背景
希望在 bash 脚本中发送邮件,只需要纯文本邮件即可;不安装 sendmail, postfix 等服务,万一因为漏洞被坏人利用狂发垃圾邮件很麻烦,使用第三方邮件服务,如 Gmail。
这就相当于需要一款可以有 shell 调用的邮件客户端。 msmtp 正好完美匹配。
配置步骤
安装 msmtp
epel 有,直接安装即可
yum install msmtp
单用户的配置文件
msmtp 的用法还是比较丰富的,这里仅仅是为了让 Linux 下的单个用户在 shell 下使用,所以仅用最简单的配置
参照使用官方配置文件 https://marlam.de/msmtp/msmtp.html#Examples
写入文件 ~/.msmtprc ,并在其基础上做修改,有点长,但只需要修改少数几处即可
# Example for a user configuration file ~/.msmtprc # # This file focusses on TLS and authentication. Features not used here include # logging, timeouts, SOCKS proxies, TLS parameters, Delivery Status Notification # (DSN) settings, and more. # Set default values for all following accounts. defaults # Use the mail submission port 587 instead of the SMTP port 25. port 587 # Always use TLS. tls on # Set a list of trusted CAs for TLS. The default is to use system settings, but # you can select your own file. #tls_trust_file /etc/ssl/certs/ca-certificates.crt # A freemail service account gmail # Host name of the SMTP server host smtp.gmail.com # As an alternative to tls_trust_file, you can use tls_fingerprint # to pin a single certificate. You have to update the fingerprint when the # server certificate changes, but an attacker cannot trick you into accepting # a fraudulent certificate. Get the fingerprint with # $ msmtp --serverinfo --tls --tls-certcheck=off --host=smtp.freemail.example #tls_fingerprint 00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:00:11:22:33 # Envelope-from address from yourname@gmail.com # Authentication. The password is given using one of five methods, see below. auth on user yourname@gmail.com # Password method 1: Add the password to the system keyring, and let msmtp get # it automatically. To set the keyring password using Gnome's libsecret: # $ secret-tool store --label=msmtp \ # host smtp.freemail.example \ # service smtp \ # user joe.smith # Password method 2: Store the password in an encrypted file, and tell msmtp # which command to use to decrypt it. This is usually used with GnuPG, as in # this example. Usually gpg-agent will ask once for the decryption password. passwordeval "cat ~/script/gmail_login_auth.apppswd" # Password method 3: Store the password directly in this file. Usually it is not # a good idea to store passwords in cleartext files. If you do it anyway, at # least make sure that this file can only be read by yourself. #password secret123 # Password method 4: Store the password in ~/.netrc. This method is probably not # relevant anymore. # Password method 5: Do not specify a password. Msmtp will then prompt you for # it. This means you need to be able to type into a terminal when msmtp runs. # A second mail address at the same freemail service account freemail2 : gmail from joey@freemail.example # The SMTP server of your ISP account isp host mail.isp.example from smithjoe@isp.example auth on user 12345 # Set a default account account default : gmail
简单来说,这个配置文件支持配置多个邮件账户,每一个账户以 account 指令开始,后面的账户可以用前面的匹配作模板(继承),再设置有不同的配置值(覆盖)。这里只配置一个叫 gmail 的,最后定义为默认。需要注意是其中 passwordeval … 一行,其中的路径是密码保存的文件。
Gmail 配置:
gmail 不支持直接密码的用户验证,这里选用 “应用专用密码 App password”,要在 Google 账户开启二次登录验证之后才能生成应用专用密码。Gmail 似乎也不太推荐这个验证手段了,在Google账户里甚至已经没有了入口链接,而可以在 Google 账户后台里搜索”app password”或”应用专用密码“,有如下的帮助页面,上面有完整的说明,包括链接入口(https://myaccount.google.com/apppasswords)、应用专用密码的生成、管理、疑难解释等
使用应用专用密码登录 https://support.google.com/accounts/answer/185833?hl=zh-Hans
生成一个密码,按前面配置文件里指定的密码文件中路径,写入文件
调用测试
$cat <<EOF | msmtp yourname@gmail.com Subject: App passwd test for msmtp It works. EOF
这里如果没有报错,应该就能收到邮件。
Last Updated on 2025/12/23