Using nullmailer with STARTTLS and SMTP-Auth

Admin

So far I’ve been using Nullmailer only to relay mail from LAN machines to SMTP servers that accept anything from the internal network, a very easy method to forward system messages from various internal boxes without the need to administrate a full-blown MTA.

For my home box however the relay server is external and so it needs both STARTTLS and SMTP-AUTH on the submission port to accept mail from my dynamic IP. Until now nullmailer did not support STARTTLS or at least I could not find any documentation on it.

Getting things working

With nullmailer 1.10 this has finally changed, the documentation that one usually looks at (homepage, manpage, /usr/share/doc/nullmailer/) however is still lacking so I decided to write down how I got things working.

The key to enable STARTTLS for a remote server in nullmailer is simply to add --starttls to remote configuration which can usually be found in /etc/nullmailer/remotes:

mail.example.com smtp --port=587 --starttls --user=mailalot --pass=LetMeIn

And that’s actually all there is to it :)

Why does this work

After some more digging it turned out that the --option parts in the above configuration file are simply forwarded to /usr/lib/nullmailer/smtp which is the binary that handles the actual SMTP dialog. And voila, this binary even has a --help switch which will present you the following:

usage: smtp [flags] remote-address < mail-file
Send an email message via SMTP
  -p, --port=INT            Set the port number on the remote host to connect to
      --user=VALUE          Set the user name for authentication
      --pass=VALUE          Set the password for authentication
  -d, --daemon              use syslog exclusively
  -s, --syslog              use syslog additionally
      --auth-login          Use AUTH LOGIN instead of auto-detecting in SMTP
      --ssl                 Connect using SSL (on an alternate port by default)
      --starttls            Use STARTTLS command
      --x509certfile=VALUE  Client certificate file
      --x509cafile=VALUE    Certificate authority trust file
                            (Defaults to /etc/ssl/certs/ca-certificates.crt)
      --x509crlfile=VALUE   Certificate revocation list file
      --x509fmtder          X.509 files are in DER format
                            (Defaults to PEM format)
      --insecure            Don`t abort if server certificate fails validation

  -h, --help                Display this help and exit

So after a few minutes of wandering around my box, looking at files and package contents I could finally find out how to replace my local Postfix install (a bit overkill for a home machine) with the more lightweight Nullmailer.