FreeBSD: Send mails over an external SMTP server (SSMTP)

published on on FreeBSD, Mail

FreeBSD is shipped with sendmail as the default MTA, which is configured to local delivery on a vanilla installation. Therefore many people don't even recognize one of FreeBSDs great features for system administrators: FreeBSD sends system status emails through periodic(8) that reveal interesting information such as disk status (even with ZFS integration), installed packages with known vulnerabilities or SSH login attempts. And this is even jail-aware so the status mails for example contain information about insecure packages in your jails as well.

But configuring your MTA properly can also be useful in other situations. So so might wanna send email from a blog running on your local webserver.

SSMTP offers a great solution for this by redirecting all local email to a external SMTP server and delivering it to a specified email address. Additionally it's easy to configure.

First we need to configure SSMTP to become the default MTA used for delivering your mails. First we need to disable sendmail.

SSMTP as the default MTA

The MTA is enabled by default. Let's disable it first.

killall sendmail
sysrc sendmail_enable="NO"
sysrc sendmail_submit_enable="NO"
sysrc sendmail_outbound_enable="NO"
sysrc sendmail_msp_queue_enable="NO"

Now we can install SSMTP using pkg or the ports collection. I go with pkg:

pkg install ssmtp

The new MTA gets a separate user. Additionally you should set proper permissions to it's configuration directory.

pw useradd ssmtp -g nogroup -h - -s /sbin/nologin -d /nonexistent -c "sSMTP pseudo-user"
cd /usr/local/etc/ssmtp
chown ssmtp:wheel .
chmod 4750 .
chown ssmtp:nogroup /usr/local/sbin/ssmtp
chmod 4555 /usr/local/sbin/ssmtp

FreeBSD provides a configuration file that allows you to configure your preferred MTA called /etc/mail/mailer.conf.
Replace the first two lines to match the lines in this example:

sendmail        /usr/local/sbin/ssmtp
send-mail       /usr/local/sbin/ssmtp
mailq           /usr/libexec/sendmail/sendmail
newaliases      /usr/libexec/sendmail/sendmail
hoststat        /usr/libexec/sendmail/sendmail
purgestat       /usr/libexec/sendmail/sendmail

Configure SSMTP

Now we can use the configuration file example called ssmtp.conf.sample .

cp ssmtp.conf.sample ssmtp.conf
chown ssmtp:wheel . ssmtp.conf
chmod 640 ssmtp.conf

My ssmtp.conf looks like this, which should also work for you. My server uses SMTP with STARTTLS on Port 587:

# User that gets all the emails for root, in this case postmaster@foo.tld
mailhub=**mailserver ip address**:587
AuthUser=**mailserver username**
AuthPass=**mailserver password**
Hostname=**name of your maildomain, e.g.**
RewriteDomain=**same as Hostname**

The revaliases file contains the mapping from the local user to target email address. I only configured the root user as I only want the periodic status mails which are delivered to root by default.

Edit the /usr/local/etc/ssmtp/revaliases:

root:**email address**:**mailserver ip address**:587

Test it

Now you can send a email to any address to check if relay works. I send the contents of my rc.conf file here:

sendmail me@myemailaddress.tld < /etc/rc.conf