Nullmailer setup

Documentation Sysadmin
,
1

By default many GNU/Linux systems run their own local SMTP service on localhost to send emails both locally and to the Internet. Nullmailer is a simple SMTP client to send email from a GNU/Linux system to a smarthost (MTA) that will handle the mail delivery. Using a smarthost means the system can send authenticated emails and satisfy modern DNS and email setups. Other options exist, such as MSMTP, or running an MTA like Exim or Postfix, but nullmailer offers a most minimalist option.

This document will guide you through installing and configuring nullmailer to send administrative email out of a system to the sysadmin group.

Pre-requisites

  1. The domain is configured in mx.z7l.eu and in DNS
    • E.g., host -t mx domain.example returns domain.example mail is handled by 10 mx.z7l.eu
  2. The hostname in /etc/hostname is a FQDN (e.g., host.domain.example)
  3. We’re using Debian stable (AKA bookworm at the time of this writing)

Installation

apt install nullmailer

Configuration

cd /etc/nullmailer
# Default destination
x=$(hostname -f); echo "sysadmin.${x//./-}@z7l.eu" > adminaddr
# Default sender (an alias to proc@)
echo "toor@$(hostname -d)" > allmailfrom
# Default domain to append to username
echo $(hostname -d) > defaultdomain
# SMTP credentials (get $PASS from mx.z7l.eu)
install -m 0400 -o mail -g mail /dev/null remotes
echo "mx.z7l.eu smtp --port=465 --ssl --user=proc@$(hostname -d) --pass=$PASS" > remotes
systemctl restart nullmailer

Test

The test email should be simple (single To: address, no Cc:) otherwise it will create errors that won’t be easy to track.

cat > ~/test.email <<EOD
Subject: Nullmailer test
From: some.email@domain.example
To: you@ps.zoethics.org

Hop !
EOD
cat ~/test.email | nullmailer-inject boom
journalctl -feu nullmailer

Since allmailfrom was set, the From: address will be overridden. Be sure to replace you@ps.zoethics.org by an email address you can read!

Conclusion

Software on your system will now be able to send notifications to a central email address.

Caveat

This solution is good for systems with no users except sysadmins, since any user with sudo privilege will be able to read the SMTP credentials. But then, systems with untrusted users who can run sudo should probably not send email directly.

2

hey not sure what this is practically about, I consistantly have issue with smtp, but I am not sure this is about the same thing??

3

Nullmailer is for servers, it’s a lightweight way to tie a machine to a single SMTP account for remote (smarthost) email delivery.

A few years ago, it was customary for each server to run its own local SMTP service. But with SPF and DKIM, it became impractical and unsafe to maintain local SMTP service on many machines. Instead, the DNS records a number of machines (“mail exchangers”) that are authorized to send email, and all other machines must use the authorized senders instead of sending email by themselves.

1 Like