Solved Send external email from FreeBSD without FQDN

spython01

Member

Thanks: 8
Messages: 30

#1
I am trying to set up a FreeBSD VPS on Digital Ocean and would like to have the server send emails to my work email whenever updates are available and when cron jobs have completed. Is there a way to do this without associating a fully qualified domain name to the server?

In looking through sections 27.6 and 27.7 of the Handbook, it looks like they assume you have a domain name already. Are there ways around this that do not require using an external SMTP service such as SendGrid or gmail (recognizing that I may run into black listing issues)? My preference, if possible, is to just use the default tools like Sendmail if possible or Postfix if necessary.

Thanks in advance!
 

gkontos

Daemon

Thanks: 457
Messages: 2,099

#2
You could use mail/ssmtp to relay emails over a proper smtp server. If you just send emails directly from a not properly configured VPS, chances are that they will end up in junk.
 

ShelLuser

Son of Beastie

Thanks: 1,385
Messages: 2,952

#3
Why would you need a FQDN? Well, of course your server needs a name but you really don't need anything realistic. That's basically what the "mail from:" SMTP command is for.

Most mail servers will obviously check e-mail but that mostly involves checking if a return address is actually valid or is using a non-existing domain. Of course your mileage varies, some mail servers will also check if your server has an actual name (reverse) or is only known by its IP address. If so then they disconnect due to risk of spam.

Still, that last part usually only consists of the HELO.
 
OP
OP
spython01

spython01

Member

Thanks: 8
Messages: 30

#4
Thanks gkontos and ShelLuser for the replies! I'm by no means an email expert or even beginner systems administrator but have been playing around with the VPS a bit more and wanted to share my findings and hopefully get some corroboration on my understanding. In all of the scenarios below, I still have not associated my VPS with any type of registered or fully qualified domain name.

With the VPS using it's default hostname ( freebsd-xxx-xxxxx-xx), if I simply send an email to my work email address using:
echo "email contents" | mail -s "test case 1" firstname.lastname@companyname.com
the email bounces back to my VPS and I get a message from the MAILER-DAEMON that essentially says:
Code:
<<< 553 #5.1.8 Domain of sender address <username@freebsd-xxx-xxxxx-xx> does not exist
501 5.6.0 Data format error
451 4.0.0 hash map "Alias0": missing map file /etc/mail/aliases.db: No such file or directory
What I think is happening is that while I'm able to successfully send out the email to my work address, my company's email server is rejecting delivery of the email because it can't validate the domain of the address ( freebsd-xxx-xxxxx-xx) sending it.

However, using the same (default) hostname (freebsd-xxx-xxxxx-xx) if I try sending a message to my gmail account using
echo "email contents" | mail -s "test case 1" username@gmail.com
the mail is delivered successfully albeit to my spam folder, probably because gmail is a bit more liberal in it's policies than my company.

If I change my VPS hostname to example.com and try the same thing, the email shows up successfully in my Inbox at gmail but never shows up anywhere (not in my Inbox nor in my Junk folder) at my company email address. My guess here is that gmail is able to validate the example.com domain so it lets the email through to my inbox. Who knows what's going on with my company email server.

Finally, if I change my VPS hostname to microsoft.com, I can successfully send email to my work address inbox but it gets rejected by Google for violating Microsoft's DMARC policy.

Takeaways
If I don't want to associate my VPS with a FQDN but still want to send external emails alerting me of things like available updates or completed cron jobs, I can do that, but I have to be careful in which email address such notices are sent to (e.g. I can send them to gmail as long as I check the Spam folder but I can't send them to my company email address).

Alternatively, I can try to pick a hostname that matches an existing domain name but have to be careful in which one I pick. I think this Stack Exchange answer summarizes some of the pitfalls. I don't want to mess around with /etc/resolv.conf or /etc/hosts as described here.

I guess the questions that I am left with are:
- what does something like mail/ssmtp get me?
- what role does mail/sendmail or mai/postfix play in all of this?

Thanks again!
 

dch

Active Member

Thanks: 37
Messages: 102

#5
Here's what I use. this provides a sendmail equivalent for systems stuff (cron, periodic, ...) and requires a gmail account with smtp send enabled. Google that & get it sorted out first.

install mail/dma and use the following configs:

Code:
# /etc/rc.conf.d/sendmail
sendmail_enable=NONE
sendmail_submit_enable=NO
sendmail_outbound_enable=NO
sendmail_msp_queue_enable=NO
Code:
# /etc/rc.conf.d/dma_flushq
# flush the queue on system start
dma_flushq_enable=YES
Code:
# /etc/mail/mailer.conf
sendmail        /usr/local/libexec/dma
send-mail       /usr/local/libexec/dma
mailq           /usr/local/libexec/dma
newaliases      /usr/local/libexec/dma
hoststat        /usr/bin/true
purgestat       /usr/bin/true
Code:
# append this to /etc/aliases
# if you have non-root users for crontabs, forward their stuff to root as well:
www: root
root: you@example.net
To get a valid DNS name, take the IP of your VPS and do a reverse lookup:


drill -x 139.59.157.5
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 2513
;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; 5.157.59.139.in-addr.arpa. IN PTR

;; ANSWER SECTION:
5.157.59.139.in-addr.arpa. 1800 IN PTR continuity.skunkwerks.at.


My provider supports "PTR" records, so you can use your domain names here and have that work.

Anyway. Use this DNS name in the next config file, replacing server.example.net with yours from above,
and plugging in an email address for the "FROM" fields in our outbound emails:

Code:
# /usr/local/etc/dma/dma.conf
SMARTHOST smtp.gmail.com
PORT 587
SECURETRANSFER
STARTTLS
INSECURE
AUTHPATH /usr/local/etc/dma/auth.conf
MAILNAME server.example.net
MASQUERADE root@example.net
Finally, add the authentication file. Keep permissions tight on this one!

Code:
# /usr/local/etc/dma/auth.conf
you@example.net|smtp.gmail.com:PASSWORD
You can test all this via:


sudo tail /var/log/maillog &
echo moomoomoo | mail -s test1 root


You should see a flurry of info from your /var/log/maillog list, and in addition, your gmail account
should receive a "test1" subject email. Possibly in the spam folder.
 

dch

Active Member

Thanks: 37
Messages: 102

#6
Sorry I forgot the key points.

- Use a proper SMTP relay, like sendgrid, gmail, or some similar facility that accepts inbound SMTP, and
set up as above to send your email through that.
- Digital Ocean definitely support PTR records and FQDNs, just go with that. The DNS lookup will find it.

- outbound SMTP is a real minefield to get right. Use a full-blown mail server and you risk screwing up the config
and becoming part of a spambot/farm and DO will clip your server before you can say boo.
 

SirDice

Administrator
Staff member
Administrator
Moderator

Thanks: 6,232
Messages: 27,212

#7
If you set up a (forwarding) mail server make sure it's not configured to receive from the internet. Bots are constantly scanning the internet looking for those servers. If you have things set up check with https://mxtoolbox.com/diagnostic.aspx for example to make sure you're not accidentally an open relay.
 
OP
OP
spython01

spython01

Member

Thanks: 8
Messages: 30

#8
Thanks, dch and SirDice ! Is the key takeaway that if all I want to do is just send emails out regarding system updates and cron status, I need to set up and SMTP but relay it through something like SendGrid or gmail? (I guess I was hoping that there was a simple out-of-the-box option I could use without being susceptible to spam bots.)
 

dch

Active Member

Thanks: 37
Messages: 102

#9
Thanks, dch and SirDice ! Is the key takeaway that if all I want to do is just send emails out regarding system updates and cron status, I need to set up and SMTP but relay it through something like SendGrid or gmail? (I guess I was hoping that there was a simple out-of-the-box option I could use without being susceptible to spam bots.)
It's not so complicated once you get started :D

1. DON'T set up an SMTP server at all for your needs. This avoids the whole spam / open relay risk completely.
2. DO use a "local forwarder" that picks up "local mail" -- not SMTP -- and *uses* SMTP to send it via gmail or sendgrid or whatever.
3. MAYBE optionally set up rules in your usual mail tool to drop any email coming via that sendgrid address that doesn't come from your server. FWIW I don't get spam on the ones we use at $DAYJOB nor my own servers.
 
OP
OP
spython01

spython01

Member

Thanks: 8
Messages: 30

#10
I just wanted to report back here to close out this thread with an update on where I landed. I ended up just getting a free domain name from freenom (with an obscure TLD) which I ended up associating with my FreeBSD server via the DNS and networking settings at Digital Ocean. I also changed the server's hostname to match the domain name and updated the root alias in /etc/aliases.

I can now send outbound mail via the mail command as well as receive daily updates at my work email address via periodic(8) and cron(8). I have not installed or configured mail/sendmail, mail/ssmtp, mail/postfix or any of the other services I mentioned above. Of course, I can't send replies to the emails sent by the server but that was never a requirement for me anyway.
 
Top