If the only thing a server uses mail for is system notifications, life can be simplified. Skip sendmail/mail program installation and configuration. No need to worry if the SMPT server is a security risk. Instead, set up a simple script which sends all notifications via an HTTPS API to an MTA (Mail Transfer Agent).
How is this possible? Because any notifcation is sent using one of the executables mail or sendmail So those executable only have to be sustututed with links to out simple script file.
Of course the mail and sendmail programs have different commend line interfaces (e.g., for specifiying the “to” and “from” fields, so won’t that be a problem? Well, we’ll just send the command line args in their raw form as text at the top of the message. Both mail and sendmail read stdin for the message body, so that is the same.
The sendmail interface is the Linux standard for Linux system programs to send notifications to the system administrator. But sendmail (or subtitutes such as postfix) also carry a lot of other functionality (or baggage depending on your POV).
Removing sendmail (or it’s generic replacement) service reduces system complexity. In the authors case, postfix was suddenly causing network failure on bootup. Removing postfix solved the bootup network failure problem. Re-installing postfix or some other substitute generic sendmail program, dealing with the settings and possible debugging, all seemed non-optimal considering the desired functionality was so limited. Hence this solution.
To keep things simple we will write a program which sends a message composed two parts:
- The command line arguments passed on the sendmail executable command line.
- The standard input passed to the sendmail executable - this will contain some header information followed by the message body.
We won’t try to parse the header for to, from, or subject. An improved version might try to do that with subject.
This example requires an existing account at Mailgun. A free one will do - that currently (July 2018) offers up to 10,000 mails a month. The simplest free account doesn’t require any payment info, but only allows a few ‘To’ addresses, which must be verified. That’s actually prefereable for our use-case: a hijacked key could’t even be used for broadcast spamming.
Here is the Python3 script code:
Alternatively it could be accomplished by this bash script. Note it includes code to identify the caller, which is harder to do in Python.
Test if sendmail or generic sendmail substitute is installed:
If it is installed then it must be removed. If it is a generic substitute, you will have determine which program to remove.
sudo apt purge sendmail
sudo apt purge postfix
sendmail binary has really been removed.
No you can put your own executable named
sendmail in the system path.
This shows how to register for a free Mailgun account that doesn’t require payment information.
You must register the desired target mail address and prove that you own it by reading a mail that Mailgun sends to that address. Below we use the imaginary address firstname.lastname@example.org. Please always replace this with a real mail address you own.
Go to the Mailgun signup page. Enter basic account information including email address email@example.com. Uncheck the payment information box. Submit.
Open firstname.lastname@example.org and to see the confirmation mail from Mailgun. Click on the link. You will be prompted to enter a cell phone number to which they will send a code. Once you enter the code, you will be redirected to your new Mailgun account page.
You will see a box “Message Delivery“ with a line “Free accounts are restricted to authorized recipients only.“. Click the “Add Recipients“ button underneath that line, and enter your address email@example.com. A new screen will appear. Click Invite New Recipient and enter firstname.lastname@example.org*.
Then open your account email@example.com, read the mail from Mailgun:
Mailgun account “gooio” provided your address to test their integration with Mailgun. Please click the link below if you agree to receive emails from their account. I agree
Click I agree.
- Go back to the setup page, copy and paste the example
curl ....command into your server CLI and test the mail goes through.
The full curl command looks something like this:
curl -s --user 'api:(your api)' \
Your assigned domain and key can also be found on the Mailgun domain page.
If you have a domains under your control, you can also register that with Mailgun. That is not necessarily essential for the functionality described in this post, but it would allow the mails to appear as coming from your own domain, which might affect whether it is categorized as junk mail.