HOWTO Send an email using Gmail from a system configuration using msmtp and heirloom-mailx (Ubuntu)
Links
Permanent location of video version: https://youtu.be/J1DHQG5qFdU
Permanent location of text version: https://www.alanbonnici.com/2020/11/howto-send-email-from-google-from.html
Introduction and Scope
The following procedure describes the steps to follow to create a solution what will send out an email. This was verified on Ubuntu (both server and GUI platforms). The setting will be stored as a system configuration rather than a user configuration (in which each user have their specific settings).
The reasons to configure the solution to use a system configuration are:
1. The settings are global and can therefore be used by multiple users.
2. One can send an email before a user has logged in. In this HOWTO we program the system so that it send an email whenever the computer boots (no user yet logged in).
3. There is only one configuration to maintain.
We will be using as msmtp. Msmtp is a simple SMTP client. The documentation page for this product is at https://wiki.archlinux.org/index.php/Msmtp.
We will also be using Heirloom mailx. Heirloom-mailx was previously known as nail and you can find more information about it at http://heirloom.sourceforge.net/mailx.html.
We use Gmail to transmit email in this HOWTO.
You will need elevated privileges to perform some actions listed hereunder.
Installing the packages
Open a terminal session and update the package index
sudo apt-get update
Install Msmtp package
sudo apt-get install msmtp-mta
Install Heirloom mailx.
sudo apt-get install heirloom-mailx
If you get a message that tells you that the package was not found, you will need to add its repository to the list ubuntu queries when one attemtps to install a package.
Using a text editor(nano in this HOWTO), edit the file /etc/sources.list.
sudo nano /etc/apt/sources.list
Add the repository below and save the file.
deb http://security.ubuntu.com/ubuntu trusty-security main universe
Update the list of packages
sudo apt-get update
Attempt to reinstall the mail user agent
sudo apt-get install heirloom-mailx
Configuring the solution
Since this is a system configuration the placement of the files will be in the /etc/ directory.
For msmstp the configuration settings should be at /etc/msmtp. Edit it
sudo nano /etc/msmtprc
Copy and paste the following into the file
account default
auth on
tls on
tls_trust_file /etc/ssl/certs/ca-certificates.crt
logfile /var/log/msmtp
# gmail
host smtp.gmail.com
port 587
from exampleemail@gmail.com
user exampleemail
password examplepassword
# Syslog logging with facility LOG_MAIL instead of the default LOG_USER
syslog LOG_MAIL
Note: some sources I used for this HOWTO added the extension .log to the log file (/var/log/msmtp.log). This failed for me and others.
The Google username and password
The from and user parameters in the file /etc/msmtprc are those you use to log into your Gmail.
The password is NOT the password you use to log into your gmail account. A password specific to this solution needs to be generated after you log into Google. Originally application-specific passwords could only be generated from Gmail accounts that had 2FA enabled. I am not sure whether this has changed but anyone who has not yet enabled 2FA should seriously reconsider their decision.
Benefits of giving each device/service connection a unique name (and app password) are:
- It allows you to revoke the app password associated when it is no longer used;
- You can block it by revoking that password If the app password is compromised and is being used to send emails from your account;
- It allows you to monitor the last time a device/service sent out an alert;
- If you change your Google password, app passwords are not impacted;
- The app password is limited to only email transmissions. You cannot use it to log into your Google account.
After logging into Google:
- Click "Manage your Google Account" option
- Click "Security"
- Scroll to the "Signing in to Google" section
- Click on "App passwords"
- From the "Select app" menu choose "Other (Custom name)"
- Enter a descriptive name to identify the service. I have a Google account specifically for machine-2-human communications. Every computer, server, UPS, security camera and IOT device that I have set up to send me an alerts or state information via email use this account.
- Click the Generate button and copy the app password and paste it in the /etc/msmtp configuration file. Save the file and exit the editor.
Granting ownership and access rights
If you type 'groups msmstp' you are informed that msmtp is a member of the group msmtp.
Change the ownership of /etc/msmtp to user root and members of the group msmtp. This will allow the service msmtp to access the config file.
sudo chown root:msmtp /etc/msmtprc
Change the access rights so that the owner has read and write access, the group msmtp have read access and everyone else have no access.
sudo chmod 640 /etc/msmtprc
You can verify that the changes you did are correct using the list command.
ls -l /etc/msmtprc
The log file referenced in the configuration file /var/log/msmtp needs to have the ownership and access rights adjusted.
Since the log files doesn't exist we need to create it, and set the ownership.
sudo touch /var/log/msmtp
sudo chown root:msmtp /var/log/msmtp
In this case we grant read-write access to both the owner and the group msmtp. This is because the service will need to write to it.
sudo chmod 660 /var/log/msmtp
The last change that we will do is one that allows us to redirect the sendmail (and mail) command to msmtp. Edit the file /etc/mailrc and add the following:
set sendmail="/usr/bin/msmtp"
Testing the solution
Open a terminal window and type in the following. Replace <recipient account> with your email account.
echo "Hello, World!" | mail -s "Test Message" <recipient account>
You can see the result of the command by dumping the log file.
sudo cat /var/log/msmtp
The mail client associated with <recipient account> should have received the message you sent.
Proof of concept
My use case is to have the computer email me whenever it starts. This event should happen before any user has logged in.
To do this edit crontab with elevated privileges:
sudo crontab -e
Add the line below and save the file. Here we are saying that 30 seconds after the computer reboots, an email is sent out to the email <my email address>.
@reboot sleep 30 && echo "For Information Purposes" | mail -s "UBNT-DEMO Computer reboot" <my email address>
Comments
Post a Comment