Thank you for visiting!
My little window on internet allowing me to share several of my passions
Categories:
- OpenBSD
- vdcron
- My Sysupgrade
- FreeBSD
- Nas
- DragonflyBSD
- fapws
- Alpine Linux
- Openbox
- Desktop
- Security
- nvim
- yabitrot
- nmctl
- Tint2
- Firewall
- VPN
- Project Management
- Hifi
- Alarm
Most Popular Articles:
Last Articles:
Sending cron emails from any OpenBSD and FreeBSD machines
Posted on 2024-10-31 11:14:00 from Vincent in OpenBSD FreeBSD
With FreeBSD, the base system includes dma, the DragonFly Mail Agent. Developed by DragonFlyBSD developers, this SMTP client allows you to route outgoing mail through an established, trusted SMTP server.
This blog post will show how to redirect cron's email to a generic email address (agmail account in my case). And each server will have his own source email, so I can distinguish them easily.
Introduction
Setting up your own email server provides the advantage of having full control over the entire process chain of your emails. However, sending emails from a personal SMTP server can quickly lead to issues when interacting with major providers like Gmail or Microsoft. Since your SMTP server might be "unrecognized," your emails will likely be marked as spam.
Thanks to DragonFlyBSD developers, we have a way to connect our systems to a "validated" SMTP server—one that's already trusted by others and won’t be flagged as risky. While there’s an extensive debate surrounding email trust and reputation, that discussion is outside the scope of this post.
My goal here is to ensure that all cron-generated emails from my systems can reliably reach a Gmail account created solely for collecting cron outputs.
In this blog, we’ll explore two methods to achieve this goal. One method uses a DNS provider offering email services, and the other, slightly more complex method, leverages Gmail’s SMTP server. The accounts used on these SMTP servers are solely for email validation purposes, with no mailbox storage needed.
OpenBSD with the SMTP Server of a DNS Provider
The simplest setup is to use the email services offered by many DNS providers. Here’s how:
1. Install DMA:
obsd:~ # pkg_add dma
2. Add your SMTP credentials to auth.conf
and secure the file:
obsd:~ # cat /etc/dma/auth.conf
<your email account>|<smtp server>:<password for this SMTP account>
obsd:~ # chmod 600 /etc/dma/auth.conf
3. Configure dma.conf
with the following settings:
obsd:~ # cat /etc/dma/dma.conf
SMARTHOST <smtp server>
ALIASES /etc/dma/aliases
PORT 587
AUTHPATH /etc/dma/auth.conf
SECURETRANSFER
STARTTLS
MASQUERADE <a validated email on this SMTP server>
4. Configure dma
to forward root’s email to your chosen address. Copy the system aliases file and update it:
obsd:~ # cp /etc/mail/aliases /etc/dma/aliases
obsd:~ # echo "root: <destination email>" >> /etc/dma/aliases
5. Set mailer.conf
to use dma
for sending mail:
obsd:~ # cat /etc/mailer.conf
sendmail /usr/local/sbin/dma
mailq /usr/local/sbin/dma
newaliases /usr/local/sbin/dma
Using Gmail’s SMTP Server
If you lack credentials for another SMTP server, you can use Gmail’s SMTP server. This setup is slightly more complex and may require updates as Google’s policies evolve.
1. Create an app password (requires two-step verification) for your Gmail account. This will provide a long password for SMTP authentication.
2. Configure auth.conf
:
obsd:~ # cat /etc/dma/auth.conf
<your Gmail account@gmail.com>|smtp.gmail.com:<generated app password>
obsd:~ # chmod 600 /etc/dma/auth.conf
obsd:~ # chown _dma /etc/dma/auth.conf
3. Update dma.conf
to use Gmail’s SMTP server:
obsd:~ # cat /etc/dma/dma.conf
SMARTHOST smtp.gmail.com
ALIASES /etc/dma/aliases
PORT 587
AUTHPATH /etc/dma/auth.conf
SECURETRANSFER
STARTTLS
MASQUERADE <your Gmail account@gmail.com>
The dma/aliases
and mailer.conf
files remain the same.
Testing the Configuration
To verify the setup, monitor the maillog
:
obsd:~ # tail -f /var/log/maillog
If you see "permission denied" errors, there might be an issue with the MASQUERADE
or auth.conf
settings. Ensure your firewall permits outbound connections to the SMTP server:
pass out inet proto tcp to <smtp server name> port {587}
Reload the firewall if you’ve updated pf.conf
:
obsd:~ # pfctl -vf /etc/pf.conf
If the log shows "delivery successful," the setup is working. To send a test email:
obsd:~ $ cat content_file | mail -s "this is a test" root
This sends the content of content_file
to root with the subject "this is a test." If /etc/dma/aliases
is correctly configured, the email will go to the address linked to root.
Setting up DMA on FreeBSD
On FreeBSD, DMA is part of the base system, so there’s no need to install it separately.
The configuration files in /etc/dma
are the same as on OpenBSD. Except that the auth.conf file must be owned by mailnull
fbsd:/etc/dma # chown mailnull auth.conf
The difference is in mailer.conf
, which by default contains the following:
fbsd:~ # cat /etc/mail/mailer.conf
sendmail /usr/libexec/dma
mailq /usr/libexec/dma
newaliases /usr/libexec/dma
Logging is in /var/log/maillog
, and mail
functions the same as on OpenBSD.
Conclusion
I created email aliases through my DNS provider so that each machine has a unique email sender, all directed to a single collection address. This setup allows me to quickly identify the source machine for each message.
After a few days, this system has been working reliably. I’ll update this blog with any needed adjustments.
NOTE: I've adapted the ownership of the auth.conf file
I discovered DMA while working with a new FreeBSD/ZFS setup, and I appreciate this handy software from DragonFlyBSD developers. BSD developers truly form a great community!