Using nullmailer with STARTTLS and SMTP-Auth
So far I’ve been using Nullmailer only to relay mail from LAN machines to SMTP servers that accept anything from the internal network, a very easy method to forward system messages from various internal boxes without the need to administrate a full-blown MTA.
For my home box however the relay server is external and so it needs both STARTTLS and SMTP-AUTH on the submission port to accept mail from my dynamic IP. Until now nullmailer did not support STARTTLS or at least I could not find any documentation on it.
Getting things working
With nullmailer 1.10 this has finally changed, the documentation that one
usually looks at (homepage, manpage, /usr/share/doc/nullmailer/
) however is
still lacking so I decided to write down how I got things working.
The key to enable STARTTLS for a remote server in nullmailer is simply to
add --starttls
to remote configuration which can usually be found in
/etc/nullmailer/remotes
:
mail.example.com smtp --port=587 --starttls --user=mailalot --pass=LetMeIn
And that’s actually all there is to it :)
Why does this work
After some more digging it turned out that the --option
parts in the above
configuration file are simply forwarded to /usr/lib/nullmailer/smtp
which is
the binary that handles the actual SMTP dialog. And voila, this binary even has
a --help
switch which will present you the following:
usage: smtp [flags] remote-address < mail-file
Send an email message via SMTP
-p, --port=INT Set the port number on the remote host to connect to
--user=VALUE Set the user name for authentication
--pass=VALUE Set the password for authentication
-d, --daemon use syslog exclusively
-s, --syslog use syslog additionally
--auth-login Use AUTH LOGIN instead of auto-detecting in SMTP
--ssl Connect using SSL (on an alternate port by default)
--starttls Use STARTTLS command
--x509certfile=VALUE Client certificate file
--x509cafile=VALUE Certificate authority trust file
(Defaults to /etc/ssl/certs/ca-certificates.crt)
--x509crlfile=VALUE Certificate revocation list file
--x509fmtder X.509 files are in DER format
(Defaults to PEM format)
--insecure Don`t abort if server certificate fails validation
-h, --help Display this help and exit
So after a few minutes of wandering around my box, looking at files and package contents I could finally find out how to replace my local Postfix install (a bit overkill for a home machine) with the more lightweight Nullmailer.