As I’ve warned you before I barely know how to turn on a computer, let alone operate it securely. Given enough time, I do occasionally manage to get things working after spending an unreasonable amount of time (and often losing data). Sometimes, only sometimes, I’m smart enough to write down a few steps so my future forgetful self can blindly repeat them in the future.
In today’s episode, we’ll get a Debian machine to be able to send out emails. This should be simple, and probably is if you know what you’re doing, but took me a while to get right and actually ensure that emails arrived.
Get an SMTP Provider
Back in ye olde golden era of the Internet, just about any computer could send an email. Thanks to a bunch of jackasses who spammed the entire Internet over the past few decades, sending email that actually gets delivered is best left to the professionals these days.
So the first step is to find some service that provides an SMTP gateway for your machine to send emails through. In theory, you could use any old GMail account here, but I’m slightly paranoid and don’t want Google account credentials sitting on whatever old computer I have laying around.
Fortunately, SendGrid has a free tier that lets you send 100 emails a day for free. This is more than enough for my needs, and probably yours unless you’re trying to help some foreign prince transfer funds, in which case I suggest you jump off a cliff.
Once you’ve set up a SendGrid account, go and create a dedicated API key for your computer. You should only need the “Mail Send” access details. I’d recommend a unique key per machine you’re using, but you do you.
Next we’ll install SSMTP in order to send emails. Why SSMTP? Because it’s the first one I found, so obviously it’s the best.
sudo apt install ssmtp
Now edit the
/etc/ssmtp/ssmtp.conf file in order to have the SendGrid credentials (obviously, you should replace
AuthPass, etc with your own values). If you’re using some other SMTP provider, then you gotta figure out what to put here on your own:
# The person who gets all mail for userids < 1000 root=postmaster # SMTP info mailhub=smtp.sendgrid.net:587 AuthUser=apikey AuthPass=INSERT_GENERATED_PASSWORD_HERE UseSTARTTLS=Yes # Where will the mail seem to come from? rewriteDomain=example.com hostname=my-computer.example.com # Don't let users specify their own `From:` address FromLineOverride=NO
You can now test if this works locally via:
echo 'To: Lovely Human <firstname.lastname@example.org> From: Your Computer <email@example.com> Subject: Hello, from your computer Greetings from your computer, hopefully you see this!' | sudo ssmtp firstname.lastname@example.org
Assuming you’ve done everything correctly, this email should arrive in your inbox. If not, check the SendGrid Activity Feed and see if there is an error message. If you still can’t figure it out, you should reconsider your life choices and think about writing that novel you’ve been putting off.
Sending Mail Externally
There are a bunch of programs that run on your machine that will try to send email from a local user, so we need to make sure those don’t get lost due to being invalid. We do that by editing the
/etc/ssmtp/revaliases (create it if it doesn’t exist):
# location_account:delivery_addres:smtp_server:smtp_port root:email@example.com:smtp.sendgrid.net:587 postmaster:firstname.lastname@example.org:smtp.sendgrid.net:587 you:email@example.com:smtp.sendgrid.net:587
This creates a mapping such that mail from the given user is rewritten to be from an external address instead of something like
you@your-machine which will get probably get rejected by most email providers.
Now test by sending an email to yourself via the command line:
echo 'Hello Sysadmin! This message was sent via the command line' | mail -s "Message From the Command Line" firstname.lastname@example.org
Once again, check the SendGrid Activity Feed if you don’t see the email and consider painting or some other more productive hobby if things still aren’t working.
In theory, you should be all set to receive emails. That didn’t seem to be the case for me though, so there are a few places I had to go through and make more changes that I don’t really understand.
If you’re running unattended upgrades to automatically update your machine, you’ll probably want to change how those emails get sent. Edit
/etc/apt/apt.conf.d/50unattended-upgrades with the following:
// Replace the line with `Unattended-Upgrade::Mail "";` Unattended-Upgrade::Mail "email@example.com"; Unattended-Upgrade::Sender "Machine Upgrades <firstname.lastname@example.org>";
Assuming things worked, you’ll now get an email whenever any automatic updates are installed.
Sudo Authentication Failures
sudo will try to email when someone attempts to call
sudo but doesn’t enter the correct password. In order to get those emails delivered, I had to add the following into
Defaults mailto="email@example.com" Defaults mailfrom="firstname.lastname@example.org"
To test, try to run any command via
sudo without entering the correct password.
If you’re using Cron to run some periodic tasks, you might not know that your system emails you the output of each command. At least on my machine, this was going into some dark place never to be seen again. To fix this, run
crontab -e and add the following at the top:
MAILFROMemail@example.com MAILTOfirstname.lastname@example.org # Cron jobs go below 0 5 * * * 1 echo "It's 5am, did you know your computer is on?"
By this point, you’re old enough to test this on your own.
I’m pretty certain I’ve missed others, I’ll add those whenever I discover them.
Hopefully your life is slightly better now that your computer can send emails, mine isn’t but I like to pretend.