Drop Nullmailer for DragonFly Mail Agent (dma)
Update: In the previous version of this post, the sequence of the
/etc/dma/auth.conf was wrong.
- It seems Nullmailer does not allow changing the sender of sent mails.
- Providing credentials in
/etc/nullmailer/remotesis a security flaw because they can be caught by any user running
However, changing the sender is important. While installing nullmailer on a local system over the weekend, I again got struck by the fact that Posteo would not allow relaying mail from a host that does not have a fully-qualified domain name -- obviously my local Raspberry Pi does not have one.
The solution is to change the sender. Instead of sending mail with a sender like
root@rpi-local, masquerade the sender with an envelope-from. In our case
we can use the Posteo account.
That said, it seems nullmailer cannot do so, see this StackExchange post. In the same post they also talk about the above mentioned security flaw. But there is an easy to use alternative: DragonFly Mail Agent (dma).
So, after removing Nullmailer from the system, install dma and configure it in
/etc/dma/dma.conf like the following:
SMARTHOST posteo.de PORT 587 AUTHPATH /etc/dma/auth.conf SECURETRANSFER STARTTLS MASQUERADE <account>@posteo.de
As you can see, credentials must go to
/etc/dma/auth.conf, which will be read
by dma. (On the contrary, Nullmailer seems to simply execute each line of
/etc/nullmailer/remotes. Consequently users can catch these lines, including
the credentials, by executing
What's left though is forwarding all mail i.e., mail received by any local user
on the system, including
postmaster, and the like, to our account at
Posteo (or any other provider you chose). Since dma reads
can be achieved with the following line: