SSMTP Configuration on my Mastodon Server

lukep · May 29, 2020, 4:52am

Hello, I hope this is the appropriate place to ask for help.
I am trying to run a mastodon server on the linode instance (which I used the affiliate link to set up) on an ubuntu 18.04 server and I have run in to a couple snags. I hope this is a reasonable place to ask for some assistance as this is my first experience administering a server like this.
So when I test my ssmtp server from the command line, the terminal hangs for a couple minutes and then I see an error “ssmtp: Cannot open smtp.gmail. com:587”
I think this may be my iptables configuration.

Below is my ssmtp.conf

# Config file for sSMTP sendmail
#
# The person who gets all mail for userids < 1000
# Make this empty to disable rewriting.
root=friendface.club@gmail. com
# The place where the mail goes. The actual machine name is required no
# MX records are consulted. Commonly mailhosts are named mail.domain. com
mailhub=smtp.gmail. com:587
AuthUser=friendface.club@gmail. com
AuthPass=XXX
AuthMethod=LOGIN
UseTLS=YES
UseSTARTTLS=YES
# Where will the mail seem to come from?
rewriteDomain=gmail. com
# The full hostname
hostname=friendface.club@gmail. com
# Are users allowed to set their own From: address?
# YES - Allow the user to specify their own From: address
# NO - Use the system generated From: address
FromLineOverride=YES
TLS_CA_File=/etc/ssl/certs/ca-certificates.crt

Below is my iptables/rules.v4

-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -d 127.0.0.0/8 ! -i lo -j REJECT --reject-with icmp-port-unreachable
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 25 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 587 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 465 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
-A INPUT -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -j REJECT --reject-with icmp-port-unreachable
-A OUTPUT -j ACCEPT

Let me know if you see something which is obviously wrong.
Thank you.

TheCakeIsNaOH · May 29, 2020, 1:50pm

You could always try dropping the firewall temporarily. I don’t see anything wrong with it, but I use UFW rather than iptables directly so I could be missing a problem.

Also, I don’t think the hostname is set correctly, should be the hostname of your computer not your email address.

lukep · June 1, 2020, 2:21pm

Thanks for your help. I am going to keep trying until I figure it out.

lukep · June 6, 2020, 5:19am

Dropping the firewall didn’t fix the issue which means it is my ssmtp configuration.
That is useful to know, I also changed the hostname to localhost which is the name of server. I am still not able to send email but I am definitely getting closer.

xaix1999 · June 6, 2020, 5:34am

error “ssmtp: Cannot open smtp.gmail. com:587”
your config has a typo
hostname=friendface.club@gmail. com
AuthUser=friendface.club@gmail. com
root=friendface.club@gmail. com
your autocorrect is the problem

lukep · June 6, 2020, 5:44am

Actually, I only did that so the forum would let me post it. That is not the way it is written in the config.

xaix1999 · June 6, 2020, 5:47am

only thing I can suggest is check your typos
I found a few more

please show us the error with out corrections
other than that Gmail is usually up and dns spoofing or redirecting might be the next thing if you have access to 8.8.4.4

lukep · June 6, 2020, 5:55am

Here is the error:
“ssmtp: Cannot open smtp.gmail. com:587
root@localhost:~# This is an email”

The next line it prints is the content of the email I tried to send, which it tries to run as a command. The space before the com in the above was added so the forum would let me post.

lukep · June 6, 2020, 6:05am

If I ping 8.8.4.4 from the server, I am connected (average ping is 0.47 ms).

xaix1999 · June 6, 2020, 6:08am

can you ping Gmail?
is your CA cert / file generated?
what version of TLS are you using?

lukep · June 6, 2020, 6:13am

I can ping gmail.
I am not sure about my CA cert file. I can do some research on that because I have not set that up before.

lukep · June 6, 2020, 6:14am

I am using openssl for TLS.

xaix1999 · June 6, 2020, 6:17am

you can do self signed or CSR

lukep · June 6, 2020, 6:23am

Ok, I think that is the answer.
I need to research signing certificates and TLS. Thank you for pointing me in the right direction.