marlam / msmtp Goto Github PK

When sending out emails with -t and headers like:

From:
To: [email protected]
CC: [email protected] 

the empty From line made smtp to ignore the To line and send RCPT TO only for the CC recipients.

Now I guess an empty From line is a mistake on the user side, so I'm not sure if this is a bug. But maybe the parsing or the error reporting could be improved here.

First of all thank you for msmtp! I've been using ssmtp for way too long.

As the title says, I use it as a drop-in replacement for sendmail (mostly) to be used through a webpage's PHP contact form.

The logging into my mail account & sending of mail is performed by the www-data user without any user interaction.
To achieve this I created a key pair for www-data, with no passphrase. I did not succeed with a passphrase, because I found no way to enter the passphrase on the command line. GPG seems to simply ignore the --passphrase option.
This key pair is not used for anything else on this system.
Can this be considered sufficiently secure?
If not, what would be a better way to do it?
All "msmtp for PHP" tutorials I found simply store the password as plain text inside the config file...

I also tested an alternative that stores the password encrypted with openssl (using some environment variable as passphrase) but this doesn't work with Debian's msmtp-Apparmor profile, so there's a different challenge.

Hey, I have been using msmtp to forward my mails and noticed that some programs will consume stdin (or close it?), which breaks sending emails.

Reproduce:

• set passwordeval to ssh localhost 'echo password'
• cat mail | msmtp [...] # where mail is bigger than 4097 bytes (which seems related to the pipe buffer/page size?)
• Notice a log like the following:
  msmtp: host=[...] tls=on auth=on user=[...] from=[...] recipients=[...] mailsize=4097 smtpstatus=250 [...]
• Recipient receives truncated message

The mailsize truncating might happen at a different size. I tested on Linux 5.5.5. This also does not raise any error, but truncates the email.

My quick analysis:
Looks like passwordeval is using popen() to spawn the subshell, which inherits stdin if "w" is not specified in the type argument.

My guess is:

• msmtp spawns ssh
• ssh closes the pipe before it exits
• pipe process end from pipe close
• msmtp tries to read from the pipe and reads only up to pipe buffer size before getting end of pipe

I will look into fixing this if I get the time, but this bug isn't that critical since the problem can be worked around by forcing the subshell to use a different stdin (e.g. ssh < /dev/null or ssh -n)

Server A is using msmtp for mail forwarding to another server B where postfix relays the mail forward. The postfix is configured to reject emails with some criteria, e.g.:

smtpd_recipient_restrictions =
       reject_non_fqdn_recipient,
       reject_unknown_recipient_domain,
       check_recipient_access hash:/etc/postfix/recipient_access

If server A sends email with multiple "To" addresses but one of them does not pass the checks at postfix on server B, then none of the "To" address will receive email. At least the valid email addresses should get delivered. Is there an option that we can use to send email separately to "To" specified addresses or handle this in other way? Please advice how to fix this..

Normally, we would try to avoid sending email to bad addresses, but this is a customer system where they may enter bad email addresses (accidently).

I've been using this Ansible role to install MSMTP, but it started failing (it's been a while since I used it, though).

make[2]: Entering directory '/tmp/msmtp.git/po'
*** error: gettext infrastructure mismatch: using a Makefile.in.in from gettext version 0.20 but the autoconf macros are from gettext version 0.19

Environment:

• Fresh install of Ubuntu server 20.04

Workaround

Install gettext v0.21 from Ubuntu hirsute

Please considering offering an option to replace email "From" headers, even if present.

This option would support use cases such as:

Vixie Cron sets a "From" header of "root (Cron Daemon)", which is rejected by Gmail with an error "Messages missing a valid address in From: header, 5.7.1 or having no From: header, are not accepted". I believe that Gmail only accepts emails with "From" headers in the form "name <[email protected]>".

I do not believe that Vixie Cron can be configured to use a different "From" header. Searching the web turns up workarounds such as filtering emails through a script before passing them to msmtp (see answers to this servervault question). Of course, I could try to find an alternative to Vixie Cron or an alternative to Gmail, but it'd be great if msmtp could support a "From" header override.

Perhaps a configuration option: ‘replace_from_header [(on|off)]’?

I put this in the system-wide config file (/etc/msmtprc):

from %U@%H

and when I'm trying to send email with msmtp (also with sendmail command) I'm getting the error from the SMTP server:

msmtp: envelope from address %U@%H not accepted by the server
msmtp: server message: 501 <%U@%H>: domain missing or malformed
msmtp: could not send mail (account default from /etc/msmtprc)

I tested with user config file ~/.msmtprc and getting the same result.

msmtp version: 1.8.6 (Ubuntu 20.04)

I've found out that someone else is having the same issue with msmtp 1.8.3 on Debian: https://serverfault.com/questions/1054731/msmtp-sendmail-substitutions-dont-work-u-etc

A command /usr/bin/msmtp -C ~/.config/msmtp/config -a main doesn't work within Neomutt (neomuttrc config) displaying error File or directory not found.
Replacing ~ with $HOME works as expected.

neomutt version: 20200925

msmtp version: 1.8.13

seems the libgsasl not compatible with exchange server 2019 msmtp reports following error:

<-- 250-SIZE 37748736
<-- 250-PIPELINING
<-- 250-DSN
<-- 250-ENHANCEDSTATUSCODES
<-- 250-STARTTLS
<-- 250-X-ANONYMOUSTLS
<-- 250-AUTH NTLM
<-- 250-X-EXPS GSSAPI NTLM
<-- 250-8BITMIME
<-- 250-BINARYMIME
<-- 250-CHUNKING
<-- 250 XRDST
--> STARTTLS
<-- 220 2.0.0 SMTP server ready
TLS session parameters:
    (TLS1.2)-(ECDHE-SECP384R1)-(RSA-SHA1)-(AES-256-CBC)-(SHA1)
TLS certificate information:
    Owner:
        Common Name: ex-caas04
    Issuer:
        Common Name: ex-caas04
    Validity:
        Activation time: 2019年11月22日 星期五 18时50分00秒
        Expiration time: 2024年11月22日 星期五 18时50分00秒
    Fingerprints:
        SHA256: 07:68:AE:1E:55:44:25:3D:27:17:9F:9A:40:45:BA:60:1A:1E:96:CE:BE:CF:5B:95:57:74:AC:5E:88:42:A6:3A
        SHA1 (deprecated): EF:CA:E7:E6:18:6F:EE:A5:78:0D:2A:13:3E:10:7E:DC:99:58:EB:A9
--> EHLO localhost
<-- 250-ex-caas04.hangsheng.cn Hello [168.8.80.154]
<-- 250-SIZE 37748736
<-- 250-PIPELINING
<-- 250-DSN
<-- 250-ENHANCEDSTATUSCODES
<-- 250-AUTH NTLM LOGIN
<-- 250-X-EXPS GSSAPI NTLM
<-- 250-8BITMIME
<-- 250-BINARYMIME
<-- 250-CHUNKING
<-- 250 XRDST
--> AUTH NTLM
<-- 334 NTLM supported
--> TlRMTVNTUAABAAAAB7IAAAkACQAgAAAAAAAAACkAAAB3YW5naGFvaHM=
<-- 535 5.7.3 Authentication unsuccessful
msmtp: authentication failed (method NTLM)
msmtp: server message: 535 5.7.3 Authentication unsuccessful

while using mutt is ok.

[2020-04-09 20:00:03] 6< 250-SIZE 37748736
[2020-04-09 20:00:03] 6< 250-PIPELINING
[2020-04-09 20:00:03] 6< 250-DSN
[2020-04-09 20:00:03] 6< 250-ENHANCEDSTATUSCODES
[2020-04-09 20:00:03] 6< 250-AUTH NTLM LOGIN
[2020-04-09 20:00:03] 6< 250-X-EXPS GSSAPI NTLM
[2020-04-09 20:00:03] 6< 250-8BITMIME
[2020-04-09 20:00:03] 6< 250-BINARYMIME
[2020-04-09 20:00:03] 6< 250-CHUNKING
[2020-04-09 20:00:03] 6< 250 XRDST
[2020-04-09 20:00:03] SASL local ip: 192.168.6.128;36588, remote ip:210.75.14.244;25
[2020-04-09 20:00:03] External SSF: 256
[2020-04-09 20:00:03] External authentication name: 
[2020-04-09 20:00:03] 认证中 (NTLM)...
[2020-04-09 20:00:03] 6> AUTH NTLM TlRMTVNTUAABAAAABwIAAAAAAAAgAAAAAAAAACAAAAA=
[2020-04-09 20:00:03] 6< 334 TlRMTVNTUAACAAAAEgASADgAAAAFAoECvimCB5nDjuMAAAAAAAAAAKQApABKAAAABgOAJQAAAA9IAEEATgBHAFMASABFAE4ARwACABIASABBAE4ARwBTAEgARQBOAEcAAQASAEUAWAAtAEMAQQBBAFMAMAA0AAQAGABoAGEAbgBnAHMAaABlAG4AZwAuAGMAbgADACwAZQB4AC0AYwBhAGEAcwAwADQALgBoAGEAbgBnAHMAaABlAG4AZwAuAGMAbgAFABgAaABhAG4AZwBzAGgAZQBuAGcALgBjAG4ABwAIACpg+nFmDtYBAAAAAA==
[2020-04-09 20:00:03] mutt_sasl_cb_authname: getting authname for 
[2020-04-09 20:00:03] mutt_sasl_cb_pass: getting password for 
[2020-04-09 20:00:03] 6> TlRMTVNTUAADAAAAAAAAAEAAAAAYABgAQAAAABIAEgBYAAAAEgASAGoAAAAAAAAAfAAAAAAAAAB8AAAABQIAAD5I2dR8z88XoDDjTWwjRc3mbPNqZ/TV0kgAQQBOAEcAUwBIAEUATgBHAHcAYQBuAGcAaABhAG8AaABzAA==
[2020-04-09 20:00:03] 6< 235 2.7.0 Authentication successful

I think libgsasl ntlm implemention has bugs

Hi,

I encountered a few strange bugs while trying to send mail with msmtp 1.8.10 on an aarch64 arm platform.

I use the following command to send an email:
echo "hello world!" | msmtp [email protected]

The default account is set to use the host smtp.office365.com, port 567.

If I place my config file in /etc/msmtprc, msmtp crashes (with --debug):

reading recipients from the command line
<-- 220 QB1PR01CA0010.outlook.office365.com Microsoft ESMTP MAIL Service ready at Thu, 7 May 2020 17:17:36 +0000
--> EHLO localhost
<-- 250-QB1PR01CA0010.outlook.office365.com Hello [192.222.209.59]
<-- 250-SIZE 157286400
<-- 250-PIPELINING
<-- 250-DSN
<-- 250-ENHANCEDSTATUSCODES
<-- 250-STARTTLS
<-- 250-8BITMIME
<-- 250-BINARYMIME
<-- 250-CHUNKING
<-- 250 SMTPUTF8
--> STARTTLS
<-- 220 2.0.0 SMTP server ready
msmtp: pthread_mutex_lock.c:149: __pthread_mutex_lock: Assertion `PTHREAD_MUTEX_TYPE (mutex) == PTHREAD_MUTEX_ERRORCHECK_NP' failed.
Aborted

Without --debug, it just hangs without any log.

If I move the same config file to another path and use it directly with --file=myconfig, msmtp also hangs.

However, if I had the --debug flag the email does get sent (?). So, msmtp --debug --file=myconfig [email protected] works, but msmtp --file=myconfig [email protected] does not.

Any clue on what could be the issue?

If e-mail has incorrect (incompleted) From header - msmtp doesn't rewrite it for "canonical" view. It's normal to get option for it, m.b. it can a new extra value to set_from_header. E.g. msmtp can use "maildomain" vaule for make right From header like "[email protected]".

It needs for crond emails, for example. Default From header in cron e-mails seems like 'From: "(Cron Daemon)" '. Some web e-main interfaces breaks with this From.

How to reproduce it.

• Config /etc/msmtprc

defaults
tls_trust_file /etc/pki/tls/certs/ca-bundle.crt

account test-relay
host test.domain.tld
port 25
from [email protected]
maildomain domain.tld
set_from_header off

account default : test-relay

• Test e-mail:

cat <<EOF >> /tmp/messsage.txt
Content-Type: text/plain; charset=utf-8
Subject: There is a bug
From: test

Hello!
There is a test!
EOF

• Send it:

cat /tmp/messsage.txt | msmtp [email protected]

Message headers in my mailbox:

Delivered-To: [email protected]
Return-path: <[email protected]>
...
Received: from my-relay.domain.tld ([1.2.3.4]:53218)
	by m...u with esmtp (envelope-from <[email protected]>)
	id 1...7
	for [email protected]; Mon, 24 May 2021 14:56:49 +0300
DKIM-Signature: ...
Received: from localhost-with-msmtp ([2.3.4.5]:52514 helo=localhost)
	by my-relay.domain.tld with esmtp (Exim)
	(envelope-from <[email protected]>)
	id 1...N
	for [email protected] Mon, 24 May 2021 14:56:48 +0300
Date: Mon, 24 May 2021 14:56:48 +0300
Content-Type: text/plain; charset=utf-8
Subject: There is a bug
From: test

This example with postfix and canonical config options:

...
Subject: There is a bug
From: [email protected]
Date: Mon, 24 May 2021 15:20:14 +0300 (MSK)

It would be nice if at least %C would be expanded in the 'domain' configuration command.

Hi,

Is it possible that msmtp accepts only upper-case SMTP commands?

send: 'ehlo lechner-desktop.us-core.com\r\n'
reply: b'500 Expected EHLO or HELO\r\n'
reply: retcode (500); Msg: b'Expected EHLO or HELO'
send: 'helo lechner-desktop.us-core.com\r\n'
Traceback (most recent call last):
  File "/lcl/lechner/keyring/key-expirations/./upcoming-expirations", line 174, in <module>
    send_reminder(recipient_mailbox, recipient_name, status, server_date, keyid, sender_name, sender_email)
  File "/lcl/lechner/keyring/key-expirations/./upcoming-expirations", line 74, in send_reminder
    s.send_message(message)
  File "/usr/lib/python3.9/smtplib.py", line 927, in send_message
    self.ehlo_or_helo_if_needed()
  File "/usr/lib/python3.9/smtplib.py", line 605, in ehlo_or_helo_if_needed
    (code, resp) = self.helo()
  File "/usr/lib/python3.9/smtplib.py", line 434, in helo
    (code, msg) = self.getreply()
  File "/usr/lib/python3.9/smtplib.py", line 398, in getreply
    raise SMTPServerDisconnected("Connection unexpectedly closed")
smtplib.SMTPServerDisconnected: Connection unexpectedly closed

I cannot send mail with Python's smtplib in this program here. No workaround seems to exist. This thread about the issue says "RFC 821 defines that [the commands] can be any syntax, such as mAiL FroM". Thank you!

Kind regards
Felix Lechner

I'm testing code that drives msmtp, and would like the code to fail gracefully. One scenario is if the user enters the wrong port number, and the server never responds; I don't want msmtp to wait forever, so I'm specifying a timeout value.

Problem: the actual timeout seems to be four times the value specified in the configuration file. Specify 30 seconds, msmtp takes 120 seconds to fail. Specify 10 seconds, msmtp takes 40 seconds to fail. (This is with a non-TLS connection to port 25, where the specific server doesn't support port 25, BTW.)

Why does msmtp take four times as long as specified? Alternatively, what's a reasonably low timeout value I could use that wouldn't cause connection failurs?

Version output:

$ msmtp --version
msmtp version 1.8.13
Platform: i686-pc-linux-gnu
TLS/SSL library: none
Authentication library: built-in
Supported authentication methods:
plain external cram-md5 login oauthbearer xoauth2 
IDN support: enabled
NLS: enabled, LOCALEDIR is /usr/local/share/locale
Keyring support: none
System configuration file name: /usr/local/etc/msmtprc
User configuration file name: /home/devuser/.msmtprc

Copyright (C) 2020 Martin Lambers and others.
This is free software.  You may redistribute copies of it under the terms of
the GNU General Public License <http://www.gnu.org/licenses/gpl.html>.
There is NO WARRANTY, to the extent permitted by law.

Config file:

defaults
auth on
tls ${tlsFlag}
tls_trust_file /opt/tools/etc/ca-certificates.crt
logfile ${logfile}

account sender
host ${serverName}
port ${portNum}
user ${user}
from ${fromUser}
password ${password}

timeout 10

account default : sender

Exim (as relay for msmtp) fails DKIM with error "LONG_LINE" if it gets "special" e-main with wrong format. Wrong format is looong lines in looong e-mail, e.g. 300 lines with 5000 symbols. It may be some log from cronjob.

2021-05-24 13:39:07.234 [25791] 1ll7zH-0006hz-7W DKIM: validation error: LONG_LINE
2021-05-24 13:39:07.550 [25791] 1ll7zH-0006hz-7W DKIM: Error during validation, disabling signature verification: LONG_LINE

For example, Postfix uses smtp_line_length_limit config option to add line breaks. You can see it here on Github.

How to simulate it.

• Config for msmtp /etc/msmtprc:

defaults
tls_trust_file /etc/pki/tls/certs/ca-bundle.crt

account demo-relay
host SOME-EXIM-SERVER-AS-RELAY.domain.tld
port 25
from [email protected]

account default : demo-relay

• Prepare the test message:

cat <<EOF >> /tmp/messsage.txt
Content-Type: text/plain; charset=utf-8
Subject: There is a bug
From: [email protected]

Hello!
EOF

for j in {1..300}; do for i in {1..5000}; do echo -n $j$i; done; echo; done >>  /tmp/messsage.txt

• Send it with msmtp like with sendmail:

cat  /tmp/messsage.txt | msmtp [email protected]

You can see same error in exim log after it. Also you can read more about this problem here: exim-users at mail-archive.com. I suggest to use same method for line breaks to avoid this error in remote relay.

I know. I probably need to update to Buster, but thought you'd like to know anyway.

➜  msmtp git:(master) make
make  all-recursive
make[1]: Entering directory '/usr/src/msmtp'
Making all in src
make[2]: Entering directory '/usr/src/msmtp/src'
  CC       conf.o
  CC       list.o
  CC       msmtp.o
  CC       net.o
  CC       netrc.o
  CC       readbuf.o
  CC       smtp.o
  CC       stream.o
  CC       tools.o
  CC       xalloc.o
  CC       aliases.o
  CC       password.o
  CC       base64.o
  CC       md5.o
  CC       md5-apps.o
  CCLD     msmtp
  CC       msmtpd.o
  CCLD     msmtpd
make[2]: Leaving directory '/usr/src/msmtp/src'
Making all in po
make[2]: Entering directory '/usr/src/msmtp/po'
make msmtp.pot-update
make[3]: Entering directory '/usr/src/msmtp/po'
sed -e '/^#/d' remove-potcdate.sin > t-remove-potcdate.sed
mv t-remove-potcdate.sed remove-potcdate.sed
package_gnu="no"; \
test -n "$package_gnu" || { \
  if { if (LC_ALL=C find --version) 2>/dev/null | grep GNU >/dev/null; then \
         LC_ALL=C find -L .. -maxdepth 1 -type f -size -10000000c -exec grep -i 'GNU msmtp' /dev/null '{}' ';' 2>/dev/null; \
       else \
         LC_ALL=C grep -i 'GNU msmtp' ../* 2>/dev/null; \
       fi; \
     } | grep -v 'libtool:' >/dev/null; then \
     package_gnu=yes; \
   else \
     package_gnu=no; \
   fi; \
}; \
if test "$package_gnu" = "yes"; then \
  package_prefix='GNU '; \
else \
  package_prefix=''; \
fi; \
if test -n '[email protected]' || test '[email protected]' = '@'PACKAGE_BUGREPORT'@'; then \
  msgid_bugs_address='[email protected]'; \
else \
  msgid_bugs_address='[email protected]'; \
fi; \
case `/usr/bin/xgettext --version | sed 1q | sed -e 's,^[^0-9]*,,'` in \
  '' | 0.[0-9] | 0.[0-9].* | 0.1[0-5] | 0.1[0-5].* | 0.16 | 0.16.[0-1]*) \
    /usr/bin/xgettext --default-domain=msmtp --directory=.. \
      --add-comments=TRANSLATORS: \
      --files-from=./POTFILES.in \
      --copyright-holder='Martin Lambers <[email protected]>' \
      --msgid-bugs-address="$msgid_bugs_address" \
      --keyword=_ --keyword=N_ --flag=asprintf:2:c-format --flag=vasprintf:2:c-format --flag=xasprintf:1:c-format  \
    ;; \
  *) \
    /usr/bin/xgettext --default-domain=msmtp --directory=.. \
      --add-comments=TRANSLATORS: \
      --files-from=./POTFILES.in \
      --copyright-holder='Martin Lambers <[email protected]>' \
      --package-name="${package_prefix}msmtp" \
      --package-version='1.8.12' \
      --msgid-bugs-address="$msgid_bugs_address" \
      --keyword=_ --keyword=N_ --flag=asprintf:2:c-format --flag=vasprintf:2:c-format --flag=xasprintf:1:c-format  \
    ;; \
esac
test ! -f msmtp.po || { \
  if test -f ./msmtp.pot-header; then \
    sed -e '1,/^#$/d' < msmtp.po > msmtp.1po && \
    cat ./msmtp.pot-header msmtp.1po > msmtp.po && \
    rm -f msmtp.1po \
    || exit 1; \
  fi; \
  if test -f ./msmtp.pot; then \
    sed -f remove-potcdate.sed < ./msmtp.pot > msmtp.1po && \
    sed -f remove-potcdate.sed < msmtp.po > msmtp.2po && \
    if cmp msmtp.1po msmtp.2po >/dev/null 2>&1; then \
      rm -f msmtp.1po msmtp.2po msmtp.po; \
    else \
      rm -f msmtp.1po msmtp.2po ./msmtp.pot && \
      mv msmtp.po ./msmtp.pot; \
    fi; \
  else \
    mv msmtp.po ./msmtp.pot; \
  fi; \
}
make[3]: Leaving directory '/usr/src/msmtp/po'
*** error: gettext infrastructure mismatch: using a Makefile.in.in from gettext version 0.20 but the autoconf macros are from gettext version 0.19
Makefile:243: recipe for target 'stamp-po' failed
make[2]: *** [stamp-po] Error 1
make[2]: Leaving directory '/usr/src/msmtp/po'
Makefile:408: recipe for target 'all-recursive' failed
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory '/usr/src/msmtp'
Makefile:349: recipe for target 'all' failed
make: *** [all] Error 2

I'm new to C/C++ and just compiled msmtp.exe to use as a PHP sendmail replacement on Windows, using MXE on CentOS 7. Though the executable works just fine in Powershell, it seems versions 1.8+ are returning "cannot create temporary file: Permission denied" when executing via PHP (sendmail_path=C:\path\to\msmtp.exe -t).

I believe this is due to the tmpfile() function in C/C++ trying to save temp files either to a restricted system folder (e.g. C:\Windows, source 1 2) or an obscure nested folder in C:\Users\\AppData (source 3).
However, despite my best efforts, I am not able to clear this error or find where the temp files are being deposited.
I tried changing the system environment variables TMP, TEMP, & TMPDIR, as well as the shotgun approach of granting Windows user rights to likely folders - all to no avail.

As such, I wonder whether there is a way to change the directory where these temp files are saved on Windows, for instance, at compilation. Having it set to C:\Windows\Temp would be nice, as this was the default location for temp files in v1.6.8 and earlier.

Any input would be very appreciated. Thank you.

When running, get_conf does a check_secure on the configuration file which fails if:

• statbuf.st_uid != geteuid()
• statbuf.st_mode & (S_IXUSR | S_IRGRP | S_IWGRP | S_IXGRP | S_IROTH | S_IWOTH | S_IXOTH) (anything > 0600)

I'm using an /etc/msmtprc file which could be very well used in the following context:

• msmtpd (On Debian, a {DynamicUser} systemd daemon part of the msmtp group)
• Raw sendmail (actually using smailq) which could very well be ran via a PHP-FPM thread or a PHP-cli user
• A cron job

In this context I found no permission check that would bypass all these constraints, the main one being the check done by msmtp itself. As many other software (like ssh or composer), I think it deserves a flag to disable this security check.

Note: Relying on msmtpd (as an intermediary socket would securely centralize the access to the rc file) would resolve this but its use is not advised (as per documentation) and the daemon does not support pipelining.

Dec 10 11:46:01 RequestTracker.ultraimage.us crond[738]: sendmail: account default not found: no configuration file available
Dec 10 11:46:01 RequestTracker.ultraimage.us CROND[25577]: (rtuser) MAIL (mailed 208 bytes of output but got status 0x004e

im configured to use msmtp as sendmail, and requesttracker uses apache to run an msmtp wrapper. i've had iot working, but apparently adding another email broke it all?

all files are owned and have permissions for apache to use

Is there a way to encrypt emails (say with gpg) before transferring them so that the mail server cannot read them?

msmtp is a very popular lightweight MTA on OpenWRT and I've been experimenting with it recently.

I've noticed that msmtpq requires bash for it's interpreter and I would like to inquire if porting this to POSIX for the busybox ash shell would be a reasonable feature request.

In OpenWRT, bash requires roughly 420KB of storage, and it's not installed by default. While 420KB seems pathetically small in modern days, it's huge for typical OpenWRT systems, many of which will only have 1-2MB of free overlay space on their 8MB NOR flash chip.

In OpenWRT, the msmtp, msmtp-mta, and msmtp-queue packages themselves total to approximately 57KB in size, which is quite reasonable. The BASH dependency alone is multiples larger, so removing this dependency would be a huge improvement.

The default shell on OpenWRT is busybox's ash shell, While it's not POSIX it's pretty close.

Would you be open to accepting patches to port msmtpq away from bash to a POSIX or ash-compatible variant?

I've already run msmtpq through the shellcheck linter and it's come up with a number of issues. I think the most significant is that ash doesn't have arrays and there's some string indexing issues, but I don't think these would be too difficult to replace.

Please let me know what you think.

Debian 10 install on server without any email installed. Sending email using msmtp and CLI delivers and works great.

However, email sent from the panel (HestiaCP) to notify me of issues delivers to the account being used to authenticate msmtp and shows undeliverable to the receiving address.

`Reporting-MTA: dns; mail.sendingdomain.com
X-Postfix-Queue-ID: 14130238EB
X-Postfix-Sender: rfc822; [email protected]
Arrival-Date: Sun, 24 Jan 2021 18:40:57 -0600 (CST)

Final-Recipient: rfc822; [email protected]_
Original-Recipient: rfc822;[email protected]_
Action: failed
Status: 5.4.4
Diagnostic-Code: X-Postfix; Host or domain name not found. Name service error
for name=receivingdomain.com_ type=AAAA: Host not found`

So the email comes through to me at the sending domain as a bounce (undeliverable).

Hello,

I attempt to switch to msmtp, and use msmtpd as local smtp server. However so far I cannot get it working with qBittorrent.

My system is Debian GNU/Linux 10 (buster) aarch64, msmtp version 1.8.3, qBittorrent EE v4.3.6.10.

qBittorrent has following config:

[Preferences]
MailNotification\[email protected]
MailNotification\enabled=true
MailNotification\password=
MailNotification\req_auth=false
MailNotification\req_ssl=false
MailNotification\[email protected]
MailNotification\smtp_server=localhost
MailNotification\username=

This works with both exim4 and opensmtpd as local smtp server, so probably isn't an issue from qBittorrent's side.

For /etc/msmtprc, I have:

# Set default values for all following accounts.
defaults
auth           on
tls            on
tls_starttls   off
tls_trust_file /etc/ssl/certs/ca-certificates.crt
logfile        /var/log/msmtp.log

# SendGrid
account        sendgrid
host           smtp.sendgrid.net
port           465
from           [email protected]
user           apikey
password       secrets

# Set a default account
account default : sendgrid

It works with test email from Archwiki, and apt-listchanges, so I guess that's also fine.

To run it as local smtp server, Debian provided the following systemd unit file:

[Unit]
Description=msmtp daemon
Documentation=man:msmtpd(1)

[Service]
DynamicUser=true
AmbientCapabilities=CAP_NET_BIND_SERVICE
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
NoNewPrivileges=true
# NoNewPrivileges prevents the setgid mechanism from working
# so since msmtp is setgid in order to read /etc/msmtprc, the
# msmtp group need to be added in a different way
SupplementaryGroups=msmtp

Environment=INTERFACE=127.0.0.1 PORT=25
EnvironmentFile=-/etc/default/msmtpd

Type=simple
ExecStart=/usr/sbin/msmtpd --interface=${INTERFACE} --port=${PORT}

Restart=always
RestartSec=60

ProtectHome=true
PrivateTmp=true

[Install]
WantedBy=multi-user.target

And I can't get the notification at all. I checked the qBittorrent's log, and it doesn't give any useful info:

(N) TIMESTAMP - 'Whatever' added to download list.
(N) TIMESTAMP - Torrent: Whatever Torrent, sending mail notification

And for msmtp's log, there is no new entry at all.

I have tried to bind msmtpd to ::1, or change qBittorrent's config to smtp_server=127.0.0.1, no luck.

Do it happened to anyone else? How do I check if anything goes wrong? Thanks in advance.

Regards.

I was trying to compile the source code so I could create a pull request for my other issue (#24). I ran the following commands:

$ autoreconf -i
$ ./configure
$ make

the last command, make, fails with the following errors:

  MAKEINFO msmtp.info
msmtp.texi:765: warning: @example should only appear at the beginning of a line
msmtp.texi:765: warning: @example should not appear in @var
msmtp.texi:765: @var missing closing brace
msmtp.texi:765: misplaced }
msmtp.texi:765: warning: @example should only appear at the beginning of a line
msmtp.texi:765: warning: @example should not appear in @var
msmtp.texi:765: @var missing closing brace
msmtp.texi:765: misplaced }
msmtp.texi:766: `@end' expected `example', but saw `enumerate'
msmtp.texi:766: `@end' expected `example', but saw `enumerate'
make[2]: *** [Makefile:373: msmtp.info] Error 1

I also tried downloading the source tarball from the main project website, and that compiled just fine. Is there something else I should be doing?

I'm trying to send an email from an institutional email account. I use TLS with two google accounts with no issues, however when I try to use my *.edu email to send, I get the following error:

msmtp: TLS certificate verification failed: certificate 2 of 4 has expired msmtp: could not send mail (account school from /home/USER/.config/msmtp/config)

This comes from running: echo 'hello world' | msmtp -a school [email protected]

My config file is as follows:

defaults
auth on
tls on
tls_starttls off
tls_trust_file	/etc/ssl/certs/ca-certificates.crt
logfile	~/.config/msmtp/msmtp.log

account school
host mail.school.edu
port 465
from [email protected]
user user
passwordeval "pass mutt-wizard-school"```

Is there something I'm missing?

Hi,

Is it possible to place emails that could not be sent for temporary reasons (4XX error codes) on a named queue, so that msmtp could try re-sending them later on?

Thanks!

I've been having trouble getting msmtp to work with Duo/Outlook 365---I get EX_NOPERM. My IT department is unwilling to issue an app password, and the approach from #28 doesn't seem to port over, as Duo doesn't support OAuth2.

Does anyone have any experience with this? (Apologies if this is the wrong venue to ask.)

Trying to send mail from Neomutt using msmtp. When I try to send mail I get "Error sending message, child exited 127 (Exec error.)" When I look at my config file in '/.config/msmtp' I can see that the logfile parameter is set to '/.config/msmtp/msmtp.log'. Yet I have no log file in this directory.

Many Thanks for any advice that can be offered.

Hi, found the Christian Tenllado's tutorial at here and I had a look at Luxing Huang tutorial, too.

I did my msmtprc like this:

account YZYZYZ
host smtp.gmail.com
from [email protected]
port 587
protocol smtp
tls on
tls_trust_file /etc/ssl/certs/ca-certificates.crt
auth oauthbearer
user [email protected]
passwordeval /home/myuser/.oauth2token [email protected] YZYZYZ

I set up the system's keyring like this:

secret-tool store --label=msmtp-oauth2 client-id client-id
Password:

I copy and paste the "OAuth client ID" in the password prompt above.

secret-tool store --label=msmtp-oauth2 client-secret client-secret
Password:

I copy and paste the "Secret" in the password prompt above.

secret-tool store --label=msmtp-oauth2 refresh refresh
Password:

I copy and paste the "Refresh Token" in the password prompt above.

The first thing is: the above approach is suitable to Christian Tenllado's tutorial?
The second ones is: the msmtprc configuration above is suitable to my system's keyring configuration above?

After did these configurations (above), I test to send a message and got this error:

sh: 1: /home/myuser/.oauth2token: Permission denied
msmtp: was not possible to read the stdout from "/home/myuser/.oauth2token
[email protected] YZYZYZ"

Here is the ls -l output:

myuser@myuser:~$ ls -l /home/myuser/.oauth2token
-rwxr-xr-x 1 myuser myuser 1957 ago 11 21:58 /home/myuser/.oauth2token
myuser@myuser:~$

myuser@myuser:~$ ls -l /home/myuser/.oauth2.py
-rwxr-xr-x 1 myuser myuser 12616 ago 11 11:15 /home/myuser/.oauth2.py
myuser@myuser:~$

I had configured the offlineimap and it is running out of the box! Love!

Please, could you help-me with msmtp?

Thank you so much!

I'm trying to use msmtp 1.8.12 on macOS to point PHP's mail() function at.

If I have no To recipients (the $to param to mail() is an empty string or null), but BCCs are in headers, msmtp fails saying msmtp: no recipients found. My message looks like:

Date: Tue, 8 Sep 2020 09:06:13 +0000
From: Joe User <[email protected]>
Bcc: [email protected]
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
To: undisclosed-recipients:;
Subject: test

test

My msmtp config is:

defaults
account [email protected]
host localhost
port 2500
auth plain
user test
password password
tls off
undisclosed_recipients off
read-recipients

As far as I can see, read-recipients should make msmtp use the addresses from the bcc header. I don't want it to set undisclosed-recipients for me as I'm doing that myself, so I disabled that.

The same message relayed via postfix's sendmail works as expected. Have I missed something or is this a bug?

Hello, i have this two problem:
The first is that i use the aliases file i have this response:

My config file:

#Set Alias
aliases /etc/aliases
#Set default values for all following accounts.
defaults
port 587
tls on
tls_trust_file /etc/ssl/certs/ca-certificates.crt
account gmail
host smtp.gmail.com
from [email protected]
auth on
user stefano.pica22
password
#Set a default account
account default : gmail

My Aliases File:
stefano: [email protected]
root: [email protected]
default: [email protected]

The second error is that if i try to encrypt the password:
gpg -vv --encrypt -o .msmtp-gmail.gpg -r [email protected] -

Thanks a lot
Stefano

I'm asking whether we can have DKIM support for msmtp?
I saw there's a post about this:

• https://stackoverflow.com/questions/63713214/how-to-use-msmtp-with-dkim-to-send-as-other-organisation

If it's possible to add some example config, it'd be appreciated.
Thanks!

I'm trying to configure msmtp with Gmail on MacOS Catalina 10.15.5, but running into the following error:

$ echo "hello world" | msmtp -a personal <AN EMAIL ADDRESS>
msmtp: TLS handshake failed: An unexpected TLS packet was received.
msmtp: could not send mail (account personal from /Users/ben/.msmtprc)

Debug output:

$ echo "hello there username." | msmtp -d -a personal <AN EMAIL ADDRESS>
ignoring system configuration file /usr/local/Cellar/msmtp/1.8.11/etc/msmtprc: No such file or directory
loaded user configuration file /Users/ben/.msmtprc
using account personal from /Users/ben/.msmtprc
host = smtp.gmail.com
port = 587
source ip = (not set)
proxy host = (not set)
proxy port = 0
socket = (not set)
timeout = off
protocol = smtp
domain = localhost
auth = choose
user = <MY GMAIL>@gmail.com
password = *
passwordeval = (not set)
ntlmdomain = (not set)
tls = on
tls_starttls = off
tls_trust_file = /Users/ben/.mail/GlobalSign-Root-CA.crt
tls_crl_file = (not set)
tls_fingerprint = (not set)
tls_key_file = (not set)
tls_cert_file = (not set)
tls_certcheck = on
tls_min_dh_prime_bits = (not set)
tls_priorities = (not set)
tls_host_override = (not set)
auto_from = off
maildomain = (not set)
from = <MY GMAIL>@gmail.com
set_from_header = auto
set_date_header = auto
remove_bcc_headers = on
undisclosed_recipients = off
dsn_notify = (not set)
dsn_return = (not set)
logfile = /Users/ben/.msmtp.log
logfile_time_format = (not set)
syslog = (not set)
aliases = (not set)
reading recipients from the command line
msmtp: TLS handshake failed: An unexpected TLS packet was received.
msmtp: could not send mail (account personal from /Users/ben/.msmtprc)

My .msmtprc:

account personal
host smtp.gmail.com
port 587
protocol smtp
auth on
from <MY GMAIL>@gmail.com
user <MY GMAIL>@gmail.com
password <MY PASSWORD>
tls on
tls_starttls off
tls_trust_file ~/.mail/GlobalSign-Root-CA.crt
logfile ~/.msmtp.log

account default : personal

I suspect this has something to do with certificates, but I'm having trouble narrowing it down based on the error message. What am I missing in my configuration?

I like to get mail delivery confirmations, so I have mail DSN enabled in my e-mail client (neomutt). When I send an email to a server that does not support DSN, msmtp fails to send the mail.

It passes this argument to msmtp:

-N delay,failure,success

Is there a way to make it silently continue?

Hi,

I suggest that the following be acceptable in a configuration file:

account foobar
host barbaz.domain.tld
from [email protected]
from user.*@domain.tld # important
auth on
[...]

Why? Because this allows to send mail easily with "tagged" addresses, such as [email protected] (I setup my own domains like that because far too many forms reject the usual +tag syntax). This is useful because I could wish to use only an "alias" with my bank (moviuro.bank@) and another alias when I exchange with my ISP (moviuro.isp@). ATM, I can only send mail as moviuro@ unless I specify all aliases/alternatives by hand (which would be quite a lot, and would prevent me from using them "on the spot").

I can't write C code, but my guess is that it would require only limited changes to account_t *find_account_by_envelope_from(list_t *acc_list, const char *from).

Best regards,

Hi,

I used to use sSMTP on most of my systems to get local mail from tools like logcheck delivered to my mail server. Now, on a newly installed Debian system, I'd like to use msmtp as a replacement for sSMTP since it is currently not maintained. I had no problems when configuring mstmp for my mail server and delivery works without problems when I send mail from the command line with full recipient addresses, i.e. those that contain a domain name.

However tools like logcheck (appear to) just send mail to local users without a domain name. With sSMTP, the RewriteDomain configuration value was appended to recipient used in smtp's RCPT TO command:

ssmtp-machine $ mailx -v root
Subject: test
test
.
Cc:
[<-] 220 mailserver.example.com ESMTP Exim 
[->] HELO myhost.example.com
[<-] 250 mailserver.example.com Hello public-hostname.example.com [ipv6-address]
[->] MAIL FROM:<[email protected]>
[<-] 250 OK
[->] RCPT TO:<[email protected]>
[<-] 250 Accepted
[->] DATA
[<-] 354 Enter message, ending with "." on a line by itself
...
[->] To: root
[->] Subject: test
...
[<-] 250 OKid=foobar
[->] QUIT
[<-] 221 mailserver.example.com  closing connection

With msmtp I was not able to configure it that way. If I perform the same steps as above I end with the following

msmtp-machine $ mailx -v root
Subject: test
test
.
Cc:
<-- 220 mailserver.example.com ESMTP Exim
--> EHLO my_other_host.example.com
<-- 250-mailserver.example.com Hello public-hostname.example.com [ipv6-address]
<-- 250-SIZE 52428800
<-- 250-8BITMIME
<-- 250-PIPELINING
<-- 250-AUTH PLAIN
<-- 250 HELP
--> MAIL FROM:<root@my_other_host.example.com>
--> RCPT TO:<root>
--> DATA
<-- 250 OK
<-- 501 <root>: recipient address must contain a domain

Maybe I missed something in the documentation, but It appears that I could only adjust the aliases file to achieve this. This appears cumbersome to do this configuration for every local (system) account that mail is potentially sent to.

If there is no other way to do so currently, I'd like to suggest an option to append a domain name to the recipient that is passed to the mail server. Maybe something like rcpt_to_domain in the config file that adds '@' plus the configured value to the recipient(s) during SMTP exchange when no domain name is already present in the recipient address.

Hello, I want to use oauth2/oauthbearer authorization with my mail provider. So far i have no success with msmtp:

msmtp --version

msmtp version 1.8.6
Platform: x86_64-pc-linux-gnu
TLS/SSL library: GnuTLS
Authentication library: GNU SASL; oauthbearer: built-in
Supported authentication methods:
plain scram-sha-1 external gssapi cram-md5 digest-md5 login ntlm oauthbearer 
IDN support: enabled
NLS: enabled, LOCALEDIR is /usr/share/locale
Keyring support: none
System configuration file name: /etc/msmtprc
User configuration file name: /home/user/.config/msmtp/config

Copyright (C) 2019 Martin Lambers and others.
This is free software.  You may redistribute copies of it under the terms of
the GNU General Public License <http://www.gnu.org/licenses/gpl.html>.
There is NO WARRANTY, to the extent permitted by law.

Here is how i try to do it:

$ printf "$smtp_oauth2_token" > "$fifo"& echo "$mail" | msmtp -v --host=smtp.yandex.com --port=587 --user=user --auth=oauthbearer --passwordeval="cat '$fifo'" --tls=on --tls-starttls=on --tls-certcheck=on --tls-trust-file=/etc/ssl/certs/ca-certificates.crt --tls-priorities=SECURE256:+SECURE128 --from=[email protected] -- [email protected]

using account specified on command line
host = smtp.yandex.com
port = 587
source ip = (not set)
proxy host = (not set)
proxy port = 0
timeout = off
protocol = smtp
domain = localhost
auth = OAUTHBEARER
user = user
password = *
passwordeval = cat '/tmp/tmp.tXaNBRFGDf'
ntlmdomain = (not set)
tls = on
tls_starttls = on
tls_trust_file = /etc/ssl/certs/ca-certificates.crt
tls_crl_file = (not set)
tls_fingerprint = (not set)
tls_key_file = (not set)
tls_cert_file = (not set)
tls_certcheck = on
tls_min_dh_prime_bits = (not set)
tls_priorities = SECURE256:+SECURE128
auto_from = off
maildomain = (not set)
from = [email protected]
add_missing_from_header = on
add_missing_date_header = on
remove_bcc_headers = on
dsn_notify = (not set)
dsn_return = (not set)
logfile = (not set)
logfile_time_format = (not set)
syslog = (not set)
aliases = (not set)
reading recipients from the command line
<-- 220 iva5-057a0d1fbbd8.qloud-c.yandex.net ESMTP (Want to use Yandex.Mail for your domain? Visit http://pdd.yandex.ru)
--> EHLO localhost
<-- 250-iva5-057a0d1fbbd8.qloud-c.yandex.net
<-- 250-8BITMIME
<-- 250-PIPELINING
<-- 250-SIZE 42991616
<-- 250-STARTTLS
<-- 250-AUTH LOGIN PLAIN XOAUTH2
<-- 250-DSN
<-- 250 ENHANCEDSTATUSCODES
--> STARTTLS
<-- 220 Go ahead
TLS session parameters:
    (TLS1.3)-(ECDHE-SECP256R1)-(RSA-PSS-RSAE-SHA256)-(AES-256-GCM)
TLS certificate information:
    Owner:
        Common Name: smtp.yandex.ru
        Organization: Yandex LLC
        Organizational unit: ITO
        Locality: Moscow
        State or Province: Russian Federation
        Country: RU
    Issuer:
        Common Name: Yandex CA
        Organization: Yandex LLC
        Organizational unit: Yandex Certification Authority
        Country: RU
    Validity:
        Activation time: Чт 10 сен 2020 16:10:54
        Expiration time: Чт 11 мар 2021 16:10:54
    Fingerprints:
        SHA256: 67:4C:E7:D6:42:34:3C:3E:88:62:AD:D2:05:08:1E:EB:94:37:25:17:38:59:95:EB:4A:63:70:D9:87:E8:C1:CD
        SHA1 (deprecated): CC:20:A0:CF:F9:0C:D9:44:E1:18:EA:92:A7:81:78:F7:81:D9:2C:A1
--> EHLO localhost
<-- 250-iva5-057a0d1fbbd8.qloud-c.yandex.net
<-- 250-8BITMIME
<-- 250-PIPELINING
<-- 250-SIZE 42991616
<-- 250-AUTH LOGIN PLAIN XOAUTH2
<-- 250-DSN
<-- 250 ENHANCEDSTATUSCODES
msmtp: the server does not support authentication method OAUTHBEARER
msmtp: could not send mail

I get that server does not offer OAUTHBEARER authentication method, but as far as i understand XOAUTH2 and OAUTHBEARER methods are the same, because I have no problem sending mail with similar configuration via curl to this server.

It's a user mistake to run msmtpd --command= (no actual command) but msmtpd could handle it better.

Using %f if no command is set is:

• always wrong (Not binary named after an email address)
• not obvious (Not clear message / notification about the behavior)
• very insecure (Arbitrary command execution out of the box)

Bailing early would be preferable.

I'm receiving the following error when trying to configure msmtp, and hoping someone might be able to shed some light on the problem.

msmtp: cannot get TLS certificate info: error getting SHA256 fingerprint

Full output from -d attached as msmtp -d.txt. Version info attached as msmtp --version.txt.

I am attempting to use msmtp to relay mail via Google's SMTP relay servers. I'm reasonably certain the SMTP relay is working, as other (non-mstmp) mail is getting through. Interestingly, gnutls-cli seems to be able to STARTTLS successfully (see gnutls-cli.txt) so I've also attached gnutls-cli-debug.txt.

I assume it's coming from mtls-gnutls.c#L110:

    /* certificate information */
    size = 32;
    if (gnutls_x509_crt_get_fingerprint(cert, GNUTLS_DIG_SHA256,
                tci->sha256_fingerprint, &size) != 0)
    {
        *errstr = xasprintf(_("%s: error getting SHA256 fingerprint"), errmsg);
        gnutls_x509_crt_deinit(cert);
        return TLS_ECERT;
    }

I have found an identical report from macports which suggests its something happening on BSD. According to gnutls_x509_crt_get_fingerprint() that may mean the buffer isn't big enough? I haven't gone digging through that source code yet to see if that's the only error code that might be returned. I can't see what error code is being returned exactly as msmtp is returning 69 which doesn't look like a valid gnutls code.

Compile error is
make[2]: Entering directory '/home/laudas/src/msmtp/build/po'
*** error: gettext infrastructure mismatch: using a Makefile.in.in from gettext version 0.19 but the autoconf macros are from gettext version 0.20
Makefile:188: recipe for target 'stamp-po' failed

 Changing the macro in "po/Makefile.in.in" to 0.20

 # Origin: gettext-0.19.8
  GETTEXT_MACRO_VERSION = 0.20

Fixs the problem, I can send mail !!

Lachlan

Hello,

I don't know where else to ask for help with an issue that I'm having with msmtp. Basically, for some reason I get a permission error when using passwordeval. I've opened a question on SO, tried lots of things, but got no answer/result so far. Can you please help me or point me towards someone who might be able to help? Thank you in advance.

Hi, I'm trying to set up cron to use msmtp for emails, and getting a similar error to #31, where the set_from_header isn't overriding cron's from address (which is just "root").

May 19 05:50:53 host=smtp.fastmail.com tls=on auth=on user=[email protected] from=root recipients=[email protected] smtpstatus=504 smtpmsg='504 5.5.2 : Sender address rejected: need fully-qualified address' errormsg='recipient address [email protected] not accepted by the server' exitcode=EX_DATAERR
(notice the from=root)

My /etc/msmtprc looks like this:

defaults
auth           on
tls            on
tls_trust_file /etc/ssl/certs/ca-certificates.crt
logfile        /var/log/msmtp.log
set_from_header on

# fastmail
account        fastmail
host           smtp.fastmail.com
port           587
from           [email protected]
user           [email protected]
password       ...


# Set a default account
account default : fastmail

Just to make sure I understand the option right, if set_from_header is set to "on", the "from" in the config should override the "from" address in this command? Right?

echo -e 'subject:test\n\nhello' | sudo sendmail [email protected] --from root

As says the README, for msmtpq: all config is done within the msmtpq script.

While this may be normal for a script, this is aberrant for something that is supposed to be distributed. Even though this script doesn't change that often, it's cumbersome having to watch for changes instead of letting the package manager do the work.

I may submit a PR in the near future since that doesn't seem to be that much work.

Hello,

I'm the maintainer of the package msmtp for the KISS linux distribution. As you recommend it, msmtp is built with gnutls.

libressl is in the official repositories of the distribution and I would like to know your opinion about using libressl instead of gnutls. I have built msmtp with libressl and it builds fine. But it's recognized as openssl. From the website I know the support of openssl could be dropped and probably by the way the support for libressl.

Is it better to keep gnutls or is libressl also a good choice ?

I've been trying to setup msmtp to automatically rewrite the from headers for my cron emails. I put set_from_header on in my config file per the documentation but it seems like sendmail is ignoring that.

This the log output. As you can see the from header is different than the one in the config file.

Sep 26 09:51:02 host=smtp.purelymail.com tls=on auth=on [email protected] from=mhmd recipients=[REDACTED] smtpstatus=530 smtpmsg='530 5.7.1 You ([email protected]) are not authorized to send mail as [email protected]' errormsg='envelope from address mhmd not accepted by the server' exitcode=EX_DATAERR

This is my config:

account status
host    smtp.purelymail.com
port    587
from    [email protected]
user    [email protected]
password password
tls on
auth on
set_from_header on
logfile ~/.cache/msmtp.log
tls_trust_file /etc/ssl/certs/ca-certificates.crt

aliases /etc/aliases
account default : status

1.8.8 will not remove queued messages after sending them, causing future sends to simply resend them.

Downgrading to 1.8.7 (and otherwise keeping everything the same) fixes the problem.

6443   │ 2020 22 Apr 17:14:56 : mail [ 7 ] [ 2020-04-22-13.18.24 ] from queue ; send was successful ; purged from queue
6444   │ 2020 22 Apr 17:14:59 : mail [ 8 ] [ 2020-04-22-13.29.35 ] from queue ; send was successful ; purged from queue
6445   │ 2020 22 Apr 17:15:01 : mail [ 9 ] [ 2020-04-22-14.05.29 ] from queue ; send was successful ; purged from queue
6446   │ 2020 22 Apr 17:15:03 : mail [ 10 ] [ 2020-04-22-15.45.52 ] from queue ; send was successful ; purged from queue
6447   │ 2020 22 Apr 17:15:06 : mail [ 11 ] [ 2020-04-22-15.47.21 ] from queue ; send was successful ; purged from queue
6448   │ 2020 22 Apr 17:15:08 : mail [ 12 ] [ 2020-04-22-15.48.30 ] from queue ; send was successful ; purged from queue
6449   │ 2020 22 Apr 17:15:10 : mail [ 13 ] [ 2020-04-22-16.24.12 ] from queue ; send was successful ; purged from queue
6450   │ 2020 22 Apr 17:15:12 : mail [ 14 ] [ 2020-04-22-17.11.39 ] from queue ; send was successful ; purged from queue
6451   │ 2020 22 Apr 17:15:14 : mail [ 15 ] [ 2020-04-22-17.14.38 ] from queue ; send was successful ; purged from queue
6452   │ 2020 22 Apr 17:16:46 : mail [ 1 ] [ 2020-04-22-11.50.32 ] from queue ; send was successful ; purged from queue
6453   │ 2020 22 Apr 17:16:48 : mail [ 2 ] [ 2020-04-22-11.52.07 ] from queue ; send was successful ; purged from queue
6454   │ 2020 22 Apr 17:16:50 : mail [ 3 ] [ 2020-04-22-12.23.14 ] from queue ; send was successful ; purged from queue
6455   │ 2020 22 Apr 17:16:52 : mail [ 4 ] [ 2020-04-22-12.24.58 ] from queue ; send was successful ; purged from queue
6456   │ 2020 22 Apr 17:16:55 : mail [ 5 ] [ 2020-04-22-12.53.27 ] from queue ; send was successful ; purged from queue
6457   │ 2020 22 Apr 17:16:57 : mail [ 6 ] [ 2020-04-22-12.55.31 ] from queue ; send was successful ; purged from queue
6458   │ 2020 22 Apr 17:16:59 : mail [ 7 ] [ 2020-04-22-13.18.24 ] from queue ; send was successful ; purged from queue
6459   │ 2020 22 Apr 17:17:02 : mail [ 8 ] [ 2020-04-22-13.29.35 ] from queue ; send was successful ; purged from queue
6460   │ 2020 22 Apr 17:17:04 : mail [ 9 ] [ 2020-04-22-14.05.29 ] from queue ; send was successful ; purged from queue
6461   │ 2020 22 Apr 17:17:06 : mail [ 10 ] [ 2020-04-22-15.45.52 ] from queue ; send was successful ; purged from queue
6462   │ 2020 22 Apr 17:17:08 : mail [ 11 ] [ 2020-04-22-15.47.21 ] from queue ; send was successful ; purged from queue
6463   │ 2020 22 Apr 17:17:10 : mail [ 12 ] [ 2020-04-22-15.48.30 ] from queue ; send was successful ; purged from queue
6464   │ 2020 22 Apr 17:17:13 : mail [ 13 ] [ 2020-04-22-16.24.12 ] from queue ; send was successful ; purged from queue
6465   │ 2020 22 Apr 17:17:15 : mail [ 14 ] [ 2020-04-22-17.11.39 ] from queue ; send was successful ; purged from queue
6466   │ 2020 22 Apr 17:17:17 : mail [ 15 ] [ 2020-04-22-17.14.38 ] from queue ; send was successful ; purged from queue
6467   │ 2020 22 Apr 17:27:43 : mail [ 1 ] [ 2020-04-22-11.50.32 ] from queue ; send was successful ; purged from queue
6468   │ 2020 22 Apr 17:27:45 : mail [ 2 ] [ 2020-04-22-11.52.07 ] from queue ; send was successful ; purged from queue
6469   │ 2020 22 Apr 17:27:48 : mail [ 3 ] [ 2020-04-22-12.23.14 ] from queue ; send was successful ; purged from queue
6470   │ 2020 22 Apr 17:27:50 : mail [ 4 ] [ 2020-04-22-12.24.58 ] from queue ; send was successful ; purged from queue
6471   │ 2020 22 Apr 17:27:53 : mail [ 5 ] [ 2020-04-22-12.53.27 ] from queue ; send was successful ; purged from queue
6472   │ 2020 22 Apr 17:27:55 : mail [ 6 ] [ 2020-04-22-12.55.31 ] from queue ; send was successful ; purged from queue
6473   │ 2020 22 Apr 17:27:57 : mail [ 7 ] [ 2020-04-22-13.18.24 ] from queue ; send was successful ; purged from queue
6474   │ 2020 22 Apr 17:27:59 : mail [ 8 ] [ 2020-04-22-13.29.35 ] from queue ; send was successful ; purged from queue
6475   │ 2020 22 Apr 17:28:01 : mail [ 9 ] [ 2020-04-22-14.05.29 ] from queue ; send was successful ; purged from queue

Reference: NixOS/nixpkgs#85846

CRAM-MD5 to Historic:

• https://tools.ietf.org/html/draft-ietf-sasl-crammd5-to-historic-00 // 20 November 2008
• https://tools.ietf.org/html/draft-zeilenga-luis140219-crammd5-to-historic-00 // June 29, 2017

RFC6331: Moving DIGEST-MD5 to Historic:

• https://tools.ietf.org/html/rfc6331 since July 2011

RFC 8600:
"When using the SASL SCRAM mechanism, the SCRAM-SHA-256-PLUS variant SHOULD be preferred over the SCRAM-SHA-256 variant, and SHA-256 variants [RFC7677] SHOULD be preferred over SHA-1 variants [RFC5802]".

SCRAM-SHA-1(-PLUS):

• RFC5802: Salted Challenge Response Authentication Mechanism (SCRAM) SASL and GSS-API Mechanisms: https://tools.ietf.org/html/rfc5802
• RFC6120: Extensible Messaging and Presence Protocol (XMPP): Core: https://tools.ietf.org/html/rfc6120

SCRAM-SHA-256(-PLUS):

• RFC7677: SCRAM-SHA-256 and SCRAM-SHA-256-PLUS Simple Authentication and Security Layer (SASL) Mechanisms: https://tools.ietf.org/html/rfc7677 - since 2015-11-02
• RFC8600: Using Extensible Messaging and Presence Protocol (XMPP) for Security Information Exchange: https://tools.ietf.org/html/rfc8600 - since 2019-06-21: https://mailarchive.ietf.org/arch/msg/ietf-announce/suJMmeMhuAOmGn_PJYgX5Vm8lNA

SCRAM-SHA-512(-PLUS):

• https://tools.ietf.org/html/draft-melnikov-scram-sha-512

SCRAM-SHA3-512(-PLUS):

• https://tools.ietf.org/html/draft-melnikov-scram-sha3-512

-PLUS variants:

• RFC5056: On the Use of Channel Bindings to Secure Channels: https://tools.ietf.org/html/rfc5056
• RFC5929: Channel Bindings for TLS: https://tools.ietf.org/html/rfc5929
• Channel-Binding Types: https://www.iana.org/assignments/channel-binding-types/channel-binding-types.xhtml
• RFC 9266: Channel Bindings for TLS 1.3: https://tools.ietf.org/html/rfc9266

LDAP:

• RFC5803: Lightweight Directory Access Protocol (LDAP) Schema for Storing Salted: Challenge Response Authentication Mechanism (SCRAM) Secrets: https://tools.ietf.org/html/rfc5803

HTTP:

• RFC7804: Salted Challenge Response HTTP Authentication Mechanism: https://tools.ietf.org/html/rfc7804

2FA:

• Extensions to Salted Challenge Response (SCRAM) for 2 factor authentication: https://tools.ietf.org/html/draft-melnikov-scram-2fa

IANA:

• Simple Authentication and Security Layer (SASL) Mechanisms: https://www.iana.org/assignments/sasl-mechanisms/sasl-mechanisms.xhtml

Note, after SCRAM-SHA-1(-PLUS):

• GNU SASL (gsasl) supports SCRAM-SHA-256(-PLUS) since 1.9.1: http://git.savannah.gnu.org/gitweb/?p=gsasl.git;a=blob;f=NEWS;hb=HEAD
• Dovecot supports SCRAM-SHA-256(-PLUS) since 2.3.10: https://doc.dovecot.org/configuration_manual/authentication/authentication_mechanisms/
• Cyrus SASL/IMAP supports SCRAM-SHA-256(-PLUS) and more since 2.1.27: https://www.cyrusimap.org/sasl/sasl/authentication_mechanisms.html
• ...

Linked to:

• scram-sasl/info#1
• marlam/mpop#6

When trying to process message with

MAIL FROM:<bounce-debian-security-announce=mylocalpart=my=domain@lists.debian.org>

in msmptd 1.8.17 an error is fired

501 Invalid address

Such addresses are used i.e. in Debian mailinglists (example [email protected] subscriber).

According to

(*) https://en.wikipedia.org/wiki/Email_address#Syntax

= character is allowed in message localpart.

msmtpd should:

(1) allow any valid character (*) as in

https://github.com/marlam/msmtp-mirror/blob/master/src/msmtpd.c#L175

(2) allow user to disable address verification if user wants to process messages even with broken addresses.

How can this library be compile for Windows?

I tried using gcc-mingw-w64 but there are some extra deps needed when compiling on linux.

I also tried to search for precompiled files, but the latest I found is https://sourceforge.net/projects/msmtp/files/msmtp/1.6.2/msmtp-1.6.2-w32.zip/download which is very old.

Thanks in advance.

Hi first of all great project :)

I currently have an Issue which prevents me from sending any mails.
It is the case that my SMTP Server only allows authentication once starttls has been done and announces as such.
This results in msmtp failing after its initial EHLO with the message sendmail: the server does not support authentication.

I have verified that my server does announce its 250-AUTH PLAIN capability if EHLO once starttls has been correctly performed. Although I don't know if it is following the SMTP standard to do EHLO after something else, changing the program as to do authentication capability checking only after starttls has been performed would make this usable for me.

Verbose msmtp log:

echo "Subject: test" | sudo sendmail -v root
loaded system configuration file /etc/msmtprc
ignoring user configuration file /root/.msmtprc: No such file or directory
falling back to default account
using account default from /etc/msmtprc
host = mail.finn-thorben.me
port = 587
source ip = (not set)
proxy host = (not set)
proxy port = 0
socket = (not set)
timeout = off
protocol = smtp
domain = finnsLaptop.local
auth = PLAIN
user = [email protected]
password = *
passwordeval = (not set)
ntlmdomain = (not set)
tls = off
tls_starttls = on
tls_trust_file = system
tls_crl_file = (not set)
tls_fingerprint = (not set)
tls_key_file = (not set)
tls_cert_file = (not set)
tls_certcheck = on
tls_min_dh_prime_bits = (not set)
tls_priorities = (not set)
tls_host_override = (not set)
auto_from = off
maildomain = (not set)
from = root@finnsLaptop
set_from_header = auto
set_date_header = auto
remove_bcc_headers = on
dsn_notify = (not set)
dsn_return = (not set)
logfile = (not set)
logfile_time_format = (not set)
syslog = LOG_MAIL
aliases = (not set)
reading recipients from the command line
<-- 220 mail.finn-thorben.me ESMTP Postfix (Debian/GNU)
--> EHLO finnsLaptop.local
<-- 250-mail.finn-thorben.me
<-- 250-PIPELINING
<-- 250-SIZE 10240000
<-- 250-VRFY
<-- 250-ETRN
<-- 250-STARTTLS
<-- 250-ENHANCEDSTATUSCODES
<-- 250-8BITMIME
<-- 250-DSN
<-- 250-SMTPUTF8
<-- 250 CHUNKING
--> QUIT
<-- 221 2.0.0 Bye
sendmail: the server does not support authentication
sendmail: could not send mail (account default from /etc/msmtprc)