmtp ssmtp.o arpadate.o base64.o -lssl -lcrypto
/usr/src/ssmtp-2.60.9-3>
At this point you should be able to run “make install”. I figured that since ssmtp-2.60.9-3 was already installed, I’d just copy the executable into /usr/sbin:
/usr/src/ssmtp-2.60.9-3>mv /usr/sbin/ssmtp.exe /usr/sbin/ssmtp_old.exe
/usr/src/ssmtp-2.60.9-3>cp ssmtp.exe /usr/sbin/ssmtp.exe
I don’t have a Linux box handy, but I’m guessing the steps to recompile ssmtp are similar to what’s above.
Posted: February 26th, 2007 under Computers.
Comments: none
Write a comment