msmtpd: how to setup super-light relay-only MTA

This post describes how to setup msmtpd as local relay-only SMTP server on Debian.

  1. Install msmtpd

    sudo apt install msmtp-mta bsd-mailx
  2. Since we’d like to use socket-activated service (to save resources), completely disable msmtpd.service:

    sudo systemctl mask msmtpd.service
  3. Create socket unit for msmtpd. Run…

    sudo systemctl edit --force --full msmtpd.socket

    …and when editor opens, type in:

  4. Create service unit for msmtpd. Run…

    sudo systemctl edit --force --full msmtpd@.service

    …and when editor opens, type in:

    Description=msmtp daemon
    ExecStart=/usr/sbin/msmtpd --inet '--command=/usr/bin/msmtp -C /etc/msmtprc.relay -f %%F'
  5. Now it’s time to configure relay SMTP server. Run…

    sudo touch /etc/msmtprc.relay
    sudo chmod go-rwx /etc/msmtprc.relay
    sudo chown msmtp /etc/msmtprc.relay
    sudo nano /etc/msmtprc.relay

    …and when editor opens, type in:

    tls on
    tls_starttls on
    port 587
    tls_starttls on
    auth on
    password joessecret
    aliases /etc/aliases


    This leaves passeword in clear text in file /etc/msmtprc.relay - this is insecure. The file is readable only by user msmtp but still. Unfortunately, I could not find another, more secure way to pass down password.

  6. Disable apparmor for msmtp:

    sudo ln -s /etc/apparmor.d/usr.bin.msmtp /etc/apparmor.d/disable
    sudo apparmor_parser -R /etc/apparmor.d/usr.bin.msmtp

    Sadly, I could not make it working otherwise.

  7. Enable and start msmtpd socket unit:

    sudo systemctl enable msmtpd.socket
    sudo systemctl start msmtpd.socket
  8. Now configure local mail:

    sudo touch /etc/msmtprc
    sudo chmod ugo+r /etc/msmtprc
    sudo nano /etc/msmtprc

    …and when editor opens, type in:

    account default
    host localhost
    port 25

    This causes local mail (sent by cron and other tools) to use just configured local SMTP relay. Other machines in local network (virtual or not) may be configured the same way.

Developing OpenJ9 JIT for RISC-V

Using Eclipse CDT for Eclipse OMR development

Using rr and Visual/VM Debugger to debug Smalltalk/X crash

Fun with ZFS, part 2: Creating Debian ZFS Rescue USB Image

How to generate TSL/SSL certificate and get it signed

STX:LIBJAVA used for real

Unmanaged delegates in CLR

Debugging mixed native-CLR application in WinDBG

A taste of .NET in Bee Smalltalk

Fun with ZFS, part 1: Installing Debian Jessie on ZFS Root

First Post