How to install and configure MSMTP on OSX?

Question

Following the instructions on ArchLinux to install and configure msmtp does not work. The file /etc/ssl/certs/ca-certificates.crt or anything like it is missing, and trying to use msmtp to send mail will result in a certificate error.

What is an alternate configuration for OSX High Sierra so that msmtp can be used to send mail like in the tutorial?

Note: I answered this question for myself some time ago and decided it's useful and worth sharing, so I created this question and answer. It would be nice if someone with more knowledge of certificates and fingerprints could provide a higher quality answer with more detail and background information about the difference between using a certificate or a fingerprint, for example.

Note years later: I know it's a self answered Q/A but this has 1k views so maybe remember to upvote a useful Q/A.

Answer 1

You can use the tls_fingerprint field in ~/.msmtprc instead of tls_trust_file. To generate the field value for tls_fingerprint, you can run the command

msmtp --serverinfo --tls --tls-certcheck=off --host=smtp.gmail.com --port=587 | egrep -o "([0-9A-Za-z]{2}:){31}[0-9A-Za-z]{2}"

tls_fingerprint and tls_trust_file are mutually exclusive, so do not try to use both, or msmtp will have a configuration error.

Here is a script you can run to install and configure msmtp for use with a gmail account on either Ubuntu 18 or Mac OSX High Sierra.

Answer 2

An alternative method that works for me and avoids the issue of the tls_fingerprint expiring.

Use MacPorts to install the curl CA bundle:

sudo port install curl-ca-bundle

Locate the bundle:

port contents curl-ca-bundle

Port curl-ca-bundle contains:
  /opt/local/etc/openssl/cert.pem
  /opt/local/share/curl/curl-ca-bundle.crt

Add the following line to .msmptrc

tls_trust_file /opt/local/share/curl/curl-ca-bundle.crt

It works:

Hatchet:~ me$ mail me@mac.com
Subject: Hi Mike
done
.
EOT

No error. From the log file:

exitcode=EX_OK