Setup OpenSMTPD to relay periodic's output from root to e-mail

C

cw1990

Good evening,

I am new to FreeBSD (running FreeBSD 13.1-RELEASE-p3) and have troubles with setting up OpenSMTPD to redirect the output of periodic to my e-mail adress. I have followed this blog post to get me started, but since it was written, the syntax of OpenSMTPDs configuration file changed.

I installed opensmtpd and set
Bash: 
# cat /etc/mail/mailer.conf
# $FreeBSD$
#
# Execute the "real" sendmail program, named /usr/libexec/sendmail/sendmail
#
# If dma(8) is installed, an example mailer.conf that uses dma(8) instead can
# can be found in /usr/share/examples/dma.
#
sendmail        /usr/local/sbin/smtpctl
mailq           /usr/local/sbin/smtpctl
newaliases      /usr/local/libexec/opensmtpd/makemap
hoststat        /usr/libexec/sendmail/sendmail
purgestat       /usr/libexec/sendmail/sendmail

Here's where I am at now:

Bash: 
# cat /usr/local/etc/mail/secrets
outlook my_email_address@outlook.com:my_password

I also copied /etc/aliases over to /usr/local/etc/mail/aliases

Bash: 
# cat /usr/local/etc/mail/aliases

mailnull: postmaster
man:    root
news:   root
nobody: root
operator: root
pop:    root
proxy:  root
smmsp:  postmaster
sshd:   root
system: root
toor:   root
tty:    root
usenet: news
uucp:   root

# Well-known aliases -- these should be filled in!
# manager:
# dumper:

# BUSINESS-RELATED MAILBOX NAMES
# info:
# marketing:
# sales:
# support:

# NETWORK OPERATIONS MAILBOX NAMES
abuse:  root
# noc:          root
security:       root

# SUPPORT MAILBOX NAMES FOR SPECIFIC INTERNET SERVICES
ftp:            root
ftp-bugs:       ftp
# hostmaster:   root
# webmaster:    root
# www:          webmaster

# NOTE: /var/msgs and /var/msgs/bounds must be owned by sendmail's
#       DefaultUser (defaults to mailnull) for the msgs alias to work.
#
# msgs: "| /usr/bin/msgs -s"

# bit-bucket: /dev/null
# dev-null: bit-bucket

Then I generated the databases with

Code: 
# /usr/local/libexec/opensmtpd/makemap secrets
# /usr/local/libexec/opensmtpd/makemap aliases

And now I'm at the part where I have to figure out the new syntax of the OpenSMTPD config. Here is what I tried, and which is apparently syntactically correct according to the feedback of service smtpd start:

Bash: 
# cat /usr/local/etc/mail/smtpd.conf
#       $OpenBSD: smtpd.conf,v 1.10 2018/05/24 11:40:17 gilles Exp $

# This is the smtpd server system-wide configuration file.
# See smtpd.conf(5) for more information.

# To accept external mail, replace with: listen on all
#
listen on localhost

table aliases db:/usr/local/etc/mail/aliases.db
table secrets db:/usr/local/etc/mail/secrets.db

# In old syntax we had according to said blogpost
#accept for local alias <aliases> deliver to mbox
#accept for any relay via tls+auth://credentials@smtp.gmail.com:587 auth <secrets> as GMAIL-USER@gmail.com

# Trying to translate it like
action "local_mail" mbox alias <aliases>
action "relay_outlook" relay host smtp+tls://outlook@smtp-mail.outlook.com:587
match for local action "local_mail"
match for any action "relay_outlook"

Sending an e-mail to root or any other e-mail address however does not work, e.g.:
Bash: 
# mail -v root
Subject: testsubject
testbody
.
EOT

Nothing is received on my Outlook address and no error is raised. I've also tried mailing to other addresses, which also does not work.

What I want is to redirect messages to root (i.e. from periodic) to some other e-mail address (let's say xy@gmail.com) from my Outlook address.

Any help for further steps would be very welcome.

Have a nice evening,
Chris
 
Ok, I am a bit further debugging my configuration.

Looking at
Bash: 
# smtpd -d
info: OpenSMTPD 6.8.0p2 starting
pony express: smtpd: bind: Address already in use
warn: lost child: pony express exited abnormally
smtpd: process control socket closed
and using Google for a bit, it seems I can not use listen on localhost in /usr/local/etc/mail/smtpd.conf.

Changing it to e.g. 0.0.0.0 I now have
Code: 
# cat /usr/local/etc/mail/smtpd.conf

#
listen on 0.0.0.0

table aliases db:/usr/local/etc/mail/aliases.db
table secrets db:/usr/local/etc/mail/secrets.db

action "local_mail" mbox alias <aliases>
action "relay_outlook" relay host smtp+tls://outlook@smtp-mail.outlook.com:587 auth <secrets> mail-from "my_email_address@outlook.com"

# Uncomment the following to accept external mail for domain "example.org"
#
# match from any for domain "example.org" action "local"
match for local action "local_mail"
match for any action "relay_outlook"

Any idea why it does not want to listen to localhost and if it has any implications to set it to 0.0.0.0 for my indended use as relay of mails to root?

Apart from that, it is still not sending e-mails via mail -v some_recipient@some_domain.com, reporting
Code: 
mta delivery evpid=8861426deb735e0c from=<xxx@outlook.com> to=<xxx@gmail.com> rcpt=<-> source="192.168.178.74" relay="52.97.188.70 (52.97.188.70)" delay=1s result="TempFail" stat="Bad response: line too long"
and
Code: 
mta: 0x829c3da00: <<< 554 5.2.252 SendAsDenied; xxx@outlook.com not allowed to send as user@localmachine.fritz.box; STOREDRV.Submission.Exception:SendAsDeniedException.MapiExceptionSendAsDenied; Failed to process message due to a permanent exception with message [BeginDiagnosticData]Cannot submit message.

It looks like I need to change the name of the sender, but I'm not sure where this is defined. Not that I added mail-from "xxx@outlook.com" in the relay action in /usr/local/etc/mail/smtpd.conf as a desperate and futile try to fix this.
 
if you have sendmail_enable="NO" set it to "NONE" (in rc.conf)
then you should be able to bind other mta on 127.0.0.1
 
Thanks. I had

Code: 
sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"

set in /etc/rc.conf because of that deprecation warning with "NONE".

I changed it but sendmail is still running after reboot:

Code: 
# cat /etc/rc.conf
xclear_tmp_enable="YES"
syslogd_flags="-ss"
hostname="radon"
keymap="de.kbd"
ifconfig_igb0="DHCP"
sendmail_enable="NONE"
smtpd_enable="YES"
sshd_enable="YES"
ntpd_enable="YES"
powerd_enable="YES"
# Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
dumpdev="AUTO"
zfs_enable="YES"
jail_enable="YES"
jail_list="gitea nextcloud"
smartd_enable="YES"
and still sendmail is running

Code: 
# pgrep sendmail | xargs ps -f -p
  PID TT  STAT    TIME COMMAND
10086  -  SsJ  0:00.00 /usr/sbin/sendmail -L sm-mta -bd -q30m -ODaemonPortOptions=Addr=localh
10804  -  IsJ  0:00.00 sendmail: Queue runner@00:30:00 for /var/spool/clientmqueue (sendmail)
94810  -  SsJ  0:00.00 /usr/sbin/sendmail -L sm-mta -bd -q30m -ODaemonPortOptions=Addr=localh
95820  -  IsJ  0:00.00 sendmail: Queue runner@00:30:00 for /var/spool/clientmqueue (sendmail)

Why is this not honored?
 
Aha! I stopped my jails and now pgrep sendmail | xargs ps -f -p returns nothing!

So I have simply forgotten to disable sendmail in all the jails, as well.
 
This is my /usr/local/etc/mail/smtpd.conf
Code: 
listen on 127.0.0.1
table aliases file:/etc/mail/aliases
action "local" maildir "~/Maildir" alias <aliases>
match for local action "local"
action "relay" relay
match from local for any action "relay"
The full configuration is 6 lines.
 
Thanks for the reply Alain De Vos - I switched from what I had to table aliases file:/etc/mail/aliases in /usr/local/etc/mail/smtpd.conf. With this I only need to have the file once on the system.

The final roadblock now is that outlook.com is rejecting my e-mails because the sender name is not the same as my outlook e-mail adress. Sending an e-mail via
Code: 
# mail -v my_other_email_adress@gmail.com
spits out this error:
Code: 
mta: 0x8286fba00: <<< 554 5.2.252 SendAsDenied; my_email_adress@outlook.com not allowed to send as cw1990@radon.fritz.box; STOREDRV.Submission.Exception:SendAsDeniedException.MapiExceptionSendAsDenied; Failed to process message due to a permanent exception with message [BeginDiagnosticData]Cannot submit message.
Googling it, I found that this is how it's supposed to be with outlook.com.

I don't understand that it submits from cw1990@radon.fritz.box; where cw1990 is my username even though I submit the mail from root.

In any case, I need to change it to send with my_email_adress@outlook.com as sender. So kind of what the user table does, but for outgoing mails...?
 
The instructions on that page do not work.
  1. localecho and logfile are unknown arguments to set on the telnet prompt of my FreeBSD installation.
  2. The SMTP server smtp-mail.outlook.com requires StartTLS authentication, which the page doesn't cover. I tried this instead of plain telnet, but I just receive [RCPT TO:<530 5.7.57 Client not authenticated to send mail. with EHLO outlook.com and MAIL FROM:<my_email_address@outlook.com
EDIT

However, I don't need to go that route, since I really just need to change the FROM address.

If I manually set the from address like this
mail recipient@gmail.com -f my_email_address@outlook.com
the e-mail is indeed delivered.

Now I just need to somehow make sure periodic is sending its reports with this command...

EDIT
Out of desparation, I tried dma instead of OpenSMTPD and it fails similarly. mail recipient@gmail.com will send the e-mail, mail root will not, raising

Code: 
dma[8325.300edd569050][45324]: remote delivery to smtp-mail.outlook.com [40.99.149.182] failed after final DATA: 550 5.2.254 InvalidRecipientsException; Sender throttled due to continuous invalid recipients errors.; STOREDRV.Submission.Exception:InvalidRecipientsException; Failed to process message due to a permanent exception with message [BeginDiagnosticData]Recipient 'root' is not resolved. All recipients must be resolved before a message can be submitted. InvalidRecipientsException: Recipient 'root' is not resolved. All recipients must be resolved before a message can be submitted.[EndDiagnosticData]

Code: 
# cat /etc/dma/auth.conf
my_email_address@outlook.com|smtp-mail.outlook.com:password

Code: 
# cat /etc/dma/dma.conf
# $FreeBSD$
#
# Your smarthost (also called relayhost).  Leave blank if you don't want
# smarthost support.
SMARTHOST smtp-mail.outlook.com

# Use this SMTP port.  Most users will be fine with the default (25)
PORT 587

# Path to your alias file.  Just stay with the default.
ALIASES /etc/aliases

# Path to your spooldir.  Just stay with the default.
#SPOOLDIR /var/spool/dma

# SMTP authentication
AUTHPATH /etc/dma/auth.conf

# Uncomment if you want TLS/SSL support
SECURETRANSFER

# Uncomment if you want STARTTLS support (only used in combination with
# SECURETRANSFER)
STARTTLS

# Uncomment if you have specified STARTTLS above and it should be allowed
# to fail ("opportunistic TLS", use an encrypted connection when available
# but allow an unencrypted one to servers that do not support it)
#OPPORTUNISTIC_TLS

# Path to your local SSL certificate
#CERTFILE

# If you want to use plain text SMTP login without using encryption, change
# the SECURE entry below to INSECURE.  Otherwise plain login will only work
# over a secure connection.  Use this option with caution.
#SECURE

# Uncomment if you want to defer your mails.  This is useful if you are
# behind a dialup line.  You have to submit your mails manually with dma -q
#DEFER

# Uncomment if you want the bounce message to include the complete original
# message, not just the headers.
#FULLBOUNCE

# The internet hostname dma uses to identify the host.
# If not set or empty, the result of gethostname(2) is used.
# If MAILNAME is an absolute path to a file, the first line of this file
# will be used as the hostname.
MAILNAME outlook.com

# Masquerade envelope from addresses with this address/hostname.
# Use this if mails are not accepted by destination mail servers because
# your sender domain is invalid.
# By default, MASQUERADE is not set.
# Format: MASQUERADE [user@][host]
# Examples:
# MASQUERADE john@  on host "hamlet" will send all mails as john@hamlet
# MASQUERADE percolator  will send mails as $username@percolator, e.g. fish@percolator
# MASQUERADE herb@ert  will send all mails as herb@ert
MASQUERADE my_email_address@outlook.com

# Directly forward the mail to the SMARTHOST bypassing aliases and local delivery
#NULLCLIENT

with root: recipient@gmail.com in /etc/aliases

I will give up at this point as I already spent way too much time on it, but I will leave it for posteriority.
 
I used mail/ssmtp for this purpose. Apart from disabling sendmail, you just have to configure /usr/local/etc/ssmtp/ssmtp.conf like this:

Code: 
# The person who gets all mail for userids < 1000
# Make this empty to disable rewriting.
root=destination mail address
                 
# The place where the mail goes. The actual machine name is required
# no MX records are consulted. Commonly mailhosts are named mail.domain.com
# The example will fit if you are in domain.com and your mailhub is so named.
                 
mailhub=...
AuthUser=...
AuthPass=...

And concerning your "From:" problem, you have this in /usr/local/etc/ssmtp/revaliases:
Code: 
# sSMTP aliases
#
# Format:       local_account:outgoing_address:mailhub
#
# Example: root:your_login@your.domain:mailhub.your.domain[:port]
# where [:port] is an optional port number that defaults to 25.

root:...:...
"outgoing_address" is the "From:" address.
 
Thanks, but that is just failing in the same way yet again:

Code: 
Jan 28 12:23:53 radon sSMTP[33861]: Creating SSL connection to host
Jan 28 12:23:53 radon sSMTP[33861]: SSL connection using TLS_AES_256_GCM_SHA384
root@radon:/usr/local/etc/ssmtp # sendmail: 550 5.2.254 InvalidRecipientsException; Sender throttled due to continuous invalid recipients errors.; STOREDRV.Submission.Exception:InvalidRecipientsException; Failed to process message due to a permanent exception with message [BeginDiagnosticData]Recipient 'root' is not resolved. All recipients must be resolved before a message can be submitted. InvalidRecipientsException: Recipient 'root' is not resolved. All recipients must be resolved before a message can be submitted.[EndDiagnosticData] [Hostname=PR3P193MB0989.EURP193.PROD.OUTLOOK.COM]
 
Turns out it works with SSMTP when defining the target e-mail address here:

Code: 
# cat /etc/mail.rc
set append dot save ask crt
ignore Received Message-Id Resent-Message-Id Status Mail-From Return-Path Via
alias root root<target@gmail.com>

I've seen that the SSMTP port has no maintainer and may get removed though at some point :( . Have not tried OpenSMTPD or dma.
 
Glad it eventually works for you. I have nothing defined in this file.
But the constraints aren't the same for you with your mailbox.

There are many ports that have no maintainer. You may have warnings, but remove a port, it's an another story. I have this software since 2019. No pkg upgrade never suggested to delete it up to now.
 
Cleaning up the aftermath of this, I found a user apparently created by OpenSMTPD but not removed on uninstallation of the port.

Bash: 
# cat /etc/master.passwd | grep smtpq
_smtpq:*:258:258::0:0:OpenSMTPD queue user:/var/empty:/usr/sbin/nologin

May this safely be removed using rmuser or does this have functionality needed when not using OpenSMTPD? Why is it not removed by pkg remove?
 
In general, pkg remove only changes parts of "/usr/local"
Not /etc or /usr/local/etc
Because there can be a configuration you want to keep even after removing the package.
Note : here it is an account which cannot login "nologin".
 
it always warns you do delete accounts/groups created
the dilemma is that pkg upgrade is no different than pkg delete && pkg install
 
I know this is old, but I wanted to share how I got this working with opensmtpd 7.3.0 on FreeBSD 14.

/usr/local/etc/mail/smtpd.conf:
Code: 
table aliases file:/etc/mail/aliases
table secrets file:/usr/local/etc/mail/secrets

filter "rewrite-from" proc-exec "filter-rewrite-from my-email@outlook.com"

listen on socket filter rewrite-from
listen on localhost filter rewrite-from

action "local" mbox alias <aliases>
action "relay" relay host smtp+tls://smtp@smtp.office365.com:587 auth <secrets> mail-from "my-email@outlook.com"

match for local action "local"
match from local for any action "relay"

/usr/local/etc/mail/secrets:
Code: 
smtp my-email@outlook.com:my-password

Set appropriate permissions on the secrets file:
Code: 
chown root:_smtpd /usr/local/etc/mail/secrets
chmod 640 /usr/local/etc/mail/secrets

Install opensmtpd filter-rewrite-from:
Code: 
cd /usr/local/libexec/opensmtpd
fetch https://raw.githubusercontent.com/jirutka/opensmtpd-filter-rewrite-from/master/filter-rewrite-from
chmod +x filter-rewrite-from

At this point, I don't think mail-from "my-email@outlook.com" is needed in the smtpd.conf but things are working and I ran out of time to test without it. It only changed one of the From addresses which resulted in a new error
Initially I couldn't get the filter working, as I didn't specify to run the filter on the socket.
 
You must log in or register to reply here.
Back
Top