msmtp is an SMTP client. Its role is not to be a full mail server like Postfix or Exim, but simply to forward emails generated locally (by scripts, applications such as Logwatch, etc.) to a real SMTP server (a "smarthost" or "relay") so that it handles the final delivery.
Why use msmtp?
- Lightweight and simple: Its configuration is far simpler than that of a full MTA. It does only one thing: send emails.
- Security: It fully supports TLS, which is essential for connecting to modern SMTP servers such as those of Gmail, Office 365, etc.
- Flexibility: It lets you configure several SMTP server profiles and choose which one to use.
- Replacement for
/usr/sbin/sendmail: It can be configured so that any application trying to use the standardsendmailcommand actually usesmsmtp, making it compatible with a wide range of software.
Prerequisites
- A Linux server (Ubuntu/Debian, CentOS/RHEL).
- Root access or sudo privileges.
- The credentials of an email account on an SMTP server (e.g. Gmail, Outlook, OVH, or your own server).
Installation
# On Debian / Ubuntu
sudo apt-get update
# We also install ca-certificates to handle TLS certificates
sudo apt-get install -y msmtp msmtp-mta ca-certificates
# On CentOS / RHEL
sudo yum install -y epel-release
sudo yum install -y msmtp
The msmtp-mta package on Debian/Ubuntu configures msmtp to replace sendmail, which is very convenient.
Configuration
Configuration is done in the /etc/msmtprc file. This file will contain your credentials, so it must be protected.
Step 1: Create and secure the configuration file
sudo nano /etc/msmtprc
sudo chmod 600 /etc/msmtprcStep 2: Fill in the configuration file
Here is an example configuration for using Gmail's SMTP server:
# Default settings for all accounts
defaults
auth on
tls on
tls_trust_file /etc/ssl/certs/ca-certificates.crt
logfile /var/log/msmtp.log
# Configuration for the Gmail account
account gmail
host smtp.gmail.com
port 587
from [email protected]
user [email protected]
password "YOUR_APP_PASSWORD"
# Account to use by default
account default : gmail
For services like Gmail, do not use your main password. Enable two-factor authentication (2FA) on your Google account and generate a dedicated "app password" for
msmtp. This is much more secure.
Step 3: Configure logging
Create the log file and give it the right permissions.
sudo touch /var/log/msmtp.log
sudo chown syslog:syslog /var/log/msmtp.log
sudo chmod 640 /var/log/msmtp.logTesting email sending
You can now test sending an email from the command line.
# The body of the mail is sent via standard input (stdin)
echo -e "Subject: Test msmtp\n\nThis is a test from my server." | msmtp --debug [email protected]
Check the inbox of `[email protected]`. The `--debug` option will show you the entire SMTP conversation, which is very useful for diagnosing problems.
Thanks to the
msmtp-mta package, if a program such as cron or Logwatch tries to send a mail via /usr/sbin/sendmail, it is msmtp that will be called. You have nothing else to configure!
Conclusion
msmtp is the ideal solution for letting a server send email notifications without the complexity of a full mail server. In just a few minutes, you can set up a secure and reliable SMTP relay for all the applications on your system, thus improving your ability to monitor and automate your administration tasks.
Comments