How to make SSMTP authenticate to Postfix with SSL certificate
I needed a simple mail delivery agent on my local machine to route all mails to my hosted mail server running Postfix.
To prevent open-relaying, in addition to SASL authentication, I maintain a list of IPs and netmasks for all clients who can simply connect and rely mail through it.
Together with 'smtpd_recipient_restrictions' setting this makes the job done:
However, for my local machine being on a dynamic ip, to relay mail, the client should either be using a) auth credentials; or b) have a certificate to authenticate with.
I didn't want to use login/password this time (and bother which account to choose) and decided to configure my local client to auth with SSL certificate.
Here is what I learned after some trial & error.
My choice was between sSMTP and Nullmailer. Nullmailer is a more robust solution as it runs as a daemon and continuously relies mail, being able to handle network and remote errors for a re-delivery. As a purist, though, I didn't want to add another extra process continuously running on my machine, so I decided in favour of a more simple sSMTP.
and create '/etc/postfix/relay_clientcerts' with in a format of: (certificate hash^Tab^Anytext)
Don't forget to execute 'postmap relay_clientcerts' and 'service postfix reload' to reload new config settings.
Now sending mail from command line rocks! =)
$ mail -s lalala vz@d........com
Oct 16 00:13:59 laptop sSMTP: Creating SSL connection to host
Oct 16 00:13:59 laptop sSMTP: SSL connection using ECDHE-RSA-AES256-GCM-SHA384
Oct 16 00:14:01 laptop sSMTP: Sent mail for vz@divide*verflow.com (221 2.0.0 Bye) uid=1000 username=vz outbytes=492