![[Valid RSS]](/valid-rss.png "Validate my RSS feed")
Hello there.
Today, I’m going to write about how to enable websites hosted on your server to successfully send emails with the php mail() function, without having an SMTP server setup on your FreeBSD server. The php mail() function allows you to send emails directly from a php script or any CMS (Content Management System) based on PHP, such as WordPress, Drupal, Joomla, et cetera. The needs of the users on your website(s) such as “forgot password”, “user registration”, “contact form” are -mostly- fulfilled through this function, as well.
Sending emails from our local (web) server to the outside world by PHP (Through CMSs, PHP contact forms and so on) has always been a challenge to setup correctly.
Especially if you use a CMS software like WordPress on your server, you may find yourself grappling with a lot of WordPress modules that claim to do the job. Installing a large number of modules on WordPress installations is something I never recommend for performance, stability and security reasons.
I hope that this method, which I am trying to explain below, will help you solve server-side mail sending problems, without installing any modules or messing any settings up on your PHP.ini and/or your CMS settings.
And for this, we need the “ssmtp” package from FreeBSD packages, and a brand new Gmail account created only for the purpose in subject. Please note that, that e-mail address will be the one that will appear as “From/Sender”, on all e-mails processed through the web server&PHP, from your server to the outside.
First of all, we need to disable sendmail and all its related services/tools. Therefore we begin with disabling sendmail’s “periodic”, adding the following lines to /etc/periodic.conf:
daily_clean_hoststat_enable="NO" daily_status_include_submit_mailq="NO" daily_status_mail_rejects_enable="NO" daily_queuerun_enable="NO" daily_submit_queuerun="NO"
Keep in mind that just disabling periodic isn’t enough, there are also some sendmail services which get automatically started. Let’s continue with the commands in bold;
root@hawking:~ # killall sendmail root@hawking:~ # sysrc sendmail_enable="NO" sendmail_enable: YES -> NO root@hawking:~ # sysrc sendmail_submit_enable="NO" sendmail_submit_enable: YES -> NO root@hawking:~ # sysrc sendmail_outbound_enable="NO" sendmail_outbound_enable: YES -> NO root@hawking:~ # sysrc sendmail_msp_queue_enable="NO" sendmail_msp_queue_enable: YES -> NO root@hawking:~ # sysrc sendmail_cert_create="NO" sendmail_cert_create: YES -> NO
Please note that, those are actually added to /etc/rc.conf file. And it wouldn’t hurt to give it a check; /etc/rc.conf file should contain lines like;
... sendmail_enable="NO" sendmail_submit_enable="NO" sendmail_outbound_enable="NO" sendmail_msp_queue_enable="NO" sendmail_cert_create="NO"
Now let’s install the package (ssmtp) and tighten the security measures;
(installing the package) root@hawking:~ # pkg install -y ssmtp ... (creating a local pseudo-user called 'ssmtp' with no shell access, for the mail transport/ssmtp) root@hawking:~ # pw useradd ssmtp -g nogroup -h - -s /sbin/nologin -d /nonexistent -c "sSMTP pseudo-user" (correcting the permissions) root@hawking:~ # cd /usr/local/etc/ssmtp root@hawking:~ # chown ssmtp:wheel . root@hawking:~ # chmod 4750 . root@hawking:~ # chown ssmtp:nogroup /usr/local/sbin/ssmtp root@hawking:~ # chmod 4555 /usr/local/sbin/ssmtp
Edit the local system mailer configuration file; /etc/mail/mailer.conf replace the lines:
sendmail /usr/libexec/sendmail/sendmail mailq /usr/libexec/sendmail/sendmail newaliases /usr/libexec/sendmail/sendmail hoststat /usr/libexec/sendmail/sendmail purgestat /usr/libexec/sendmail/sendmail with: sendmail /usr/local/sbin/ssmtp -4 -F WebMail -f mypublicmail@gmail.com send-mail /usr/local/sbin/ssmtp -4 -F WebMail -f mypublicmail@gmail.com mailq /usr/local/sbin/ssmtp -4 -F WebMail -f mypublicmail@gmail.com newaliases /usr/local/sbin/ssmtp -4 -F WebMail -f mypublicmail@gmail.com rmail /usr/local/sbin/ssmtp -4 -F WebMail -f mypublicmail@gmail.com hoststat /usr/bin/true purgestat /usr/bin/true
The alias “send-mail” is legacy. Some Mail programs called that, instead of “sendmail”, so it had to be found in the past. But still, I think it wouldn’t hurt to have it there?
The “-4” switch is to use only-IPv4 for communication with the remote mail server (Gmail). IPv6 can sometimes cause confusion and connection problems. The “-F” suffix is the “Full Name” of the sender. And the ‘-f‘ suffix is sender e-mail address (the e-mail account you created and will set up for ssmtp).
By the way, in order to set IPv4 as the default protocol of ssmtp, we better add the following line into /etc/rc.conf:
ssmtp_flags="-4"
Earlier, we changed system’s local mail transport binary from “sendmail” to “ssmtp” there. Now, cd’ing to /usr/local/etc/ssmtp/ folder, we start configuring the ssmtp;
root@hawking:~ # cd /usr/local/etc/ssmtp (creating 'ssmtp.conf' file out of the default sample file) root@hawking:~ # cp ssmtp.conf.sample ssmtp.conf (make sure no one else can read the content of the file; containing your passwords and so on) root@hawking:~ # chown ssmtp:wheel . ssmtp.conf root@hawking:~ # chmod 640 ssmtp.conf
Now edit ssmtp.conf, edit/uncomment the following lines (replace with your own info);
root=mypublicmail@gmail.com mailhub=smtp.gmail.com:587 rewriteDomain=gmail.com hostname=full-hostname-of-your-server.tld FromLineOverride=YES UseSTARTTLS=YES AuthUser=mypublicmail@gmail.com AuthPass=afewfzdffghsdfwegewkgh (That's not your regular Gmail login password, see my note below)
And within the same directory, edit the file ‘revaliases‘, adding;
root:mypublicmail@gmail.com:smtp.gmail.com:587 ssmtp:mypublicmail@gmail.com:smtp.gmail.com:587
We’re done! Please note that, in case of Gmail usage, you’ll need to create App-Specific Passwords in Gmail and use the generated password for the “AuthPass=” line in ssmtp.conf file.
Use the following command to send yourself an email and test the system:
echo "Subject: sendmail test" | sendmail -v you@yourvalidemailaddress.tld
——
Troubleshooting:
Google may block sign-in attempts from some apps or devices/servers that do not use “modern” security standards. To solve this, you’ll need to enable “Allow less secure apps” feature;
1- Sign in to your Gmail
2- Go to the “Less Secure Apps” page: https://myaccount.google.com/lesssecureapps
3- Next to “Allow less secure apps: OFF,” select the toggle switch to turn it ON.
4- Enable 2-step Verification, and then create App-Specific Password.
How to have an App-Specific Password in Gmail? Here’s a great tutorial explaining it:
https://www.lifewire.com/get-a-password-to-access-gmail-by-pop-imap-2-1171882
Thank you for reading and till next time!
Özgür Kazanççı
Twitter: @ozgurkazancci