Difference between revisions of "Emailing"

From wiki
Jump to: navigation, search
(Introduction)
 
(5 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 
= Introduction =
 
= Introduction =
  
This is mainly about emailing users when their jobs are finished.
+
Works on Marvin. Nodes throwing an "Unable to set UseSTARTTLSCert="YES"" error but I suspect the real issue is that the nodes can't ping the mailhost server. Likely solution is setting up marvin as a mailhost/redirector and sending the email to marvin to forward onwards.  
  
Only an easy workable solution is presented and it relies on gmail servers and having a special gmail address.
+
Need to set the command used for email for each node usin g
 +
qconf -mconf nodeX
  
On the frontend, first focus on the followinng file:
+
in this case we want the mailer to be /usr/sbin/ssmtp
/etc/postfix/main.cf
 
  
Look for the '''relayhost''' parameter. We will set it as follows:
+
/usr/sbin/ssmtp
  
relayhost = [smtp.gmail.com]:587
 
  
This means that postfix will outsource most of the email subtasks to gmail's servers. Though this may sound easy, it also means one must comply with gmail rules which can be quite stringent (i.e. require more work in setting up) in terms of security. Something to get right is TLS and SASL.
+
source /usr/sbin/ssmtp
 +
/usr/sbin/ssmtp start
  
For TLS, first of all let's get a good certificate. One that works is:
+
Then rolled out the following config to all of the nodes:
Equifax_Secure_CA.pem
 
  
Which may be found in
+
#
  /etc/ssl/certs
+
# /etc/ssmtp.conf -- a config file for sSMTP sendmail.
 +
#
 +
# See the ssmtp.conf(5) man page for a more verbose explanation of the
 +
# available options.
 +
#
 +
 +
# The person who gets all mail for userids < 500
 +
# Make this empty to disable rewriting.
 +
root=marvin-mail@st-andrews.ac.uk
 +
 +
# The place where the mail goes. The actual machine name is required
 +
# no MX records are consulted. Commonly mailhosts are named mail.domain.com
 +
# The example will fit if you are in domain.com and your mailhub is so named.
 +
mailhub=mailhost.st-andrews.ac.uk
 +
   
 +
# Example for SMTP port number 2525
 +
# mailhub=mail.your.domain:2525
 +
# Example for SMTP port number 25 (Standard/RFC)
 +
# mailhub=mail.your.domain       
 +
# Example for SSL encrypted connection
 +
# mailhub=mail.your.domain:465
 +
 +
# Where will the mail seem to come from?
 +
#RewriteDomain=
 +
 +
# The full hostname
 +
Hostname=marvin.st-andrews.ac.uk
 +
 +
# Set this to never rewrite the "From:" line (unless not given) and to
 +
# use that address in the "from line" of the envelope.
 +
FromLineOverride=YES
 +
 +
# Use SSL/TLS to send secure messages to server.
 +
UseTLS=YES
 +
UseSTARTTLSCert=YES
 +
# added PT 201809
 +
UseSTARTTLS=YES
 +
 +
# Use SSL/TLS certificate to authenticate against smtp host.
 +
#UseTLSCert=YES
 +
# Use this RSA certificate.
 +
#TLSCert=/etc/pki/tls/private/ssmtp.pem
 +
 +
# Get enhanced (*really* enhanced) debugging information in the logs
 +
# If you want to have debugging of the config file parsing, move this option
 +
# to the top of the config file and uncomment
 +
#Debug=YES
 +
#AuthUser=
 +
#AuthPass=
 +
 +
# Email 'from headers can override the defaul domain?
 +
FromLineOverride=yes
 +
 +
# added cert PT 2018 0928
 +
TLS_CA_FILE=/etc/pki/tls/certs/ca-bundle.crt
  
We can copy it over into a new name to create
 
/etc/postfix/cacert.pem
 
  
Then we want to get the following lines into '''main.cf''':
+
It may be possible to make the output neater. Links for later reference
  smtp_use_tls = yes
+
  http://gridengine.org/pipermail/users/2011-June/001140.html
smtp_tls_CAfile = /etc/postfix/cacert.pem
+
  https://gridengine.markmail.org/search/?q=sge+mail+header+ben#query:sge%20mail%20header%20ben+page:1+mid:azhmwbsrn62akprk+state:results
 
 
 
 
Now for SASL. We need to create a fil called
 
sasl_passwd
 
 
 
put all the gmail user and password details. I.e.
 
  [smtp.gmail.com]:587 <gmail_address> <password>
 
 
 
A hash of this must be generated. Postfix has its own hasher, so it can be done as follows:
 
postmap sasl_passwd
 
 
 
You should get a new file called
 
sasl_passwd.db
 
 
 
after this operation.
 
 
 
Now '''main.cf''' needs to be told about all of this , so the following shoudl be included.
 
 
 
smtp_sasl_auth_enable = yes
 
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
 
smtp_sasl_security_options = noanonymous
 
 
 
This should get you most of the way there.
 

Latest revision as of 08:49, 14 November 2019

Introduction

Works on Marvin. Nodes throwing an "Unable to set UseSTARTTLSCert="YES"" error but I suspect the real issue is that the nodes can't ping the mailhost server. Likely solution is setting up marvin as a mailhost/redirector and sending the email to marvin to forward onwards.

Need to set the command used for email for each node usin g

qconf -mconf nodeX

in this case we want the mailer to be /usr/sbin/ssmtp

/usr/sbin/ssmtp


source /usr/sbin/ssmtp
/usr/sbin/ssmtp start

Then rolled out the following config to all of the nodes:

#
# /etc/ssmtp.conf -- a config file for sSMTP sendmail.
#
# See the ssmtp.conf(5) man page for a more verbose explanation of the
# available options.
# 

# The person who gets all mail for userids < 500
# Make this empty to disable rewriting.
root=marvin-mail@st-andrews.ac.uk 

# The place where the mail goes. The actual machine name is required
# no MX records are consulted. Commonly mailhosts are named mail.domain.com
# The example will fit if you are in domain.com and your mailhub is so named.
mailhub=mailhost.st-andrews.ac.uk

# Example for SMTP port number 2525
# mailhub=mail.your.domain:2525
# Example for SMTP port number 25 (Standard/RFC)
# mailhub=mail.your.domain        
# Example for SSL encrypted connection
# mailhub=mail.your.domain:465

# Where will the mail seem to come from?
#RewriteDomain=

# The full hostname
Hostname=marvin.st-andrews.ac.uk

# Set this to never rewrite the "From:" line (unless not given) and to
# use that address in the "from line" of the envelope.
FromLineOverride=YES

# Use SSL/TLS to send secure messages to server.
UseTLS=YES
UseSTARTTLSCert=YES
# added PT 201809
UseSTARTTLS=YES 

# Use SSL/TLS certificate to authenticate against smtp host.
#UseTLSCert=YES
# Use this RSA certificate.
#TLSCert=/etc/pki/tls/private/ssmtp.pem 

# Get enhanced (*really* enhanced) debugging information in the logs
# If you want to have debugging of the config file parsing, move this option
# to the top of the config file and uncomment
#Debug=YES
#AuthUser=
#AuthPass=

# Email 'from headers can override the defaul domain?
FromLineOverride=yes 

# added cert PT 2018 0928
TLS_CA_FILE=/etc/pki/tls/certs/ca-bundle.crt


It may be possible to make the output neater. Links for later reference

http://gridengine.org/pipermail/users/2011-June/001140.html
https://gridengine.markmail.org/search/?q=sge+mail+header+ben#query:sge%20mail%20header%20ben+page:1+mid:azhmwbsrn62akprk+state:results