HOWTO Send an email using Gmail from a system configuration using msmtp and heirloom-mailx (Ubuntu)

Links

Permanent location of video version: https://youtu.be/J1DHQG5qFdU
Permanent location of text version: https://www.alanbonnici.com/2020/11/howto-send-email-from-google-from.html


Introduction and Scope


The following procedure describes the steps to follow to create a solution what will send out an email. This was verified on Ubuntu (both server and GUI platforms). The setting will be stored as a system configuration rather than a user configuration (in which each user have their specific settings).

The reasons to configure the solution to use a system configuration are:

1. The settings are global and can therefore be used by multiple  users.
2. One can send an email before a user has logged in.  In this HOWTO we program the system so that it send an email whenever the computer boots (no user yet logged in).
3. There is only one configuration to maintain.

We will be using as msmtp. Msmtp is a simple SMTP client. The documentation page for this product is at https://wiki.archlinux.org/index.php/Msmtp.

We will also be using Heirloom mailx. Heirloom-mailx was previously known as nail and you can find more information about it at http://heirloom.sourceforge.net/mailx.html.

We use Gmail to transmit email in this HOWTO.  

You will need elevated privileges to perform some actions listed hereunder.


Installing the packages


Open a terminal session and update the package index

     sudo apt-get update
 

 


Install Msmtp package


    sudo apt-get install msmtp-mta


    
Install Heirloom mailx. 


    sudo apt-get install heirloom-mailx



If you get a message that tells you that the package was not found, you will need to add its repository to the list ubuntu queries when one attemtps to install a package.
Using a text editor(nano in this HOWTO), edit the file /etc/sources.list

    sudo nano /etc/apt/sources.list
    
Add the repository below and save the file.

    deb http://security.ubuntu.com/ubuntu trusty-security main universe

Update the list of packages

    sudo apt-get update
    
Attempt to reinstall the mail user agent

    sudo apt-get install heirloom-mailx



Configuring the solution


Since this is a system configuration the placement of the files will be in the /etc/ directory.

For msmstp the configuration settings should be at /etc/msmtp. Edit it

    sudo nano /etc/msmtprc
    
Copy and paste the following into the file

    account default
    auth           on
    tls            on
    tls_trust_file /etc/ssl/certs/ca-certificates.crt
    logfile        /var/log/msmtp

    # gmail
    host           smtp.gmail.com
    port           587
    from           exampleemail@gmail.com
    user           exampleemail
    password       examplepassword

    # Syslog logging with facility LOG_MAIL instead of the default LOG_USER
    syslog LOG_MAIL


Note: some sources I used for this HOWTO added the extension .log to the log file (/var/log/msmtp.log). This failed for me and others.
 



The Google username and password

The from and user parameters in the file /etc/msmtprc are those you use to log into your Gmail.

The password is NOT the password you use to log into your gmail account. A password specific to this solution needs to be generated after you log into Google. Originally application-specific passwords could only be generated from Gmail accounts that had 2FA enabled. I am not sure whether this has changed but anyone who has not yet enabled 2FA should seriously reconsider their decision.  

Benefits of giving each device/service connection a unique name (and app password) are:

  • It allows you to revoke the app password associated when it is no longer used;
  • You can block it by revoking that password If the app password is compromised and is being used to send emails from your account;
  • It allows you to monitor the last time a device/service sent out an alert;
  • If you change your Google password, app passwords are not impacted;
  • The app password is limited to only email transmissions. You cannot use it to log into your Google account.


After logging into Google:

  1. Click "Manage your Google Account" option
  2. Click "Security"
  3. Scroll to the "Signing in to Google" section
  4. Click on "App passwords"
  5. From the "Select app" menu choose "Other (Custom name)"
  6. Enter a descriptive name to identify the service. I have a Google account specifically for machine-2-human communications.  Every computer, server, UPS, security camera and IOT device that I have set up to send me an alerts or state information via email use this account.
  7. Click the Generate button and copy the app password and paste it in the /etc/msmtp configuration file.  Save the file and exit the editor.


Granting ownership and access rights


If you type 'groups msmstp' you are informed that msmtp is a member of the group msmtp.

Change the ownership of /etc/msmtp to user root and members of the group msmtp. This will allow the service msmtp to access the config file.

    sudo chown root:msmtp /etc/msmtprc
    
Change the access rights so that the owner has read and write access, the group msmtp have read access and everyone else have no access.

    sudo chmod 640 /etc/msmtprc

You can verify that the changes you did are correct using the list command.

    ls -l /etc/msmtprc


The log file referenced in the configuration file /var/log/msmtp needs to have the ownership and access rights adjusted.

Since the log files doesn't exist we need to create it, and set the ownership.

    sudo touch /var/log/msmtp
    sudo chown root:msmtp /var/log/msmtp


In this case we grant read-write access to both the owner and the group msmtp. This is because the service will need to write to it.

    sudo chmod 660 /var/log/msmtp

   

The last change that we will do is one that allows us to redirect the sendmail (and mail) command to msmtp.   Edit the file /etc/mailrc and add the following:

    set sendmail="/usr/bin/msmtp"




Testing the solution


Open a terminal window and type in the following. Replace <recipient account> with your email account.

    echo "Hello, World!" | mail -s "Test Message" <recipient account>

You can see the result of the command by dumping the log file.

    sudo cat /var/log/msmtp
    
The mail client associated with <recipient account> should have received the message you sent.



Proof of concept

 
My use case is to have the computer email me whenever it starts.  This event should happen before any user has logged in.

To do this edit crontab with elevated privileges:

    sudo crontab -e
    
Add the line below and save the file.  Here we are saying that 30 seconds after the computer reboots, an email is sent out to the email <my email address>.


    @reboot sleep 30 && echo "For Information Purposes" | mail -s "UBNT-DEMO Computer reboot" <my email address>




Video Version












Comments

Popular posts from this blog

HOWTO setup OpenVPN server and client configuration files using EasyRSA

Securing your Web Server using Let's Encrypt and Certify-The-Web

Is LIDL’s operationally efficient system short changing customers?