I have some scripts that need to send mail from the command line. While mail works out of the box, it will not work if your ISP blocks port 25, or if your ISP's network address range is on a blacklist. You could use Mail.app and AppleScript, but that requires that the user in question be logged in, and may not work for scripts run by root.
This solution configures postfix, the service used by mail and sendmail, to relay messages through a third-party server (ideally your ISP), optionally using authentication and TLS. You'll need to be root to create/edit the files and run the commands. So, without further delay, enjoy.
Edit /etc/postfix/main.cf and add the following to the end:
relayhost = smtp.yourisp.com # (you can use smtp.yourisp.com:port, such as smtp.yourisp.com:587)
smtp_sasl_auth_enable = yes
smtp_use_tls = yes
smtp_enforce_tls = yes
smtp_sasl_security_options =
smtp_sasl_tls_security_options =
smtp_sasl_tls_verified_security_options =
smtp_tls_loglevel = 2 # optional if you wan to see what's going on with the TLS negotiation in /var/log/mail.log
smtp_sasl_password_maps = hash:/etc/postfix/smtp_sasl_passwords
smtp_tls_per_site = hash:/etc/postfix/smtp_tls_sites
tls_random_source = dev:/dev/urandomCreate /etc/postfix/smtp_sasl_passwords with the following contents:
smtp.yourisp.com username:passwordCreate /etc/postfix/smtp_tls_sites with the following contents:
smtp.yourisp.com MUST_NOPEERMATCHThen run the following commands:
$ cd /etc/postfix
$ chmod go-rx smtp_sasl_passwords
$ postmap smtp_sasl_passwords
$ postmap smtp_tls_sitesTo test, try:
echo "Hello" | mail -s "Test" you@domain.comThe above test may not work if your provider requires a valid source e-mail address. If that's the case, try:
printf "Subject: TestnHello" | sendmail -f you@domain.com you@domain.comThis second test form specifies the "from" address as you, but can be changed to anything you want as long as it passes muster with your provider's server. You can now check the logs:
tail /var/log/mail.logOr, if you're crafty, you'll open a second Terminal window, and before running the tests in the first window, do:
tail -f /var/log/mail.logHere are some notes about options that you see in the content above:
- The *_security_options settings allow postfix to use plain text passwords during authentication (albeit over TLS).
- The MUST_NOPEERMATCH in the smtp_tls_sites file ignores certificate mismatches when negotiating TLS. This, overall, is not a good idea, but I didn't have time to play with it yet and configure the CA. Other options are NONE, MAY, and MUST, but some will require configuration of the CA so that a trust can be established with the server. This, I believe, is configured with smtp_tls_CAfile. When I get it working, I may post an update.
- The chmod go-rx smtp_sasl_passwords removes the group and other/world read/execute permissions on the password files. Only the root user should be able to read it.
That is all. I pieced this information together from lots of useless searches and several useful how-to's and postings. I make no guarantees, but I hope it helps someone.
1344
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
