-1

On Debian LAMP with different PHP based CMSs I use the MTA sSMTP to send email via an email proxy (Gmail); the emails I send are only contact-form inputs transferred from any such CMS to my own email account:

CMS contact-form input → Eail proxy (Gmail) → Main email account I use (also Gmail)

My sSMTP conf looks similar to this:

#!/bin/bash
set -eu

read -p "Please paste your Gmail proxy email address: " \
     gmail_proxy_email_address
read -sp "Please paste your Gmail proxy email password:" \
     gmail_proxy_email_password && echo

cat <<-EOF > /etc/ssmtp/ssmtp.conf
    root=${gmail_proxy_email_address}
    AuthUser=${gmail_proxy_email_address}
    AuthPass=${gmail_proxy_email_password}
    hostname=${HOSTNAME:-$(hostname)}
    mailhub=smtp.gmail.com:587
    rewriteDomain=gmail.com
    FromLineOverride=YES
    UseTLS=YES
    UseSTARTTLS=YES
EOF

As you can see a file named /etc/ssmtp/ssmtp.conf will be created and will contain the email address and its account's password.

If the unlikely happens and an hacker finds out the email address and password I could be in a lot of trouble in cases I store payment information (I don't, I never did, and not planning to but still, it should be taken seriously).

How could I protect the aforementioned file? Maybe encrypting it somehow?

As of the moment I don't want to use an email server with configuring email DNS records, etc.

  • Don't use your gmail username and password... use an [App Authorization Token](https://support.google.com/accounts/answer/185833?hl=en) instead... – RubberStamp Feb 11 '19 at 18:10
  • Just put the App Password in the config file... in your configuration, you are using gmail as your mail server. You could use any text based MUA to perform the same task... such as [mutt](https://unix.stackexchange.com/questions/172666/gmail-blocking-mutt) or any number of other options. – RubberStamp Feb 11 '19 at 20:31
  • I'll appreciate any attempt to explain the two down votes. –  Feb 15 '19 at 03:05
  • I'm fairly certain that [downvotes are anonymous](https://unix.meta.stackexchange.com/questions/4988/lots-of-surprising-downvotes-to-new-users/5003) ... In general I don't downvote unless the question is actually gibberish. ... Also, many of us are volunteering our time, *at least I am*, and life sometimes gets in the way of posting.... *What information are you looking for in addition to the answer already written?* – RubberStamp Feb 15 '19 at 12:44
  • An example for how to avoid writing the password in the `sSMTP` conf-file in my remote machine; by App Authorization Token placeholder that could be filled in each time I SSH into that remote-machine. –  Feb 15 '19 at 14:14
  • I'm not sure I understand what you are asking... If your server is going to login to gmail in an unattended manner, a set of credentials will need to be stored on the server. It's possible to design a method of remotely storing those credentials and retrieving them on demand. However, the credentials will need to be stored somewhere that is accessible from the Internet. So, that idea simply moves the vulnerable host and not the vulnerability. Using a unique password for that App would limit the damage if the password is leaked. – RubberStamp Feb 15 '19 at 14:28
  • 1
    So seems the high vulnerability of copying the password (as long is it's not stored on my computer) won't go away anyway... –  Feb 15 '19 at 15:09

1 Answers1

2

ssmtp has to use your login and password to send the mail. If it would be encrypted, ssmtp would have to decrypt it, so the hacker could do the same.

The file /etc/ssmtp/ssmtp.conf should have only the necessary permissions to allow ssmtp to access the file and you should secure your system to prevent unauthorized access.

See https://wiki.archlinux.org/index.php/SSMTP:

Because your email password is stored as cleartext in /etc/ssmtp/ssmtp.conf, it is important that this file is secure. By default, the entire /etc/ssmtp directory is accessible only by root and the mail group. The /usr/bin/ssmtp binary runs as the mail group and can read this file. There is no reason to add yourself or other users to the mail group.

If you use an app password (see also the web page referenced above) the credentials should not be usable for interactive login.

Bodo
  • 5,979
  • 16
  • 27
  • @JohnDoea This depends on your system and possible vulnerabilities. There is no absolute protection. You can only reduce the risk by securing your system as much as possible and installing all security updates. If an attacker can log in as a normal user who is able to send mail, he could use your mail account for sending spam without reading the credentials from `ssmtp.conf`. – Bodo Feb 12 '19 at 09:33
  • The web page I referenced in my answer also mentions app passwords. I added a note about this to the answer. – Bodo Feb 12 '19 at 10:20