Using nullmailer with STARTTLS and SMTP-Auth
So far I’ve been using Nullmailer only to relay mail from LAN machines to SMTP servers that accept anything from the internal network, a very easy method to forward system messages from various internal boxes without the need to administrate a full-blown MTA.
For my home box however the relay server is external and so it needs both STARTTLS and SMTP-AUTH on the submission port to accept mail from my dynamic IP. Until now nullmailer did not support STARTTLS or at least I could not find any documentation on it.
Getting things working
With nullmailer 1.10 this has finally changed, the documentation that one
usually looks at (homepage, manpage,
/usr/share/doc/nullmailer/) however is
still lacking so I decided to write down how I got things working.
The key to enable STARTTLS for a remote server in nullmailer is simply to
--starttls to remote configuration which can usually be found in
mail.example.com smtp --port=587 --starttls --user=mailalot --pass=LetMeIn
And that’s actually all there is to it :)
Why does this work
After some more digging it turned out that the
--option parts in the above
configuration file are simply forwarded to
/usr/lib/nullmailer/smtp which is
the binary that handles the actual SMTP dialog. And voila, this binary even has
--help switch which will present you the following:
usage: smtp [flags] remote-address < mail-file Send an email message via SMTP -p, --port=INT Set the port number on the remote host to connect to --user=VALUE Set the user name for authentication --pass=VALUE Set the password for authentication -d, --daemon use syslog exclusively -s, --syslog use syslog additionally --auth-login Use AUTH LOGIN instead of auto-detecting in SMTP --ssl Connect using SSL (on an alternate port by default) --starttls Use STARTTLS command --x509certfile=VALUE Client certificate file --x509cafile=VALUE Certificate authority trust file (Defaults to /etc/ssl/certs/ca-certificates.crt) --x509crlfile=VALUE Certificate revocation list file --x509fmtder X.509 files are in DER format (Defaults to PEM format) --insecure Don`t abort if server certificate fails validation -h, --help Display this help and exit
So after a few minutes of wandering around my box, looking at files and package contents I could finally find out how to replace my local Postfix install (a bit overkill for a home machine) with the more lightweight Nullmailer.