# mail, metamail, gpg, openssl, sendmail, fetchmail, etc AS MAIL CLIENT



## hruodr (Mar 11, 2021)

This thread is dedicated to simple command line tools as mail client for normal desktop users, in order
to show that FreeBSD has a past and a future as desktop system.

My contribution is to configure `sendmail` as smart host, in order that one can use normal `mail` to send mails. Perhaps someone can follow with `fetchmail`?

I will configure `sendmail` with gmail, but better you use other provider. I am not an expert, hence, corrections and
improvements are welcome. I hope, I will not offend those that want to mutilate FreeBSD MTA support to their needs.
I just want to show how easy is to configure `sendmail`.

Sendmail does not support OAuth, you need to enable less secure apps in your gmail account.
Google will disable them after a while if you do not use them. For that, login into https://www.google.com and
visit: https://myaccount.google.com/lesssecureapps

Now, the configuration of `sendmail`.

We need sendmail compiled with cyrussasl support. Do first:

# pkg install cyrus-sasl

Then recompile `sendmail` according to item 4 in:

https://docs.freebsd.org/en_US.ISO8859-1/books/handbook/SMTP-Auth.html

namely:

# cat > /etc/make.conf
SENDMAIL_CFLAGS=-I/usr/local/include/sasl -DSASL
SENDMAIL_LDADD=/usr/local/lib/libsasl2.so
^D
# cd /usr/src/lib/libsmutil
# make cleandir && make obj && make
# cd /usr/src/lib/libsm
# make cleandir && make obj && make
# cd /usr/src/usr.sbin/sendmail
# make cleandir && make obj && make && make install

In this text, _myhostname_ is to be always replaced by the output
of `hostname -f`. Put it also in /etc/hosts as something like:

127.0.0.1       localhost _myhostname_
::1                  localhost _myhostname_

New /etc/mail/freebsd.mc as follows, back up the old:


```
VERSIONID(`2021-03-11 sendmail as client on FreeBSD 11.4')
OSTYPE(freebsd6)
DOMAIN(generic)
dnl
FEATURE(`use_cw_file')dnl            * requires /etc/mail/local-host-names
FEATURE(genericstable, `hash -o /etc/mail/genericstable')dnl
GENERICS_DOMAIN(`myhostname')dnl     **1 myhostname = `hostname -f`
FEATURE(`masquerade_envelope')dnl
FEATURE(`local_no_masquerade')dnl
FEATURE(authinfo,`hash /etc/mail/auth/client')dnl
FEATURE(`no_default_msa')dnl
dnl
dnl CLIENT_OPTIONS(`Family=inet6, Address=::')dnl
CLIENT_OPTIONS(`Family=inet, Address=0.0.0.0')dnl
define(`CERT_DIR',         `/etc/mail/certs')dnl  * Certs must be created
define(`confCACERT_PATH',  `CERT_DIR')dnl
define(`confCACERT',       `CERT_DIR/cacert.pem')dnl
define(`confCLIENT_CERT',  `CERT_DIR/host.cert')dnl
define(`confCLIENT_KEY',   `CERT_DIR/host.key')dnl
define(`confDH_PARAMETERS',`CERT_DIR/dh.param')dnl
dnl
define(`SMART_HOST', `smtp:smtp.gmail.com')dnl    **2 mail provider
define(`RELAY_MAILER_ARGS', `TCP $h 465')dnl      **3 port like 587, 465
define(`ESMTP_MAILER_ARGS', `TCP $h 465')dnl      **3
define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl
define(`confAUTH_OPTIONS', `A p y')dnl
dnl
MAILER(local)
MAILER(smtp)
```

**1: _myhostname_ must be substituted with the output of `hostname -f`.
**2: "smtp.gmail.com" must be the smtp server
**3: here goes the port of the smtp server using tls / starttls.

This configuration needs that the following files be created:

(1) /etc/mail/local-host-names
     It contains the domains considered local in separated lines, here:

     localhost
_myhostname_

     where _myhostname_ is the output of `hostname -f`

(2) /etc/mail/genericstable
    It contains a mapping from local email addresses to the ones passed
    to the smtp server in "From header" and envelope, here the only line:

    @myhostname mygooglename@gmail.com

    where myhostname is the output of `hostname -f`

(3) Do first "`mkdir /etc/mail/auth`".
 /etc/mail/auth/client contains the name of the smtp server, your
    username there and password there, here:

    AuthInfo:smtp.gmail.com "U:mygooglename@gmail.com" "P:mygooglepass"

After creating the files do:

# cd /etc/mail
# makemap hash genericatable < genericstable
# chmod 700 /etc/mail/auth
# cd /etc/mail/auth
# makemap hash client < client
# chmod 600 client client.db
# cd ..

(after any change of genericstable or auth/client run the corresponding makemap that generates .db files)

After every configuration, do the following in /etc/mail to make it active:

# rm _myhostname_.mc _myhostname_.cf     (myhostname is output of `hostname -f`)
# make cf
# make install
# make restart

Then test sending a mail with:

# mail emailaddress

or verbose:

# mail -v emailaddress

--

Sources:

(1) In /usr/share/sendmail/cf/README :
     "SMTP AUTHENTICATION ->
      Providing SMTP AUTH Data when sendmail acts as Client"

(2) http://www.sendmail.org/~ca/email/auth.html#authconf

(3) /usr/share/doc/smm/08.sendmailop/paper.ascii.gz
    Page 66, AuthOptions

(4) https://docs.oracle.com/cd/E37670_01/E41138/html/ch15s06.html


----------



## a6h (Mar 12, 2021)

Nice tutorial. Thank you very much, and I ^C/^V-ed it in my personal email setting notes, for future reference.



hruodr said:


> Sendmail does not support OAuth, you need to enable less secure apps in your gmail account.


I'm personally not against that, i.e. using less secure/setting. Choose a very long password, even if it's _isupper()_-only!
I still have few Google accounts. Using them for SEO/Console stuff (I know how it may sounds!). I'm not against using
extra security layer. Cookies are blocked in my thunderbird, and I have to enable it every time, when I have to add some
temporary Google accounts (testing, from clients). Frankly, I think if somebody want to get you, they eventually will do.

Summary/Conclusion: I'm completely fine with enabling "Google Less Secure app" option.


----------



## SirDice (Mar 12, 2021)

I'm wondering why you don't simply use the port/package mail/sendmail. SASL is turned on by default:

```
SASL=on: SASL authentication support
     SASLAUTHD=on: SASLAUTHD support
```


----------



## hruodr (Mar 12, 2021)

SirDice said:


> I'm wondering why you don't simply use the port/package mail/sendmail. SASL is turned on by default:


I also wonder also, but better to use the one in base, no MTA inflation.

Note that I do not use and do not want to use saslauthd, also not in a server. No idea if its
configuration will make me problems.

Many problems that arise configuring `sendmail` comes from the way freebsd offers it.
Beginning with the strange make-file mechanism. To offer template configuration files would 
be a good idea.

I think, authentication belongs to every modern MTA, sendmail uses cyrus-sasl, and hence the last
should also be in base.

Could this also be done with a simpler mailer? Sure, but note that `sendmail` offers 
many possibilities of fine tuning also for this simple task, through m4 macros, not editing 
cf files directly.


----------



## zirias@ (Mar 12, 2021)

hruodr said:


> I also wonder also, but better to use the one in base, no MTA inflation.


That's another problem with things being in base: no easy way to set build-time options.


hruodr said:


> Many problems that arise configuring `sendmail` comes from the way freebsd offers it.
> Beginning with the strange make-file mechanism.


As sendmail config needs to be processed with m4, at least if you want to keep your sanity, this is a typical job for a tool like `make` to atomate.


hruodr said:


> I think, authentication belongs to every modern MTA, sendmail uses cyrus-sasl, and hence the last
> should also be in base.


FreeBSD is a general purpose OS, not some kind of "mail appliance".


----------



## hruodr (Mar 12, 2021)

Zirias said:


> FreeBSD is a general purpose OS, not some kind of "mail appliance".


An MTA (sendmail) was always there. OpenBSD is also a general purpose OS and has a http server in base.

What makes comfortable to use *BSD is, that these "simple" programs are at hand, that one knows them,
that one is used to them, that one does not waste time. That *is* a value. I am not against improvement,
but against unnecessary changes.

But the the is here what is in the title.


----------



## SirDice (Mar 12, 2021)

Having it in the base also makes it rather cumbersome to update to a newer version, as that would require an OS update (or even an upgrade if the version changes). Having it available as a port means you can more easily update and configure it.


----------



## hruodr (Mar 12, 2021)

SirDice said:


> Having it in the base also makes it rather cumbersome to update to a newer version


That is true (and can be applied to a lot of other things, including `vi` and `ls`). 
Note that `sendmail` developes slowly, perhaps slower than FreeBSD.

Having things in base has also an advantage, things in base are tuned to work together. And that was my
argument: to have things at hand, that work out of the box, that are familiar to the user. And that is also 
the the tema here: to use these old tools in a modern desktop. I would like to use `mail` as 
some decades ago I used it. Unfortunately html mail makes life more difficult (I forgot to mention `w3m` in the list above)


----------



## hruodr (Mar 15, 2021)

I read my email from Gmail with `alpine`, messages remain in the server and can be read by
many clients, I only download what I want to read (messages, attachments of messages).

Other approach is to download everything and keep it synchronized with the server. This is what most
bloated graphical mail clients, that many desktop users love, seems to do by default, and perhaps are 
unable to work like alpine.

I just proved this approach with more meager, command line programs, I have not much experience,
hence I ask you for your experience. What I did:

Install the following:

pkg install isync
pkg install heirloom-mailx
mkdir -p ~/Mail/Gmail

Then I wrote the following simple configuration file ~/.mbsync :


```
IMAPStore gmail-remote
Host imap.gmail.com
Port 993
SSLType IMAPS
User mygooglename@gmail.com
Pass xxxx

MaildirStore gmail-local
SubFolders Verbatim
# with "/" at the end
Path ~/Mail/Gmail/
Inbox ~/Mail/Gmail/Inbox

Channel gmail
Master :gmail-remote:
Slave :gmail-local:
Patterns *
Create Both
SyncState *
```

Then, for synchronizing ~/Mail/Gmail with the contents in Gmail I only need to
issue the command (do not forget to disable less secure apps before):

# mbsync gmail

Since messages in ~/Mail/Gmail are in Maildir format, I need a mail program that supports
this kind of mail storages like heirloom-mailx, I can read the Inbox with:

# /usr/local/bin/mailx -f ~/Mail/Gmail/Inbox

It is used like the normal BSD `mail` command. Since in Gmail messages are deleted by
moving to Trash, I do not know how to delete. But as said before, better not to use gmail for this.

What are your experiences?


----------

