Some Linux utilities will send mail from a local address with no @ sign, like "cron" , to a local email address like "root" (again, no "@" sign or domain).
While msmtp
has features to alter the envelope sender and recipient, it doesn't alter the "To:" or "From:" message itself.
When the Envelope doesn't match these details, it can be considered spam. AWS SES is an example of an SMTP service that won't accept mail addressed to "root", even if the Envelope recipient is valid. But sending out cron mails is exactly the kind of thing that msmtp
should be good for!
One issue about this in the msmtp
bug tracker is here:
marlam/msmtp#98
So I propose that the Ansible role introduce a small feature to address, since the msmtp
maintainer considers it out of scope.
I successfully tested the solution of adding my own sendmail
wrapper. In my case, I hard-coded an email address to use, but a proper solution could use a template variable and a variable for this:
#!/usr/bin/sh
# If either the "From" or "To" contain a bare local address like just "root"
# Then rewrite that to be [email protected]
# This feature is missing from msmtp.
# Ref: https://github.com/marlam/msmtp-mirror/issues/98
sed -e '/From:[^@]*$/ s/From:.*$/From: [email protected]/;/To:[^@]*$/ s/To:.*$/To: [email protected]/;' | /usr/bin/msmtp $@
Then in Ansible:
- name: Install mstmp wrapper to fix local addresses
tags: mail
ansible.builtin.copy:
src: usr/local/sbin/sendmail
dest: /usr/local/sbin/sendmail
# Must be setuid
mode: "u+rwx,g=sr,o=x"
group: msmtp
I tested this with the mail
app (mailx) on Ubuntu 22. It relies on clients looking up sendmail in $PATH. If some place has hardcoded the path to /usr/sbin/sendmail, my fix wouldn't cover that since I don't replace that file.