# Local-only port 25 SMTP for a send-only ssmtp configuration?



## ralphbsz (Oct 28, 2022)

My FreeBSD machines are all set up to not store mail, nor allow reading mail locally. But because you need the ability to deliver mail (for example so status reports from cron jobs show up), I have ssmtp installed and configured. This works great: Programs such as mail(1) can send mail; they do that by executing sendmail in a pipe and feeding the message into it, and sendmail itself internally runs ssmtp. Great.

Except, there is a new requirement I didn't know about. It turns out there are some programs that like to send mail by opening a socket to port 25 on localhost, and using SMTP protocol to send messages. I think Python programs in particular like to do that, because the default Python mail support library smtplib works this way. And one has to admit, it even makes sense to assume that the local host has a functioning MTA that can accept messages locally. But ssmtp doesn't work that way, so on my machines those sockets get timeouts.

And to be completely clear: I want a (very simple) SMTP server on localhost on port 25, but no open port 25 (or 465 or 587 or ...) to the outside world. This is only for local mail submission, for programs that prefer this technique over the submission technique of executing sendmail.

How to improve this most easily? Super heavyweight solution: Go back to using sendmail, and configure it to have port 25 open on localhost, no other incoming ports, all mail goes out via a smarthost, no mail storage. I am certain that this is possible (since anything is possible with sendmail), but sendmail configuration is also heavy-weight and requires lots of practice. I neither want that much work, nor taking the risk of administering a complex thing I don't really need 99% of. A similar (and even worse) option might be to install another full-featured MTA like Postfix or Exim: Same amount of complexity, and even less familiar.

I looked at dma, and like ssmtp, it can not accept port 25, even locally.

Anyone got a good idea? Something as simple as ssmtp, but that can also accept local mail (with no interesting features required)? Or a little daemon that runs on port 25, and simply takes complete messages and ships them out via sendmail?


----------



## Alain De Vos (Oct 29, 2022)

I use opensmtpd. Its an easy setup. And it accepts connection on port 25.
Here i post the full configuration which is extremely short,

```
listen on 127.0.0.1
table aliases file:/etc/mail/aliases
action "local" maildir "~/Maildir" alias <aliases>
match for local action "local"
action "relay" relay
match from local for any action "relay"
```


----------



## vienuolis (Oct 29, 2022)

Alain De Vos, I am willing to replace Sendmail with OpenSMTPd too, but I cannot find in docs whether it will work together with Cyrus IMAP? (Oh, sorry for the possible off-topic).


----------



## Alain De Vos (Oct 29, 2022)

Maybe google,


			opensmtpd cyrus - Google Search
		

opensmtpd does not care too much about the imap-server.
But configuration is really easy.


----------



## ralphbsz (Oct 29, 2022)

Thank you, OpenSMTPD looks interesting, as it seems cleanly engineered. Still has lots of features I don't need, but there are good config examples in its documentation.


----------



## bob2112 (Nov 4, 2022)

ralphbsz said:


> I looked at dma, and like ssmtp, it can not accept port 25, even locally.



It can according to this:






						dma - ArchWiki
					






					wiki.archlinux.org


----------



## Jose (Nov 4, 2022)

bob2112 said:


> It can according to this:
> 
> 
> 
> ...


That configures DMA to connect to an external MTA (a "smarthost") over ports 25, etc. It does not configure DMA to listen on any ports.


----------



## astyle (Nov 4, 2022)

I have configured SMTP before... and it looks like you're making a mountain out of a molehill:

Any given system functions better when there's just one MTA running, and trying to use port 25.
IMAP is not an MTA. Neither is Postfix. IMAP (or POP) is for negotiating connections between email client and the MTA.
Stick with sendmail as your MTA. Even with a default sendmail config, most daemons like `syslogd` will happily take it and send you an email.
If you want your system to NOT accept emails from another IP address, set up the firewall to block port 25.


----------



## bob2112 (Nov 4, 2022)

I didn't mean to post this.


----------



## Jose (Nov 4, 2022)

bob2112 said:


> That's not my reading, for example:
> 
> # accept mail from MUAs with TLS
> PORT 465


Yeah, that's just wrong. The DMA man page is more informative:


			DragonFly On-Line Manual Pages : dma()


----------

