How to Send Mail from a Raspberry Pi

Wouldn’t it be nice to get an occasional email from one of your Raspberries when something is wrong? Maybe your filesystem is filling up or the monitoring you’ve set up needs to alert you that some of the network devices are overheating. Back in the day, you could just run Sendmail and pipe some text to your email address. But, because of all the spammers in the world, the email relays have gotten much more stringent of who could just dump email messages on their servers for delivery. If you’ve got a Gmail account, there’s a fairly straightforward way to allow your Raspberries access to your Gmail in a fairly secure fashion.

How Does eMail Work?

There are actually quite a few moving parts to getting a message from your Raspberry to your Gmail account. Whether it be Sendmail or Nagios, is the MUA or “mail user agent”. It puts the email header and body together and then passes it off to an MTA or “mail transport agent”. The MTA must be configured to get the email out the door, off your Raspberry, and out to a mail relay. You can configure that MTA on your server once and forget it. Once you get things working, mail will just work. But we need to make sure that our MTA has a reliable connection to a relay. Gmail offers a great relay service but enforces security. Gone are the days of a simple SMTP connection on port 25! Today, Gmail requires that your incoming connection be secure. There are facilities for highly secure connections for your enterprise and of course cost, but I want to focus on free, secure, and easy.

Security!

Luckily, we don’t need to reinvent the wheel to get our email for work. We just need to make sure that our wheel stays in its lane. We’re going to be using TLS to create an encrypted tunnel connection from the MUA to the mail relay at Gmail. Think of the protection offered by ssh with SSL–same game! Once we get there, we will also need to authenticate to Gmail, but we can use our existing Gmail account and password, so no big stretch there.

msmtp

Sure, all of this sounds like a tall order, but relief is on the way! msmstp is a lightweight (as compared to trying to configure sendmail) MTA. It’s secure, small, free, and run quietly in the background. Let’s get a few things installed, and then we can look at configurations. We don’t need to install much:

apt install bsd-mailx
apt install msmtp
apt install msmtp-mta

If you’re not logged in a root, you’ll need to prepend “sudo ” to each line. Don’t forget “apt update” as a first step to get your repos in sync.

Configuring Secure eMail

You can follow the default installation methods and install msmtp for one user. I wanted the MTA to be available system-wide. I’m the only user, but there’s multiple procs running that might want to get in touch with me! Keep in mind that every email eminating from this Raspberry will be going through your Gmail account.

OK, the config is in /etc/msmtprc and it looks like this:

#Set default values for all accounts.
defaults
auth on
tls on
tls_starttls on
tls_trust_file /etc/ssl/certs/ca-certificates.crt
logfile /var/log/msmtp.log

#Gmail settings
account gmail
host smtp.gmail.com
port 587
from yourname@gmail.com
user yourname
password D33pD4arkS3cr3t

#Set a default account
account default : gmail

In effect, what we’re doing is saying: all users will default to mailing through this account, use TLS, log to file, use Gmail’s SMTP relay on port 587, connecting with our Gmail address by authenticating with our username and password. Secure this file, as there’s a clear text password in it:

chown root:msmtp /etc/msmtprc 
chmod 640 /etc/msmtprc 

Yes, You Can Encrypt Your Password

Passwords for msmtp can be stored in plaintext, encrypted files, or a keyring. Setting up an encrypted key is not hard to do. First, you’ll need a gpg key, then you’ll use that to encrypt your password. So, let’s generate a key:

gpg --full-generate-key

I just accept all the defaults. Leave the passphrase blank because you won’t be around to enter it. This is being used by automated processes. If you want a REAL key, generate more! Anyways, you’ll need to wiggle your mouse or stir the keyboard to create entropy to help randomize the key. It honestly didn’t take very long on my RPi4…

If you want to see what you’ve got, type the following:

gpg --list-secret-keys --keyid-format LONG

…and you’ll see your new key. Now that you’ve got a key, you can encrypt your password:

gpg --encrypt --output=msmtp-password.gpg --recipient=yourname@gmail.com

Type in the password that you’re encrypting on the blank line and hit enter. The cursor will move down. Hit CTRL-D to end the process. Move the generated file (msmtp-password.gpg) to /etc/. Edit the password line in your /etc/msmtprc file to reflect the fact that your password is now encrypted:

passwordeval gpg --decrypt /etc/msmtp-password.gpg

Alright! Let’s check our work. Try this simple one-liner to test:

echo "BEEP BEEP" | mailx -s "Subject: This is a test!" yourname@gmail.com

You should get an email in your inbox, fairly immediately. If this test works, it should work for anything that tries to email you from this Raspberry! Cool, huh? And we didn’t have to configure sendmail!

Author: John

1 thought on “How to Send Mail from a Raspberry Pi

  1. John,
    Thanks for the quick tutorial. It didn’t work right away as my google account settings was at the default security which will not allow “less secure apps”.
    So, once I allowed that option everything worked without doing any other security steps on the pi.
    Thanks.
    David

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.