Setting up the best null client ever! (DMA)

outbound email the easy way

Introduction

We’ve tried a few:

The clear winner is DMA as it is able to deliver messages locally, it has its own queue and it’s not only implicit SSL but also STARTTLS capable. Besides, we didn’t even have to change anything to the default configuration, which is appreciated, as it simplifies system’s post-installation.

Install

note both ubuntu and slackware renamed heilroom mailx to s-nail

ubuntu

install s-nail or bsd-mailx to avoid postfix dependency, and make sure you have a syslog daemon in place

apt install dma bsd-mailx rsyslog
# mailutils s-nail
which dma
which mailx

slackware

if you want to prepare the binary on a build system

sbopkg -b dma

otherwise if you’re fine installing it directly

sbopkg -i dma
which dma
ldd /usr/bin/dma

slackpkg install s-nail
which mailx
ldd /usr/bin/mailx
grep -vE '^#|^$' /etc/s-nail.rc

from source

See DMA from source.

System preparation

The good thing with DMA is that it reads a plain-text aliases files without the need to run newaliases, hence no need for another MTA package containing that command line.

ls -lF /etc/aliases #noexist
ls -ldF /etc/mail/ #noexist
ls -ldF /etc/postfix/ #noexist
vi /etc/aliases #newfile

something short

postmaster: root
root:       SOME-TRUE-EMAIL

something old-school

root:           SOME-TRUE-EMAIL
MAILER-DAEMON:  postmaster
postmaster:     root
bin:            root
daemon:         root
games:          root
ingres:         root
nobody:         root
system:         root
toor:           root
uucp:           root
manager:        root
dumper:         root
webmaster:      root
abuse:          root
decode:         root

It’s also good to know which host is actually talking to you daily

    vipw

    root:x:0:0:root@HOST:/root:/bin/bash

DMA setup

Defaults are fine already, as long as you have an FQDN hostname.

Otherwise, define it there and eventually take the chance to enforce STARTTLS

mv -i /etc/dma/dma.conf /etc/dma/dma.conf.dist
grep -vE '^#|^$' /etc/dma/dma.conf.dist
grep -vE '^#|^$' /etc/dma/dma.conf.dist > /etc/dma/dma.conf
hostname --long
cat > /etc/dma/dma.conf <<-EOF
MAILNAME `hostname --long`
SECURETRANSFER
STARTTLS
EOF

#SMARTHOST SMTP-RELAY-ADDRESS

Not sure why 777 is the default, let’s make it sticky, for the least

ls -alF /var/spool/dma/
chmod +t /var/spool/dma/

Acceptance

also reading auth log in case you’re playing SASL (see troubles section below)

    tail -F /var/log/secure /var/log/maillog
    tail -F /var/log/auth.log /var/log/mail.log
date | mailx -s `uname -n` root

Ready to go

On the Postfix relay, no need to add the host to $mydestination nor $mynetworks. Just setup an SPF record for any A entry and your hosts will be able to contact you back.

Operations

check the queue

mailq
#dma -bp
#sendmail -bp

eventually re-process the queue

runq
#dma -q
#sendmail -q

delete all mail from the queue

ls -lF /var/spool/dma/
rm -f /var/spool/dma/*

Troubles with SASL

draft: that didn’t work, it tried to reach port 25 anyways

on the mail server

useradd -g nogroup SASL-USER
passwd SASL-USER

on the workstation

nmap -p 25,465,587 SASL-SMTP-RELAY

vi /etc/dma/auth.conf

SASL-USER|SASL-SMTP-RELAY:PASSWORD-HERE

vi /etc/dma/dma.conf

MAILNAME HOST.localdomain
SECURETRANSFER
#STARTTLS
AUTHPATH /etc/dma/auth.conf
PORT 465

Trash

nullmailer

define outbound relay

apt install nullmailer s-nail
    grep -vE '^#|^$' /etc/s-nail.rc
    ln -s s-nail /usr/bin/mail
    ln -s s-nail /usr/bin/mailx
vi /etc/nullmailer/remotes

RELAY-SERVER smtp --starttls

msmtp

nogo with msmtp (I dont want tls, I want starttls)

slackpkg install msmtp gnutls libsecret p11-kit nettle
ls -lhF /etc/ssl/certs/ca-certificates.crt
cp -i /usr/doc/msmtp-1.6.5/msmtprc-system.example /etc/msmtprc.dist
vi /etc/msmtprc
...

mv /usr/sbin/sendmail /usr/sbin/sendmail.dist
chmod -x /usr/sbin/sendmail.dist
ln -s /usr/bin/msmtp /usr/sbin/sendmail

sendmail

nogo with sendmail (I dont want to start a daemon and listen on the network)

#now in extra/
slackpkg install sendmail

Resources

Just want to send emails from my Ubuntu Server. What simple SMTP server solution to use? [closed] https://superuser.com/questions/92760/just-want-to-send-emails-from-my-ubuntu-server-what-simple-smtp-server-solution

Using nullmailer with STARTTLS and SMTP-Auth https://metzlog.srcbox.net/2012/11/nullmailer-with-starttls/

How to enable secure authentication (ssl,tls,starttls) in nullmailer 1.0.5. and upgrade nullmailer to 1.11 https://unix.stackexchange.com/questions/252179/how-to-enable-secure-authentication-ssl-tls-starttls-in-nullmailer-1-0-5-and

Lightweight outgoing SMTP server https://unix.stackexchange.com/questions/1449/lightweight-outgoing-smtp-server

runq

Linux Network Administrator’s Guide, 2nd Edition https://www.oreilly.com/openbook/linag2/book/ch18.html

Issues https://github.com/corecode/dma/issues

the challengers

Nullmailer https://wiki.archlinux.org/index.php/Nullmailer

MSMTP https://marlam.de/msmtp/

SSMTP https://packages.qa.debian.org/s/ssmtp.html https://wiki.archlinux.org/index.php/SSMTP

DMA https://github.com/corecode/dma https://www.dragonflybsd.org/handbook/mta/ https://www.dragonflybsd.org/docs/howtos/HowTo_dma_gmail/ https://wiki.debian.org/Debate/DefaultMTA/DMA https://wiki.debian.org/Debate/DefaultMTA#dma

Minimal-Mailer https://www.heise.de/select/ct/2018/12/1528000378377701

just with nail by itself? https://jpmens.net/2007/05/08/replace-mail-by-nail-heirloom-mailx/ http://heirloom.sourceforge.net/mailx.html

sasl

https://wiki.archlinux.org/index.php/Dma

http://cweiske.de/tagebuch/dma-postfix-dovecot-plain.htm


GUIDES | LECTURES | BENCHMARKS | SMTP HEALTH