Configuring SMTP for alerts

How To
1

I am looking at setting up SMTP for alert notifications. Thanks to @bricks I was able to see how the Docker containers can be configured to use msmtp as an MTA. I have some instructions for setting up msmtp MTA for Kali Linux or for the source code install:

Greenbone’s gvmd uses a system call to sendmail when alerts are sent. Seems the recommended method is to use msmtp (which is a drop in replacement) so, these instructions should work regardless of whether sendmail is already installed although they will disable sendmail.

  1. Install msmtp 
$ sudo apt install msmtp
  1. Seems the configuration file is not created by default so we have to create one. The default locations are /etc/msmtprc (global) or ~/.msmtprc (for user):
sudo nano /etc/msmtprc
  1. Enter basic config settings. You can replace gmail with another SMTP provider. You may have to check your email provider for policy for sending automated email or other settings.
# Set default account
defaults
auth           on
tls            on
tls_trust_file /etc/ssl/certs/ca-certificates.crt
#logfile        ~/.msmtp.log
# Override the default log file
logfile        /var/log/gvm/gvmd.log

# Gmail account
account gmail
host smtp.gmail.com
port 587
from user@gmail.com
user user@gmail.com
password <your-password>

# Set the default account to use
account default: gmail
  1. Create a sample email.txt file with
To: recipient@domain.com
Subject: Testing
Testing the msmtp email
  1. Test the msmtp command with :
msmtp -d -f user@gmail.com recipient@domain.com < email.txt

NOTE: you will likely see a warning that msmtp can’t access the log file, but that’s
ok because it’s protected by GVM, but when GVM sends the mail it will have access…

  1. Create a symlink from sendmail to msmtp:
    Get the location of msmtp 
which msmtp
  1. Use the location to create a symlink from sendmail to msmtp. If you have sendmail installed already, you have to move the binary to another location or just delete it to replace it with the symlink.
sudo ln -s /usr/bin/msmtp /usr/sbin/sendmail
  1. Test with sendmail as the replacement via symlink 
sendmail -d -f user@gmail.com recipient@domain.com < email.txt

Now Greenbone should be able to use SMTP for alerts.

However, although this works fine when creating an alert as long as you specify the same From: address as used in the config file, there can be an issue when using the Task Wizard.

If the To: destination email address entered into the task wizard is the same as you configured in the msmtp config, it will send fine, but specifying a different To: address will not send.

The problem seems to be caused because the email address specified in the To: field of the Advanced Task Wizard will also be used as the From: address when calling the sendmail command. The days of blind mail relay are mostly gone, so this will fail.

The task wizard creates an alert item and uses the From: address for both the To: and From:. If you want the alert for the wizard created task to send to another email address than the configured send address, you can manually edit the alert and change From: to the send address that is configured with msmtp

This could be solved by not specifying any From: address when creating the alert for the Wizard task, but although this would send from msmtp, it would have an empty From: field in the created alert. It might be better to allow the user to enter a From: address as well in the Wizard, but it may also make sense to just rely on the msmtp configuration for all the From: addresses in alerts.

Either way, once I learned that it works great.

Also, I was very surprised to find that there isn’t a widely known or established SMTP module for C like pretty much every other language.

My humble suggestion in lieu of C lacking a robust SMTP package is:

  • Using msmtp is better than the traditional sendmail since its more convenient to configure
  • There should be an SMTP credential type with various auth fields, port, smtp-host, and TLS settings
  • Alerts and Advanced task wizard should allow a stored SMTP credential to be set instead of a From: email address.
  • The email send function in Greenbone can configure the SMTP credential’s settings into command line options for sendmail / msmtp at runtime of sending the email.

This method would allow user’s to simply enter their SMTP service provider auth credentials and settings and they wouldn’t even have to configure the sendmail / msmtp. :smiley: