Setting up an encrypted key is not hard to do. Passwords for msmtp can be stored in plaintext, encrypted files, or a keyring. Secure this file, as there’s a clear text password in it: chown root:msmtp /etc/msmtprcĬhmod 640 /etc/msmtprc Yes, You Can Encrypt Your Password In effect, what we’re doing is saying: all users will default to mailing through this account, use TLS, log to file, use Gmail’s SMTP relay on port 587, connecting with our Gmail address by authenticating with our username and password. Tls_trust_file /etc/ssl/certs/ca-certificates.crt OK, the config is in /etc/msmtprc and it looks like this: #Set default values for all accounts. I’m the only user, but there are multiple procs running that might want to get in touch with me! Keep in mind that every email emanating from this Raspberry will be going through your Gmail account. I wanted the MTA to be available system-wide. You can follow the default installation methods and install msmtp for one user. Don’t forget “apt update” as a first step to getting your repos in sync. If you’re not logged in a root, you’ll need to prepend “sudo ” to this line. We don’t need to install much: apt install bsd-mailx msmtp msmtp-mta Let’s get a few things installed, and then we can look at configurations. It’s secure, small, free, and runs quietly in the background. Sure, all of this sounds like a tall order, but relief is on the way! msmstp is a lightweight (as compared to trying to configure Sendmail) MTA. Think of the protection offered by ssh with SSL–same game! Once we get there, we will also need to authenticate to Gmail, but we can use our existing Gmail account and password, so no big stretch there. We’re going to be using TLS to create an encrypted tunnel connection from the MUA to the mail relay at Gmail. We just need to make sure that our wheel stays in its lane. Luckily, we don’t need to reinvent the wheel to get our email for work. There are facilities for highly secure connections for your enterprise and of course cost, but I want to focus on free, secure, and easy. Gone are the days of a simple SMTP connection on port 25! Today, Gmail requires that your incoming connection be secure. Gmail offers a great relay service but enforces security. But we need to make sure that our MTA has a reliable connection to a relay. Once you get things working, mail will just work. You can configure that MTA on your server once and forget it. The MTA must be configured to get the email out the door, off your Raspberry, and out to a mail relay. It puts the email header and body together and then passes it off to an MTA or “mail transport agent”. Whether it be Sendmail or Nagios, is the MUA or “mail user agent”. ![]() There are actually quite a few moving parts to getting a message from your Raspberry to your Gmail account. If you’ve got a Gmail account, there’s a fairly straightforward way to allow your Raspberries access to your Gmail in a fairly secure fashion. ![]() ![]() But, because of all the spammers in the world, the email relays have gotten much more stringent of who could just dump email messages on their servers for delivery. Back in the day, you could just run Sendmail and pipe some text to your email address. Wouldn’t it be nice to get an occasional email from one of your Raspberries when something is wrong? Maybe your filesystem is filling up or the monitoring you’ve set up needs to alert you that some of the network devices are overheating.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |