Linux – sSMTP Configuration Question

emaillinuxUbuntu

I've installed sSMTP on Ubuntu 10.04 via:

sudo apt-get install ssmtp

My configuration file is:

#
# Config file for sSMTP sendmail
#
# The person who gets all mail for userids < 1000
# Make this empty to disable rewriting.
root=someone@somedomain.com

# The place where the mail goes. The actual machine name is required no
# MX records are consulted. Commonly mailhosts are named mail.domain.com
mailhub=smtp.gmail.com:587

# Where will the mail seem to come from?
#rewriteDomain=

# The full hostname
hostname=somedomain.com

# Are users allowed to set their own From: address?
# YES - Allow the user to specify their own From: address
# NO - Use the system generated From: address
#FromLineOverride=YES

authuser=someone@somedomain.com
authpass=****
usestarttls=yes

Am I transmitting my credentials in clear text? Is calling ssmtp a secure operation?

Thanks.

Best Answer

Mail submission to smtp.gmail.com:587 will fail if STARTTLS is not issued:

[palantir]-[/var/tmp]-[528] % nc smtp.gmail.com 587                        [2:16]
220 mx.google.com ESMTP b3sm14232728ibf.7
EHLO domain.com
250-mx.google.com at your service, [67.167.112.165]
250-SIZE 35651584
250-8BITMIME
250-STARTTLS
250 ENHANCEDSTATUSCODES
MAIL      
530 5.7.0 Must issue a STARTTLS command first. b3sm14232728ibf.7
STARTTLS
220 2.0.0 Ready to start TLS

For this use case, your credentials must be transmitted over TLS to be transmitted at all, so they are not being sent in the clear. Note however that while this is common behavior, this is not the required behavior -- it is quite possible that a server doesn't require TLS on the submission port, and also possible to similarly misconfigure your client.

As joschi mentioned, you can make sure it is encrypted with any tool that can capture packets off the wire, and I'd like to add tcpflow as a suggestion as well for that.

Related Topic