Fortes


Getting Debian to send emails that actually get delivered

Making sure your algorithmic love letters don’t get lost

Refueling in the Uyuni Salt Flats Salar de Uyuni, Bolivia

As I’ve warned you before I barely know how to turn on a computer, let alone operate it securely. Given enough time, I do occasionally manage to get things working after spending an unreasonable amount of time (and often losing data). Sometimes, only sometimes, I’m smart enough to write down a few steps so my future forgetful self can blindly repeat them in the future.

In today’s episode, we’ll get a Debian machine to be able to send out emails. This should be simple, and probably is if you know what you’re doing, but took me a while to get right and actually ensure that emails arrived.

Get an SMTP Provider

Back in ye olde golden era of the Internet, just about any computer could send an email. Thanks to a bunch of jackasses who spammed the entire Internet over the past few decades, sending email that actually gets delivered is best left to the professionals these days.

So the first step is to find some service that provides an SMTP gateway for your machine to send emails through. In theory, you could use any old GMail account here, but I’m slightly paranoid and don’t want Google account credentials sitting on whatever old computer I have laying around.

Fortunately, SendGrid has a free tier that lets you send 100 emails a day for free. This is more than enough for my needs, and probably yours unless you’re trying to help some foreign prince transfer funds, in which case I suggest you jump off a cliff.

Once you’ve set up a SendGrid account, go and create a dedicated API key for your computer. You should only need the “Mail Send” access details. I’d recommend a unique key per machine you’re using, but you do you.

SSMTP

Next we’ll install SSMTP in order to send emails. Why SSMTP? Because it’s the first one I found, so obviously it’s the best.

sudo apt install ssmtp

Now edit the /etc/ssmtp/ssmtp.conf file in order to have the SendGrid credentials (obviously, you should replace example.com, the AuthPass, etc with your own values). If you’re using some other SMTP provider, then you gotta figure out what to put here on your own:

# The person who gets all mail for userids < 1000
root=postmaster

# SMTP info
mailhub=smtp.sendgrid.net:587
AuthUser=apikey
AuthPass=INSERT_GENERATED_PASSWORD_HERE
UseSTARTTLS=Yes

# Where will the mail seem to come from?
rewriteDomain=example.com
hostname=my-computer.example.com

# Don't let users specify their own `From:` address
FromLineOverride=NO

You can now test if this works locally via:

echo 'To: Lovely Human <you@example.com>
From: Your Computer <you@example.com>
Subject: Hello, from your computer

Greetings from your computer, hopefully you see this!' | sudo ssmtp you@example.com

Assuming you’ve done everything correctly, this email should arrive in your inbox. If not, check the SendGrid Activity Feed and see if there is an error message. If you still can’t figure it out, you should reconsider your life choices and think about writing that novel you’ve been putting off.

Sending Mail Externally

There are a bunch of programs that run on your machine that will try to send email from a local user, so we need to make sure those don’t get lost due to being invalid. We do that by editing the /etc/ssmtp/revaliases (create it if it doesn’t exist):

# location_account:delivery_addres:smtp_server:smtp_port
root:you@example.com:smtp.sendgrid.net:587
postmaster:you@example.com:smtp.sendgrid.net:587
you:you@example.com:smtp.sendgrid.net:587

This creates a mapping such that mail from the given user is rewritten to be from an external address instead of something like you@your-machine which will get probably get rejected by most email providers.

Now test by sending an email to yourself via the command line:

echo 'Hello Sysadmin!

This message was sent via the command line' | mail -s "Message From the Command Line" you@example.com

Once again, check the SendGrid Activity Feed if you don’t see the email and consider painting or some other more productive hobby if things still aren’t working.

Loose ends

In theory, you should be all set to receive emails. That didn’t seem to be the case for me though, so there are a few places I had to go through and make more changes that I don’t really understand.

Unattended Upgrades

If you’re running unattended upgrades to automatically update your machine, you’ll probably want to change how those emails get sent. Edit /etc/apt/apt.conf.d/50unattended-upgrades with the following:

// Replace the line with `Unattended-Upgrade::Mail "";`
Unattended-Upgrade::Mail "you@example.com";
Unattended-Upgrade::Sender "Machine Upgrades <you@example.com>";

Assuming things worked, you’ll now get an email whenever any automatic updates are installed.

Sudo Authentication Failures

By default, sudo will try to email when someone attempts to call sudo but doesn’t enter the correct password. In order to get those emails delivered, I had to add the following into /etc/sudoers:

Defaults        mailto="you@example.com"
Defaults        mailfrom="you@example.com"

To test, try to run any command via sudo without entering the correct password.

Cron

If you’re using Cron to run some periodic tasks, you might not know that your system emails you the output of each command. At least on my machine, this was going into some dark place never to be seen again. To fix this, run crontab -e and add the following at the top:

MAILFROM=you@example.com
MAILTO=you@example.com

# Cron jobs go below
0 5 * * * 1 echo "It's 5am, did you know your computer is on?"

By this point, you’re old enough to test this on your own.

Other Places

I’m pretty certain I’ve missed others, I’ll add those whenever I discover them.

Wrapping Up

Hopefully your life is slightly better now that your computer can send emails, mine isn’t but I like to pretend.