User:Paul/sandbox/Transactional mail server

WARNING: This article is in a user sandbox, indicating it is a rough draft, and as such, is likely incomplete, contains buggy and insecure configurations, and is subject to substantial and frequent changes.

A transactional email is generated by many popular packages, typically for account registration confirmation, topic reply notifications, password retrieval, and other automated uses such as sending system notification messages to administrators. The emails will commonly be sent from an email address that is a non-functioning email account used exclusively for sending, such as NO-REPLY@example.com.

The PHP function is typically the default method that PHP packages will use for sending transactional mail. This function will use the server's default MTA to send the mail, thus necessitating an MTA to be installed. An MTA can be used to send mail directly from the server or can be configured to send mail through a smart host to reduce server and admin overhead.

Most of the popular PHP packages will include an option or have a plugin available to send transactional email through an SMTP server, eliminating the requirement to install any type of MTA for the purpose of supporting email generated by the package. However, without an MTA installed, system messages cannot be sent to the administrators.

Transactional email via MTA
Setting up an MTA for transactional email is actually very simple.

username@servername:~$ sudo aptitude install postfix username@servername:~$ sudo ufw allow Postfix username@servername:~$ sudo ufw allow 'Postfix (v6)'

This is the very basics to have the server send transactional emails. The default configuration of Postfix is reasonably secure, but note that Postfix is not configured to support secure connections to other mail servers. Although, at best, securing communications between mail servers is an option that is up to each server's administrator, it is good to configure Postfix to allow

username@servername:~$ sudo ufw allow 'Postfix SMTPS' username@servername:~$ sudo ufw allow 'Postfix SMTPS (v6)'

Note that the server would actually send out mail without opening up the firewall, but a receiving server using any form of greylisting or similar protections will not accept any of the emails, as is the case with Yahoo! and likely other popular webmail providers.

SMTP mail server
This simple solution is most useful when delivering mail in small batches, but can create issues with large quantities of mail being sent at one time. When using this option it is best to choose a service that is intended to be used for sending transactional email. Most free email services (Gmail, Yahoo!, Hotmail, etc.) are not friendly to this type of usage and will often suspend accounts being used in this fashion. A better option is to use a service such as Mandrill or Mailgun. Mandrill offers up to 12,000 free emails per month while Mailgun offers 10,000 free emails per month, except for Rackspace customers, who get 50,000 free emails per month.

Nullmailer
Nullmailer is a lightweight sendmail compliant MTA for sending emails to smart hosts. Since the version in the Ubuntu 12.04 repositories is very outdated and doesn't support modern encryption, a back-port may be used instead:

username@servername:~$ sudo add-apt-repository ppa:unpm/nullmailer-backport username@servername:~$ sudo aptitude update && sudo aptitude install nullmailer

Installing the PPA for Nullmailer from the unpm.org repository requires confirmation that insecure software may be installed. An explanation on how the PPA was configured is in the Create Back-port for PPA article.

Although the installer includes a guide that will automatically create the configuration files, it is better to go through each file after installation and verify it has been configured properly.

/etc/nullmailer/adminaddr
username@servername:~$ sudo nano /etc/nullmailer/adminaddr

The  file tells Nullmailer where to send failures and errors, so enter the appropriate email address in this file.

adminuser@adminexample.com

/etc/nullmailer/defaultdomain
username@servername:~$ sudo nano /etc/nullmailer/defaultdomain

Enter the default domain that Nullmailer will use to send emails from when no other domain is specified.

defaultexample.com

/etc/nullmailer/me
username@servername:~$ sudo nano /etc/nullmailer/me

This configuration file is not very well documented. Some online sources state to use, but others report better experiences with.

/etc/nullmailer/remotes
username@servername:~$ sudo nano /etc/nullmailer/remotes

This is the file that contains login information for the the smart host and should be completed based on the configuration settings of the service being used.

Mandrill
smtp.mandrillapp.com smtp --port=587 --starttls --user=mandrillaccountuser@mandrillaccountexample.com --pass=mandrillpassword

Mailgun
smtp.mailgun.org smtp --port=587 --starttls --user=mailgunaccountuser@mailgunaccountexample.com --pass=mailgunpassword

username@servername:~$ sudo service nullmailer reload

https://launchpad.net/~unpm/+archive/ubuntu/nullmailer-backport

http://opensourcehacker.com/2013/03/25/using-nullmailer-and-mandrill-for-your-ubuntu-linux-server-outboud-mail/

http://untroubled.org/nullmailer/

http://www.troubleshooters.com/linux/nullmailer/