I've installed sSMTP on Ubuntu 10.04 via:
sudo apt-get install ssmtp
My configuration file is:
# # Config file for sSMTP sendmail # # The person who gets all mail for userids < 1000 # Make this empty to disable rewriting. root=someone@somedomain.com # The place where the mail goes. The actual machine name is required no # MX records are consulted. Commonly mailhosts are named mail.domain.com mailhub=smtp.gmail.com:587 # Where will the mail seem to come from? #rewriteDomain= # The full hostname hostname=somedomain.com # Are users allowed to set their own From: address? # YES - Allow the user to specify their own From: address # NO - Use the system generated From: address #FromLineOverride=YES authuser=someone@somedomain.com authpass=**** usestarttls=yes
Am I transmitting my credentials in clear text? Is calling ssmtp a secure operation?
Thanks.
Best Answer
Mail submission to
smtp.gmail.com:587
will fail ifSTARTTLS
is not issued:For this use case, your credentials must be transmitted over TLS to be transmitted at all, so they are not being sent in the clear. Note however that while this is common behavior, this is not the required behavior -- it is quite possible that a server doesn't require TLS on the submission port, and also possible to similarly misconfigure your client.
As joschi mentioned, you can make sure it is encrypted with any tool that can capture packets off the wire, and I'd like to add
tcpflow
as a suggestion as well for that.