Introduction

For email notifications, Redmine supports different configuration options for outgoing email delivery. There is the SMTP (Simple Mail Transfer Protocol) plain option, which allows you to use an existing email account hosted in a private email server (the downside of this option is that the emails sent from Redmine to this server will be unsecured). There is also the SMTP using TLS (Transport Layer Security) option, which allows you to use an existing email account that supports secure SMTP such as Gmail, or a private email server that is secured with TLS.

Lastly, you can opt for the Sendmail option, which will use the Sendmail program for outgoing email delivery. This will be the focus of this tutorial.

  • What is Sendmail?

Sendmail is a lightweight MTA (Mail Transfer Agent), or server that handles delivery of email messages from an email client to an email server.

  • What is SASL?

SASL stands for Simple Authentication and Security Layer. According to Wikipedia it is a framework for authentication and data security in internet protocols. Basically, it is a module that server programs such as Sendmail use to handle user authentication.

  • What is STARTTLS?

STARTTLS is a method for upgrading server security by taking an existing insecure server connection (or port) and upgrading it to a secure connection/port via SSL/TLS. We will be using this method to secure Sendmail.

  • Why opt to use Sendmail as the email delivery method for Redmine?

I have found Sendmail to be more lightweight and easier to configure in comparison to other MTAs such as Postfix. It is also relatively simpler to secure, and you don’t need to have an existing email account or an account in a private email server to get email notifications set up.

NB: In this tutorial, I will use example.com as my example domain, and 12.34.56.78 as my example public IP address.

Install OpenSSL, Sendmail and SASL

sudo apt-get install openssl sendmail sasl2-bin

Start the SASL daemon

sudo service saslauthd start

Give your server a hostname

sudo vi /etc/hostname

I have given mine the name ‘web1’:

web1

Save and exit the file.

Configure your hosts file

sudo vi /etc/hosts

Add a second line, after localhost with your public IP address, domain name and hostname all in one line like so:

127.0.0.1 localhost
12.34.56.78 example.com web1

Restart the server for the changes to take effect.

sudo reboot

Test the changes after reboot

hostname -f

You should get printed to the console output:

example.com

Run the Sendmail configuration utility

sudo sendmailconfig

Accept all the default options in the prompts. At this point, Sendmail is up and running but not yet secure, we will secure it shortly.

Configure SASL

Edit the SASL config file

sudo vi /etc/default/saslauthd

Edit the first line to be:

START=yes

Reload the SASL daemon

sudo systemctl reload saslauthd

Configure Sendmail

Change the Sendmail main config

sudo vi /etc/mail/sendmail.mc

Add the line:

include(`/etc/mail/tls/starttls.m4')dnl

below the line:

include(`/usr/share/sendmail/cf/m4/cf.m4')dnl

Save and quit the file.

Change the Mail Submission config:

sudo vi /etc/mail/submit.mc

Add the line:

include(`/etc/mail/tls/starttls.m4')dnl

below the line:

include(`/usr/share/sendmail/cf/m4/cf.m4')dnl

Save and quit the file.

Re-run the Sendmail config utility

sudo sendmailconfig

Accept all the default options from the prompts. Now Sendmail should have STARTTLS configured correctly.

View the Sendmail Configuration

sudo sendmail -d0.1 -bv root

You should get:

Version 8.15.2
 Compiled with: DNSMAP IPV6_FULL LDAPMAP LDAP_REFERRALS LOG MAP_REGEX
		MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET NETINET6
		NETUNIX NEWDB NIS NISPLUS PIPELINING SASLv2 SCANF STARTTLS
		TCPWRAPPERS USERDB USE_LDAP_INIT XDEBUG

============ SYSTEM IDENTITY (after readcf) ============
      (short domain name) $w = example
  (canonical domain name) $j = example.com
         (subdomain name) $m = com
              (node name) $k = web1
========================================================

root... deliverable: mailer local, user root

NB: To prevent emails sent by Sendmail being flagged as spam email, you will need to take some extra measures. We will start by creating an SPF (Sender Policy Framework) record in our DNS management console.

SPF indicates to email providers such as Gmail or Outlook that the host Sendmail is running from is authorized to send emails for our domain. SPF records are usually a single string of text.

On your DNS Management Console:

Add two TXT records with the following content:

"v=spf1 a include:_spf.google.com ~all"
v=spf1 a mx ~all

Here is how it appears on my DNS Management console:

DNS SPF Records

On Your Redmine Host

Create a new Redmine global config file:

sudo cp -v /usr/share/redmine/config/configuration.yml.example /usr/share/redmine/config/configuration.yml
sudo vi /usr/share/redmine/config/configuration.yml

Uncomment the delivery_method within the sendmail block, like so:

# ==== Sendmail command
  #
  #  email_delivery:
      delivery_method: :sendmail

Save and quit the file.

Reload Apache for the changes to take effect

sudo systemctl reload apache2

On Redmine login as an admin user

Go to: Administration > Settings > Email Notifications

Change the Emission email address to:

redmine@example.com

Change the Email footer to:

You have received this notification because you have either subscribed to it, or are involved in it.
To change your notification preferences, please click here: https://example.com/redmine/my/account

You can select more options under ‘Select actions for which email notifications should be sent’.

Save the changes.

Send a test email with the new settings.

Now your Redmine installation should have email notifications correctly working.