just something that came up while setting up a monitoring script using mailx, figured ill note it down here so i can get it to easily later when I need it 😀
- You need to enable smtp basic Auth on Office 365 for the account used for authentication
- Create an App password for the user account
- nssdb folder must be available and readable by the user running the mailx command
Assuming all of the above prerequisite are $true we can proceed with the setup
sudo dnf install mailx
make sure the nssdb folder must be available and readable by the user running the mailx command
certutil -L -d /etc/pki/nssdb
The Output might be empty, but that’s ok; this is there if you need to add a locally signed cert or another CA cert manually, Microsoft Certs are trusted by default if you are on an up to date operating system with the local System-wide Trust Store
Reference – RHEL-sec-shared-system-certificates
Configure Mailx config file
sudo nano /etc/mail.rc
Append/prepend the following lines and Comment out or remove the same lines already defined on the existing config files
set smtp=smtp.office365.com set smtp-auth-user=###[email protected]### set smtp-auth-password=##Office365-App-password# set nss-config-dir=/etc/pki/nssdb/ set ssl-verify=ignore set smtp-use-starttls set from="###[email protected]###"
This is the bare minimum needed other switches are located here – link
echo "Your message is sent!" | mailx -v -s "test" [email protected]
-v switch will print the verbos debug log to console
Connecting to 22.214.171.124:smtp . . . connected. 220 xxde10CA0031.outlook.office365.com Microsoft ESMTP MAIL Service ready at Sun, 6 Aug 2023 22:14:56 +0000 >>> EHLO vls-xxx.multicastbits.local 250-MN2PR10CA0031.outlook.office365.com Hello [126.96.36.199] 250-SIZE 157286400 250-PIPELINING 250-DSN 250-ENHANCEDSTATUSCODES 250-STARTTLS 250-8BITMIME 250-BINARYMIME 250-CHUNKING 250 SMTPUTF8 >>> STARTTLS 220 2.0.0 SMTP server ready >>> EHLO vls-xxx.multicastbits.local 250-xxde10CA0031.outlook.office365.com Hello [188.8.131.52] 250-SIZE 157286400 250-PIPELINING 250-DSN 250-ENHANCEDSTATUSCODES 250-AUTH LOGIN XOAUTH2 250-8BITMIME 250-BINARYMIME 250-CHUNKING 250 SMTPUTF8 >>> AUTH LOGIN 334 VXNlcm5hbWU6 >>> Zxxxxxxxxxxxc0BmdC1zeXMuY29t 334 UGsxxxxxmQ6 >>> c2Rxxxxxxxxxxducw== 235 2.7.0 Authentication successful >>> MAIL FROM:<###[email protected]###> 250 2.1.0 Sender OK >>> RCPT TO:<[email protected]> 250 2.1.5 Recipient OK >>> DATA 354 Start mail input; end with <CRLF>.<CRLF> >>> . 250 2.0.0 OK <[email protected]> [Hostname=Bsxsss744.namprd11.prod.outlook.com] >>> QUIT 221 2.0.0 Service closing transmission channel
Now you can use this in your automation scripts or timers using the mailx command
#!/bin/bash log_file="/etc/app/runtime.log" recipient="[email protected]" subject="Log file from /etc/app/runtime.log" # Check if the log file exists if [ ! -f "$log_file" ]; then echo "Error: Log file not found: $log_file" exit 1 fi # Use mailx to send the log file as an attachment echo "Sending log file..." mailx -s "$subject" -a "$log_file" -r "[email protected]" "$recipient" < /dev/null echo "Log file sent successfully."
sudo chown root:root /etc/mail.rc sudo chmod 600 /etc/mail.rc
The above commands change the file’s owner and group to root, then set the file permissions to
600, which means only the owner (root) has read and write permissions and other users have no access to the file.
Use Environment Variables: Avoid storing sensitive information like passwords directly in the
mail.rc file, consider using environment variables for sensitive data and reference those variables in the configuration.
For example, in the
mail.rc file, you can set:
You can set the variable using another config file or store it in the Ansible vault during runtime or use something like Hashicorp.
Sure, I would just use Python or PowerShell core, but you will run into more locked-down environments like OCI-managed DB servers with only Mailx is preinstalled and the only tool you can use 🙁
the Fact that you are here means you are already in the same boat. Hope this helped… until next time