set up sSMTP on Fedora 20

asked 2015-07-23 16:57:46 -0500

wolfv gravatar image

updated 2015-07-24 03:59:58 -0500

I am trying to set up sSMTP on Fedora20 so cron can send me emails. I looked at many sSMTP tutorials, but their ssmtp.conf field names are all a little bit different, and the field names are not explained. So I made my best guess, and of course it didn't work.

My ssmtp.conf file, SELinux Alert SETtroubleshoot Details Window, and Systemd log are posted below. What needs to be done to make sSMTP work?

/etc/ssmtp/ssmtp.conf:

    # 
    # /etc/ssmtp.conf -- a config file for sSMTP sendmail. 
    # 
    # See the ssmtp.conf(5) man page for a more verbose explanation of the 
    # available options. 
    # 
    # The person who gets all mail for userids < 1000 
    # Make this empty to disable rewriting. 
    root=redact@gmail.com 

    # The place where the mail goes. The actual machine name is required 
    # no MX records are consulted. Commonly mailhosts are named mail.domain.com 
    # The example will fit if you are in domain.com and your mailhub is so named. 
    mailhub=smtp.gmail.com:587  

    # Example for SMTP port number 2525 
    # mailhub=mail.your.domain:2525 
    # Example for SMTP port number 25 (Standard/RFC) 
    # mailhub=mail.your.domain         
    # Example for SSL encrypted connection 
    # mailhub=mail.your.domain:465 

    # Where will the mail seem to come from? 
    RewriteDomain=gmail.com 

    # The full hostname 
    Hostname=redact@gmail.com 

    # Set this to never rewrite the "From:" line (unless not given) and to 
    # use that address in the "from line" of the envelope. 
    FromLineOverride=YES 

    # Use SSL/TLS to send secure messages to server. 
    UseTLS=YES 
    #IMPORTANT: The following line is mandatory for TLS authentication 
    TLS_CA_File=/etc/pki/tls/certs/ca-bundle.crt 

    # Use SSL/TLS certificate to authenticate against smtp host. 
    #UseTLSCert=YES 

    # Use this RSA certificate. 
    #TLSCert=/etc/pki/tls/private/ssmtp.pem 

    # Get enhanced (*really* enhanced) debugging information in the logs 
    # If you want to have debugging of the config file parsing, move this option 
    # to the top of the config file and uncomment 
    #Debug=YES

SETtroubleshoot Details Window:

SELinux is preventing esmtp from read access on the file /root/.esmtp_queue/TmUCPO9J/mail.

*****  Plugin restorecon (99.5 confidence) suggests   ************************

If you want to fix the label. 
/root/.esmtp_queue/TmUCPO9J/mail default label should be mail_home_rw_t.
Then you can run restorecon.
Do
# /sbin/restorecon -v /root/.esmtp_queue/TmUCPO9J/mail

*****  Plugin catchall (1.49 confidence) suggests   **************************

If you believe that esmtp should be allowed read access on the mail file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep esmtp /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context                system_u:system_r:system_mail_t:s0-s0:c0.c1023
Target Context                system_u:object_r:admin_home_t:s0
Target Objects                /root/.esmtp_queue/TmUCPO9J/mail [ file ]
Source                        esmtp
Source Path                   esmtp
Port                          <Unknown>
Host                          localhost.localdomain
Source RPM Packages           
Target RPM Packages           
Policy RPM                    selinux-policy-3.13.1-128.4.fc22.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing ...
(more)
edit retag flag offensive close merge delete

Comments

Welcome to ask.fedora, and thank you for providing the appropriate information. My suggestion is to follow the instructions for generating a local policy module and see what happens. Then, you can create a bug report that tells the maintainers if that helped or not. Keep us informed!

sideburns gravatar imagesideburns ( 2015-07-23 17:20:20 -0500 )edit

Why send mail to root instead of an unprivileged user?

NuuN gravatar imageNuuN ( 2015-07-23 19:56:09 -0500 )edit

Nuun, I send mail to root because I don't know any better, I was just following the tutorial examples. How to send mail to unprivileged user?

wolfv gravatar imagewolfv ( 2015-07-23 20:56:23 -0500 )edit

I attempted to generate local policy module as sideburns suggested, but was denied permission:

$ sudo grep esmtp /var/log/audit/audit.log | audit2allow -M mypol
[sudo] password for wolfv:
could not write output file: [Errno 13] Permission denied: 'mypol.te'
wolfv gravatar imagewolfv ( 2015-07-23 22:03:28 -0500 )edit

I try to send an email and then view the journalctl log. The error message is appended to the original post above (it's too long to post here).

wolfv gravatar imagewolfv ( 2015-07-23 23:17:59 -0500 )edit