Packetwatch.net

Email notifications using Msmtp (TLS) in pfSense



Last modified: Sept. 12, 2012

Contents
1 - Summary
2 - Dependencies
3 - Compiling msmtp
4 - Copy in msmtp related binaries
5 - Msmtp configuration
6 - Example shell script


1 - Summary

This guide will show you how to compile msmtp with TLS/SSL capabilities and
copy the necessary files to a pfSense machine and then use it to send emails.
Msmtp is an SMTP client used to send email. This has been tested in pfSense
2.0.1 i386.


2 - Dependencies

Log into the pfSense website. Navigate to the System menu, then click on
Advanced. Click on the box next to Enable Secure Shell. Click on Save at the
bottom of the page.

Enable Secure Shell
3 - Compiling msmtp We will need to compile msmtp on another machine running FreeBSD 8.1 i386. Add the following to .cshrc. setenv PACKAGESITE ftp://ftp-archive.freebsd.org/pub/FreeBSD-Archive/ports/`uname -m`/\ packages-8.1-release/Latest/ # cd ~ # vi .cshrc # sudo portsnap fetch extract Password: # sudo pkg_add -r ca_root_nss Password: # sudo pkg_add -r openssl Password: # sudo cp /usr/local/openssl/openssl.cnf.sample /usr/local/openssl/openssl.cnf Password: # cd /usr/ports/devel/pkgconf/ # sudo make Password: # sudo make install Password: # sudo make clean Password: # cd /usr/ports/dns/libidn/ # sudo make Password: # sudo make install Password: # sudo make clean Password: # cd /usr/ports/mail/msmtp/ Select only OPENSSL and IDN. # sudo make config Password: # sudo make Password: # sudo make install Password: # sudo make clean Password: # cd ~ # pkg_info -L msmtp-* | grep bin /usr/local/bin/msmtp # /usr/local/bin/msmtp --version | grep msmtprc System configuration file name: /usr/local/etc/msmtprc User configuration file name: /root/.msmtprc # sudo pkg_add -r wget Password: # pkg_info -L wget-* | grep bin /usr/local/bin/wget # cd /usr/local/etc/ # /usr/local/bin/wget --no-check-certificate https://raw.github.com/bagder/curl/\ master/lib/mk-ca-bundle.pl # sudo chown root:wheel mk-ca-bundle.pl Password: # sudo pkg_add -r p5-LWPx-ParanoidAgent Password: # perl mk-ca-bundle.pl # ldd /usr/local/bin/msmtp /usr/local/bin/msmtp: libssl.so.7 => /usr/local/lib/libssl.so.7 (0x280a1000) libidn.so.17 => /usr/local/lib/libidn.so.17 (0x280ef000) libc.so.7 => /lib/libc.so.7 (0x28120000) libcrypto.so.7 => /usr/local/lib/libcrypto.so.7 (0x2823a000) libintl.so.9 => /usr/local/lib/libintl.so.9 (0x2839c000) libiconv.so.3 => /usr/local/lib/libiconv.so.3 (0x283a5000) # cd ~ # mkdir msmtp-tls # cp /usr/local/bin/msmtp msmtp-tls/ # cp /usr/local/etc/ca-bundle.crt msmtp-tls/ # cp /usr/local/lib/libssl.so.7 msmtp-tls/ # cp /usr/local/lib/libidn.so.17 msmtp-tls/ # cp /lib/libc.so.7 msmtp-tls/ # cp /usr/local/lib/libcrypto.so.7 msmtp-tls/ # cp /usr/local/lib/libintl.so.9 msmtp-tls/ # cp /usr/local/lib/libiconv.so.3 msmtp-tls/ # tar -czf msmtp-tls.tar.gz msmtp-tls/ # rm -fr msmtp-tls/ 4 - Copy in msmtp related binaries Upload the msmtp-tls file via sftp not using the admin account and then SSH in as the admin user and select option 8 to get to the shell. # cd /home/testuser/ # tar -zxvf msmtp-tls.tar.gz # cd msmtp-tls/ # chown root:wheel * # chmod 555 msmtp # chmod 644 ca-bundle.crt # chmod 755 libssl.so.7 # chmod 755 libcrypto.so.7 # chmod 755 libintl.so.9 # cp msmtp /usr/local/bin/ # cp ca-bundle.crt /usr/local/etc/ # cp libssl.so.7 /usr/local/lib/ # cp libcrypto.so.7 /usr/local/lib/ # cp libintl.so.9 /usr/local/lib/ # cd .. # rm -fr msmtp-tls/ # rm -f msmtp-tls.tar.gz # cd ~ 5 - Msmtp configuration Find where the configuration file should be put. # /usr/local/bin/msmtp --version | grep msmtprc System configuration file name: /usr/local/etc/msmtprc User configuration file name: /root/.msmtprc You can create your own configuration file. Here is an example that uses a Gmail account which utilizes TLS. account default host smtp.googlemail.com port 587 from testuser@gmail.com tls on tls_starttls on tls_trust_file /usr/local/etc/ca-bundle.crt auth on user testuser@gmail.com password ********** syslog LOG_MAIL # touch /usr/local/etc/msmtprc # chmod 600 /usr/local/etc/msmtprc # vi /usr/local/etc/msmtprc 6 - Example shell script Here is an example shell script that sends an email. #!/bin/sh hostname=/bin/hostname host=`$hostname -s` date=/bin/date current_day=`$date +%m/%d/%y` current_time=`$date +%H:%M:%S` printf=/usr/bin/printf from="testuser@gmail.com" recipient="testuser@test.com" #recipient="testuser1@test.com,testuser2@test.com" msmtp=/usr/local/bin/msmtp msmtp_config=/usr/local/etc/msmtprc body="This is a test." subject="Test sent from $host [$current_day $current_time]" $printf "From: $from\nTo: $recipient\nSubject: $subject\n\n$body" | $msmtp --file=$msmtp_config -t exit 0

Last modified: Thu Jan 1 00:00:00 1970 UTC
Packetwatch Research 2002-2017.