Sendmail is a classic mail transfer agent (MTA) in the world of Unix-like systems. It’s design is simple, and worked well for many setups for decades. For many scenarios it still works. For others, it does not.
Sendmail as a system-wide tool ¶
Sendmail is typically set up by a system administrator and configured to relay
emails from any local user via some administrator-defined mechanism. This
doesn’t play well with typical multi-users systems as we see today, especially
if they each have their own different mailbox providers and accounts. One user
might want their email to be sent via their provider,
another user uses
another-example.com for their email services.
Even for single-user systems,
sendmail needs access to the credentials to
forward emails via the user’s email account.
sendmail is then exposed to all
processes of the local system. So a developer working on and running an
application that sends emails might accidentally start sending emails via their
own account – without any prior confirmation. The same is true for misbehaving
programs and it’s an incredibly juice target for exploits.
However, many tools have come to support simply running
sendmail to send
emails, so maintaining its interface is quite valuable.
We can do better ¶
The solution should start becoming obvious by now. A new tools is needed with a few specific requirements.
First of all, it needs to be per-user configurable. So each user can specify their own email provider and credentials and have their messages relayed through it.
In second place, the tool needs to prompt the user for some for of confirmation before sending emails. This feature is very easy to get for free: assuming that the tool relays emails via an SMTP that requires authentication, it will have to read the credentials from the user’s secret store. The secret store should prompt the user before disclosing credentials, at which point the user has the opportunity to confirm granting access to their SMTP.
Finally, the tool should retain the same API as
any other program that usually works with
sendmail will work with this