Using ssmtp instead of sendmail

I had problems with my mails from my server got categorized as spam in GMail 🙁

So I decided to use Google’s smtp gateway for sending the mails …

I run FreeBSD:

[root@prism ~]# uname -a
FreeBSD prism.local 11.0-RELEASE-p9 FreeBSD 11.0-RELEASE-p9 #0: Tue Apr 11 08:48:40 UTC 2017     root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC  amd64

First disable sendmail (insert this into /etc/rc.conf):

sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"

And ensure that sendmail is no longer running:

killall sendmail

Now install (I use pkg) ssmtp:

[root@prism ~]# pkg install ssmtp

And then to replace sendmail with ssmtp change your /etc/mail/mailer.conf to:

sendmail	/usr/local/sbin/ssmtp
send-mail	/usr/local/sbin/ssmtp
mailq		/usr/local/sbin/ssmtp
newaliases	/usr/local/sbin/ssmtp
hoststat	/usr/bin/true
purgestat	/usr/bin/true

To use Google’s smtp, you need to:

  • Create an App-password for you GMail account
  • Modify /usr/local/etc/ssmtp/ssmtp.conf

Goto https://myaccount.google.com/apppasswords to create an App-password for the server to use your account.

And insert/uncomment something like this into the /usr/local/etc/ssmtp/ssmtp.conf:

mailhub=smtp.gmail.com:587
AuthUser=yourmail@gmail.com
AuthPass=yournewapppassword
rewriteDomain=yourdomain.dk
FromLineOverride=YES
UseSTARTTLS=YES

You should now be able to send mails from the commandline:

mail -v -s "test subject" yourmail@something.com

I also created a .forward file in /root/ with the to-email where I wanted all my system mail to go.

Making WakeOnLan work

I was looking for a solution to have the server in our cottage ready for “service”, but not using a lot of power. Of course I have used hdparm to make the disk spin down, but the rest of the computer is also using power. So I thought of WakeOnLan (WOL) combined with some kind of sleep. Below is my setup:

Install sleepd:

sudo apt-get install sleepd

It is difficult to find the right settings for it to sleep at the right times, and not during a backup. I have found that these values in /etc/default/sleepd work for me:

PARAMS="-a -N -U 60"

The restart the daemon

sudo service sleepd restart

In the BIOS of the server, you might need to enable WakeOnLan. This differs from vendow to vendor – no help here 🙂 Same goes for the router – you need to route port 7 and 9 to the server that needs to support WOL.

On the client (the computer that needs to wake up the server) you will need to have a way to send the magic packets to the right port. I have found that it is also nice to have an App on my iPhone to WOL.

On my FreeBSD box (which acts as a client to the box in the cottage) i have installed net/wakeonlan. This means that I can wake up my server from my FreeBSD box like this:

wakeonlan -p 9 -i router-ip  server-MAC-address

Setting up Boxbackup

I have been looking into getting a remote backup. I run TimeMachine backups in my Mac-environment, but I need a remote backup of eg. my digital pictures.

So I have been working on a server in our cottage that could be a backup server, and my NAS back home could be a client to that server 🙂 Belov is a description of my installation of the server and a client of a Boxbackup setup. For the base installation of the client and server software, please consult the wiki. I will describe my configuration only.

Server configuration

The server is a Dell OptiPlex-760 running Linux Mint Maya. I have reserved 2 disks (1TB each) in the server. These will act as disks in the backup storage. I have made a directory on each of the disks to put the backup files into:

OptiPlex-760 ~ # mkdir /mnt/backup1/box
OptiPlex-760 ~ # mkdir /mnt/backup2/box

Boxbackup stores on RAID only – and I dont have RAID. But the configuration handles this nicely:

OptiPlex-760 ~ # raidfile-config /etc/boxbackup 4096 /mnt/backup1/box
WARNING: userland RAID is disabled.
Config file written.

This added one of the disks. To add another, you need to edit the raid-config file (/etc/boxbackup/raidfile.conf). Below disc0 was generated by the tool, and the disc1 was added by hand.

disc0
{
        SetNumber = 0
        BlockSize = 4096
        Dir0 = /mnt/backup1/box
        Dir1 = /mnt/backup1/box
        Dir2 = /mnt/backup1/box
}

disc1
{
        SetNumber = 1
        BlockSize = 4096
        Dir0 = /mnt/backup2/box
        Dir1 = /mnt/backup2/box
        Dir2 = /mnt/backup2/box
}

Remember to let the backup daemon have rights to the backup directories:

OptiPlex-760 ~ # chown -R bbstored:bbstored box

We are ready to configure bbstored to run as the user bbstored on the server backupserver (changed to prevent misuse), with configuration file in /etc/boxbackup:

OptiPlex-760 ~ # bbstored-config /etc/boxbackup backupserver bbstored

In order for the server and the client to be able to communicate secure, a PKI infrastructure is established:

OptiPlex-760 ~ # bbstored-certs /root/certs init
OptiPlex-760 ~ # bbstored-certs /root/certs sign-server /etc/boxbackup/bbstored/backupserver-csr.pem
OptiPlex-760 ~ # cp /root/certs/servers/backup.rasta.dk-cert.pem /etc/boxbackup/bbstored/
OptiPlex-760 ~ # cp /root/certs/roots/clientCA.pem /etc/boxbackup/bbstored/

Now the clients can be configured. A client needs an account on the server:

OptiPlex-760 ~ # bbstoreaccounts create 0 0 970G 1000G

This creates the account 0 on the disk set 0 with a soft limit at 970GB and a hard limit at 1000GB.

Client configuration

On the client we need to create a configuration and a certificate that we can send to the administrator of the server (in order to get it signed and registered).

[jesper@tranquil ~]$ sudo bbackupd-config /usr/local/etc/boxbackup snapshot 0 backupserver /var/bbackupd /home

This creates a configuration in /usr/local/etc/boxbackup, uses snapshot backup as the account 0 against the server backupserver. It uses a working dir /var/bbackupd and initially backs up /home. I need more paths in my backup, and this is accomplished by editing the configuration /usr/local/etc/boxbackup/bbackupd.conf. Below I have added /root, /etc and my photos /data1/photo

BackupLocations
{
        home
        {
                Path = /home
        }
        root-dir
        {
                Path = /root
        }
        etc
        {
                Path = /etc
        }
        photo
        {
                Path = /data1/photo
        }
}

We have with the bbackupd-config command created a certificate to be signed by the administrator of the server. So send /usr/local/etc/boxbackup/bbackupd/0-csr.pem to the administrator, and he will

OptiPlex-760 ~ # bbstored-certs certs sign 0-csr.pem

and send back 0-cert.pem and serverCA.pem which on the client can be installed under /usr/local/etc/boxbackup/bbackupd/

On the client (re)start the daemon bbackupd and on the server (re)start the daemon bbstored.

Remember to make a copy of the private key on the client in order to be able to read the backups. It is located in /usr/local/etc/boxbackup/bbackupd/0-FileEncKeys.raw

This should be a secure offsite backup. Without it, you cannot restore backups. Everything else can be replaced. But this cannot. KEEP IT IN A SAFE PLACE, OTHERWISE YOUR BACKUPS ARE USELESS.

To make a backup initiated from the client run:

/usr/local/sbin/bbackupctl -q sync

This should be part of a cron-job.