[GH-ISSUE #550] How to include username and password for sendmail? #355

New issue

Closed

opened 2026-03-15 14:03:51 +03:00 by kerem · 5 comments

kerem commented 2026-03-15 14:03:51 +03:00

Owner

Copy link

Originally created by @mbomb007 on GitHub (Aug 13, 2025).
Original GitHub issue: https://github.com/axllent/mailpit/issues/550

The docs describe how to require username/password for SMTP.

https://mailpit.axllent.org/docs/configuration/smtp/

However, the docs for sendmail don't show a way to include the defined credentials, and sendmail doesn't work anymore if I use something like this:

sendmail_path = /usr/local/bin/mailpit --smtp-auth-file /etc/mailpit-smtp-creds sendmail -t

https://mailpit.axllent.org/docs/install/sendmail/

How does one do this?

Originally created by @mbomb007 on GitHub (Aug 13, 2025). Original GitHub issue: https://github.com/axllent/mailpit/issues/550 The docs describe how to require username/password for SMTP. https://mailpit.axllent.org/docs/configuration/smtp/ However, the docs for sendmail don't show a way to include the defined credentials, and sendmail doesn't work anymore if I use something like this: ```ini sendmail_path = /usr/local/bin/mailpit --smtp-auth-file /etc/mailpit-smtp-creds sendmail -t ``` https://mailpit.axllent.org/docs/install/sendmail/ How does one do this?

kerem closed this issue 2026-03-15 14:03:56 +03:00

kerem commented 2026-03-15 14:04:02 +03:00

Author

Owner

Copy link

@axllent commented on GitHub (Aug 14, 2025):

Hi @mbomb007. There isn't currently any way to configure the sendmail CLI with authentication. This was an intentional decision made based on the fact that the majority (if not all) of other sendmail clients do not support authentication. Typically if you're wanting to use authentication then you would be sending emails with an SMTP-compliant application (ie: the application does the SMTP exchange for you, rather than routing via sendmail). The --smtp-auth-file option is for the SMTP (SMTP server), not the sendmail client.

Can you please provide a bit more information about your setup and why you need sendmail to support authentication?

<!-- gh-comment-id:3187054723 --> @axllent commented on GitHub (Aug 14, 2025): Hi @mbomb007. There isn't currently any way to configure the sendmail CLI with authentication. This was an intentional decision made based on the fact that the majority (if not all) of other sendmail clients do not support authentication. Typically if you're wanting to use authentication then you would be sending emails with an SMTP-compliant application (ie: the application does the SMTP exchange for you, rather than routing via sendmail). The `--smtp-auth-file` option is for the SMTP (SMTP server), not the sendmail client. Can you please provide a bit more information about your setup and why you need sendmail to support authentication?

kerem commented 2026-03-15 14:04:07 +03:00

Author

Owner

Copy link

@mbomb007 commented on GitHub (Aug 14, 2025):

I'm using sendmail to send mail to the SMTP server. However, the SMTP server continues to show up in security scans as unsecured, since any machine can send email to the port (testable using telnet). I only use the server for mail from localhost, so I was trying to require a password on the server and have sendmail use it.

<!-- gh-comment-id:3188537786 --> @mbomb007 commented on GitHub (Aug 14, 2025): I'm using sendmail to send mail to the SMTP server. However, the SMTP server continues to show up in security scans as unsecured, since any machine can send email to the port (testable using telnet). I only use the server for mail from localhost, so I was trying to require a password on the server and have sendmail use it.

kerem commented 2026-03-15 14:04:12 +03:00

Author

Owner

Copy link

@mbomb007 commented on GitHub (Aug 14, 2025):

In the end, though, we did decide it wasn't a real vulnerability, since the mail just ends up in the pit (relay defaults to off) and the only risk is malicious links in a suspicious email. Since sendmail can't be configured that way, I think if I wanted to secure it I would have to use a firewall rule.

<!-- gh-comment-id:3188544524 --> @mbomb007 commented on GitHub (Aug 14, 2025): In the end, though, we did decide it wasn't a real vulnerability, since the mail just ends up in the pit (relay defaults to off) and the only risk is malicious links in a suspicious email. Since sendmail can't be configured that way, I think if I wanted to secure it I would have to use a firewall rule.

kerem commented 2026-03-15 14:04:17 +03:00

Author

Owner

Copy link

@axllent commented on GitHub (Aug 14, 2025):

You can also tell Mailpit to only listen locally for SMTP connections using --smtp 127.0.0.1:1025 or MP_SMTP_BIND_ADDR="127.0.0.1:1025".

<!-- gh-comment-id:3189682390 --> @axllent commented on GitHub (Aug 14, 2025): You can also tell Mailpit to only listen locally for SMTP connections using `--smtp 127.0.0.1:1025` or `MP_SMTP_BIND_ADDR="127.0.0.1:1025"`.

kerem commented 2026-03-15 14:04:22 +03:00

Author

Owner

Copy link

@mbomb007 commented on GitHub (Aug 14, 2025):

Ah, that's helpful. Thank you!

<!-- gh-comment-id:3189700202 --> @mbomb007 commented on GitHub (Aug 14, 2025): Ah, that's helpful. Thank you!

kerem referenced this issue 2026-03-15 14:23:41 +03:00

[PR #355] [CLOSED] Chore: Bump bootstrap5-tags from 1.7.4 to 1.7.5 #525

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

develop

master

v1.29.7

v1.29.6

v1.29.5

v1.29.4

v1.29.3

v1.29.2

v1.29.1

v1.29.0

v1.28.4

v1.28.3

v1.28.2

v1.28.1

v1.28.0

v1.27.11

v1.27.10

v1.27.9

v1.27.8

v1.27.7

v1.27.6

v1.27.5

v1.27.4

v1.27.3

v1.27.2

v1.27.1

v1.27.0

v1.26.2

v1.26.1

v1.26.0

v1.25.1

v1.25.0

v1.24.2

v1.24.1

v1.24.0

v1.23.2

v1.23.1

v1.23.0

v1.22.3

v1.22.2

v1.22.1

v1.22.0

v1.21.8

v1.21.7

v1.21.6

v1.21.5

v1.21.4

v1.21.3

v1.21.2

v1.21.1

v1.21.0

v1.20.7

v1.20.6

v1.20.5

v1.20.4

v1.20.3

v1.20.2

v1.20.1

v1.20.0

v1.19.3

v1.19.2

v1.19.1

v1.19.0

v1.18.7

v1.18.6

v1.18.5

v1.18.4

v1.18.3

v1.18.2

v1.18.1

v1.18.0

v1.17.1

v1.17.0

v1.16.0

v1.15.1

v1.15.0

v1.14.4

v1.14.3

v1.14.2

v1.14.1

v1.14.0

v1.13.3

v1.13.2

v1.13.1

v1.13.0

v1.12.1

v1.12.0

v1.11.1

v1.11.0

v1.10.4

v1.10.3

v1.10.2

v1.10.1

v1.10.0

v1.9.10

v1.9.9

v1.9.8

v1.9.7

v1.9.6

v1.9.5

v1.9.4

v1.9.3

v1.9.2

v1.9.1

v1.9.0

v1.8.4

v1.8.3

v1.8.2

v1.8.1

v1.8.0

v1.7.1

v1.7.0

v1.6.22

v1.6.21

v1.6.20

v1.6.19

v1.6.18

v1.6.17

v1.6.16

v1.6.15

v1.6.14

v1.6.13

v1.6.12

v1.6.11

v1.6.10

v1.6.9

v1.6.8

v1.6.7

v1.6.6

v1.6.5

v1.6.4

v1.6.3

v1.6.2

v1.6.1

v1.6.0

v1.5.5

v1.5.4

v1.5.3

v1.5.2

v1.5.1

v1.5.0

v1.4.0

v1.3.11

v1.3.10

v1.3.9

v1.3.8

v1.3.7

v1.3.6

v1.3.5

v1.3.4

v1.3.3

v1.3.2

v1.3.1

v1.3.0

v1.2.9

v1.2.8

v1.2.7

v1.2.6

1.2.5

1.2.4

1.2.3

1.2.2

1.2.1

1.2.0

1.1.7

1.1.6

1.1.5

1.1.4

1.1.3

1.1.2

1.1.1

1.1.0

1.0.0

1.0.0-beta1

0.1.5

0.1.4

0.1.3

0.1.2

0.1.1

0.1.0

0.0.9

0.0.8

0.0.7

0.0.6

0.0.5

0.0.4

0.0.3

0.0.2

0.0.1-beta

Labels

Clear labels   

awaiting feedback

  

bug

  

docker

  

documentation

  

enhancement

  

github_actions

  

invalid

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

stale

  

wontfix

No labels

awaiting feedback

bug

docker

documentation

enhancement

github_actions

invalid

pull-request

question

stale

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/mailpit#355

No description provided.