12 files changed, 87 insertions, 312 deletions
diff --git a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
index be38e3fb389..d49a997918c 100644
--- a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
+++ b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
@@ -464,6 +464,44 @@
       </listitem>
       <listitem>
         <para>
+          <literal>pkgs.ssmtp</literal> has been dropped due to the
+          program being unmaintained. <literal>pkgs.msmtp</literal> can
+          be used instead as a substitute <literal>sendmail</literal>
+          implementation. The corresponding options
+          <literal>services.ssmtp.*</literal> have been removed as well.
+          <literal>programs.msmtp.*</literal> can be used instead for an
+          equivalent setup. For example:
+        </para>
+        <programlisting language="bash">
+{
+  # Original ssmtp configuration:
+  services.ssmtp = {
+    enable = true;
+    useTLS = true;
+    useSTARTTLS = true;
+    hostName = &quot;smtp.example:587&quot;;
+    authUser = &quot;someone&quot;;
+    authPassFile = &quot;/secrets/password.txt&quot;;
+  };
+
+  # Equivalent msmtp configuration:
+  programs.msmtp = {
+    enable = true;
+    accounts.default = {
+      tls = true;
+      tls_starttls = true;
+      auth = true;
+      host = &quot;smtp.example&quot;;
+      port = 587;
+      user = &quot;someone&quot;;
+      passwordeval = &quot;cat /secrets/password.txt&quot;;
+    };
+  };
+}
+</programlisting>
+      </listitem>
+      <listitem>
+        <para>
           <literal>services.kubernetes.addons.dashboard</literal> was
           removed due to it being an outdated version.
         </para>
diff --git a/nixos/doc/manual/release-notes/rl-2205.section.md b/nixos/doc/manual/release-notes/rl-2205.section.md
index 4fddd34d447..a5bcd09211c 100644
--- a/nixos/doc/manual/release-notes/rl-2205.section.md
+++ b/nixos/doc/manual/release-notes/rl-2205.section.md
@@ -150,6 +150,39 @@ In addition to numerous new and upgraded packages, this release has the followin
 - `security.klogd` was removed.  Logging of kernel messages is handled
   by systemd since Linux 3.5.
 
+- `pkgs.ssmtp` has been dropped due to the program being unmaintained.
+  `pkgs.msmtp` can be used instead as a substitute `sendmail` implementation.
+  The corresponding options `services.ssmtp.*` have been removed as well.
+  `programs.msmtp.*` can be used instead for an equivalent setup. For example:
+
+  ```nix
+  {
+    # Original ssmtp configuration:
+    services.ssmtp = {
+      enable = true;
+      useTLS = true;
+      useSTARTTLS = true;
+      hostName = "smtp.example:587";
+      authUser = "someone";
+      authPassFile = "/secrets/password.txt";
+    };
+
+    # Equivalent msmtp configuration:
+    programs.msmtp = {
+      enable = true;
+      accounts.default = {
+        tls = true;
+        tls_starttls = true;
+        auth = true;
+        host = "smtp.example";
+        port = 587;
+        user = "someone";
+        passwordeval = "cat /secrets/password.txt";
+      };
+    };
+  }
+  ```
+
 - `services.kubernetes.addons.dashboard` was removed due to it being an outdated version.
 
 - `services.kubernetes.scheduler.{port,address}` now set `--secure-port` and `--bind-address` instead of `--port` and `--address`, since the former have been deprecated and are no longer functional in kubernetes>=1.23. Ensure that you are not relying on the insecure behaviour before upgrading.
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
index 4c882707c5f..c6008864e8b 100644
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@@ -205,7 +205,6 @@
   ./programs/spacefm.nix
   ./programs/singularity.nix
   ./programs/ssh.nix
-  ./programs/ssmtp.nix
   ./programs/sysdig.nix
   ./programs/systemtap.nix
   ./programs/starship.nix
diff --git a/nixos/modules/programs/ssmtp.nix b/nixos/modules/programs/ssmtp.nix
deleted file mode 100644
index b454bf35229..00000000000
--- a/nixos/modules/programs/ssmtp.nix
+++ /dev/null
@@ -1,190 +0,0 @@
-# Configuration for `ssmtp', a trivial mail transfer agent that can
-# replace sendmail/postfix on simple systems.  It delivers email
-# directly to an SMTP server defined in its configuration file, without
-# queueing mail locally.
-
-{ config, lib, pkgs, ... }:
-
-with lib;
-
-let
-  cfg = config.services.ssmtp;
-
-in
-{
-
-  imports = [
-    (mkRenamedOptionModule [ "networking" "defaultMailServer" "directDelivery" ] [ "services" "ssmtp" "enable" ])
-    (mkRenamedOptionModule [ "networking" "defaultMailServer" "hostName" ] [ "services" "ssmtp" "hostName" ])
-    (mkRenamedOptionModule [ "networking" "defaultMailServer" "domain" ] [ "services" "ssmtp" "domain" ])
-    (mkRenamedOptionModule [ "networking" "defaultMailServer" "root" ] [ "services" "ssmtp" "root" ])
-    (mkRenamedOptionModule [ "networking" "defaultMailServer" "useTLS" ] [ "services" "ssmtp" "useTLS" ])
-    (mkRenamedOptionModule [ "networking" "defaultMailServer" "useSTARTTLS" ] [ "services" "ssmtp" "useSTARTTLS" ])
-    (mkRenamedOptionModule [ "networking" "defaultMailServer" "authUser" ] [ "services" "ssmtp" "authUser" ])
-    (mkRenamedOptionModule [ "networking" "defaultMailServer" "authPassFile" ] [ "services" "ssmtp" "authPassFile" ])
-    (mkRenamedOptionModule [ "networking" "defaultMailServer" "setSendmail" ] [ "services" "ssmtp" "setSendmail" ])
-
-    (mkRemovedOptionModule [ "networking" "defaultMailServer" "authPass" ] "authPass has been removed since it leaks the clear-text password into the world-readable store. Use authPassFile instead and make sure it's not a store path")
-    (mkRemovedOptionModule [ "services" "ssmtp" "authPass" ] "authPass has been removed since it leaks the clear-text password into the world-readable store. Use authPassFile instead and make sure it's not a store path")
-  ];
-
-  options = {
-
-    services.ssmtp = {
-
-      enable = mkOption {
-        type = types.bool;
-        default = false;
-        description = ''
-          Use the trivial Mail Transfer Agent (MTA)
-          <command>ssmtp</command> package to allow programs to send
-          e-mail.  If you don't want to run a “real” MTA like
-          <command>sendmail</command> or <command>postfix</command> on
-          your machine, set this option to <literal>true</literal>, and
-          set the option
-          <option>services.ssmtp.hostName</option> to the
-          host name of your preferred mail server.
-        '';
-      };
-
-      settings = mkOption {
-        type = with types; attrsOf (oneOf [ bool str ]);
-        default = {};
-        description = ''
-          <citerefentry><refentrytitle>ssmtp</refentrytitle><manvolnum>5</manvolnum></citerefentry> configuration. Refer
-          to <link xlink:href="https://linux.die.net/man/5/ssmtp.conf"/> for details on supported values.
-        '';
-        example = literalExpression ''
-          {
-            Debug = true;
-            FromLineOverride = false;
-          }
-        '';
-      };
-
-      hostName = mkOption {
-        type = types.str;
-        example = "mail.example.org";
-        description = ''
-          The host name of the default mail server to use to deliver
-          e-mail. Can also contain a port number (ex: mail.example.org:587),
-          defaults to port 25 if no port is given.
-        '';
-      };
-
-      root = mkOption {
-        type = types.str;
-        default = "";
-        example = "root@example.org";
-        description = ''
-          The e-mail to which mail for users with UID &lt; 1000 is forwarded.
-        '';
-      };
-
-      domain = mkOption {
-        type = types.str;
-        default = "";
-        example = "example.org";
-        description = ''
-          The domain from which mail will appear to be sent.
-        '';
-      };
-
-      useTLS = mkOption {
-        type = types.bool;
-        default = false;
-        description = ''
-          Whether TLS should be used to connect to the default mail
-          server.
-        '';
-      };
-
-      useSTARTTLS = mkOption {
-        type = types.bool;
-        default = false;
-        description = ''
-          Whether the STARTTLS should be used to connect to the default
-          mail server.  (This is needed for TLS-capable mail servers
-          running on the default SMTP port 25.)
-        '';
-      };
-
-      authUser = mkOption {
-        type = types.str;
-        default = "";
-        example = "foo@example.org";
-        description = ''
-          Username used for SMTP auth. Leave blank to disable.
-        '';
-      };
-
-      authPassFile = mkOption {
-        type = types.nullOr types.str;
-        default = null;
-        example = "/run/keys/ssmtp-authpass";
-        description = ''
-          Path to a file that contains the password used for SMTP auth. The file
-          should not contain a trailing newline, if the password does not contain one
-          (e.g. use <command>echo -n "password" > file</command>).
-          This file should be readable by the users that need to execute ssmtp.
-        '';
-      };
-
-      setSendmail = mkOption {
-        type = types.bool;
-        default = true;
-        description = "Whether to set the system sendmail to ssmtp's.";
-      };
-
-    };
-
-  };
-
-
-  config = mkIf cfg.enable {
-
-    assertions = [
-      {
-        assertion = cfg.useSTARTTLS -> cfg.useTLS;
-        message = "services.ssmtp.useSTARTTLS has no effect without services.ssmtp.useTLS";
-      }
-    ];
-
-    services.ssmtp.settings = mkMerge [
-      ({
-        MailHub = cfg.hostName;
-        FromLineOverride = mkDefault true;
-        UseTLS = cfg.useTLS;
-        UseSTARTTLS = cfg.useSTARTTLS;
-      })
-      (mkIf (cfg.root != "") { root = cfg.root; })
-      (mkIf (cfg.domain != "") { rewriteDomain = cfg.domain; })
-      (mkIf (cfg.authUser != "") { AuthUser = cfg.authUser; })
-      (mkIf (cfg.authPassFile != null) { AuthPassFile = cfg.authPassFile; })
-    ];
-
-    # careful here: ssmtp REQUIRES all config lines to end with a newline char!
-    environment.etc."ssmtp/ssmtp.conf".text = with generators; toKeyValue {
-      mkKeyValue = mkKeyValueDefault {
-        mkValueString = value:
-          if value == true then "YES"
-          else if value == false then "NO"
-          else mkValueStringDefault {} value
-        ;
-      } "=";
-    } cfg.settings;
-
-    environment.systemPackages = [pkgs.ssmtp];
-
-    services.mail.sendmailSetuidWrapper = mkIf cfg.setSendmail {
-      program = "sendmail";
-      source = "${pkgs.ssmtp}/bin/sendmail";
-      setuid = false;
-      setgid = false;
-      owner = "root";
-      group = "root";
-    };
-
-  };
-
-}
diff --git a/nixos/modules/rename.nix b/nixos/modules/rename.nix
index 72395b2ee86..1d226276493 100644
--- a/nixos/modules/rename.nix
+++ b/nixos/modules/rename.nix
@@ -69,6 +69,11 @@ with lib;
     '')
     (mkRemovedOptionModule [ "services" "quagga" ] "the corresponding package has been removed from nixpkgs")
     (mkRemovedOptionModule [ "services" "seeks" ] "")
+    (mkRemovedOptionModule [ "services" "ssmtp" ] ''
+      The ssmtp package and the corresponding module have been removed due to
+      the program being unmaintained. The options `programs.msmtp.*` can be
+      used instead.
+    '')
     (mkRemovedOptionModule [ "services" "venus" ] "The corresponding package was removed from nixpkgs.")
     (mkRemovedOptionModule [ "services" "wakeonlan"] "This module was removed in favor of enabling it with networking.interfaces.<name>.wakeOnLan")
     (mkRemovedOptionModule [ "services" "winstone" ] "The corresponding package was removed from nixpkgs.")
diff --git a/nixos/modules/services/monitoring/nagios.nix b/nixos/modules/services/monitoring/nagios.nix
index 2c7f0ed1966..69173ce4e44 100644
--- a/nixos/modules/services/monitoring/nagios.nix
+++ b/nixos/modules/services/monitoring/nagios.nix
@@ -102,8 +102,8 @@ in
 
       plugins = mkOption {
         type = types.listOf types.package;
-        default = with pkgs; [ monitoring-plugins ssmtp mailutils ];
-        defaultText = literalExpression "[pkgs.monitoring-plugins pkgs.ssmtp pkgs.mailutils]";
+        default = with pkgs; [ monitoring-plugins msmtp mailutils ];
+        defaultText = literalExpression "[pkgs.monitoring-plugins pkgs.msmtp pkgs.mailutils]";
         description = "
           Packages to be added to the Nagios <envar>PATH</envar>.
           Typically used to add plugins, but can be anything.
diff --git a/nixos/tests/mailcatcher.nix b/nixos/tests/mailcatcher.nix
index d7858ab354b..f23b749a021 100644
--- a/nixos/tests/mailcatcher.nix
+++ b/nixos/tests/mailcatcher.nix
@@ -9,8 +9,13 @@ import ./make-test-python.nix ({ lib, ... }:
     {
       services.mailcatcher.enable = true;
 
-      services.ssmtp.enable = true;
-      services.ssmtp.hostName = "localhost:1025";
+      programs.msmtp = {
+        enable = true;
+        accounts.default = {
+          host = "localhost";
+          port = 1025;
+        };
+      };
 
       environment.systemPackages = [ pkgs.mailutils ];
     };
diff --git a/pkgs/tools/networking/ssmtp/default.nix b/pkgs/tools/networking/ssmtp/default.nix
deleted file mode 100644
index ec309a4a2ce..00000000000
--- a/pkgs/tools/networking/ssmtp/default.nix
+++ /dev/null
@@ -1,45 +0,0 @@
-{ lib, stdenv, fetchurl, tlsSupport ? true, openssl }:
-
-stdenv.mkDerivation rec {
-  pname = "ssmtp";
-  version = "2.64";
-
-  src = fetchurl {
-    url = "mirror://debian/pool/main/s/ssmtp/ssmtp_${version}.orig.tar.bz2";
-    sha256 = "0dps8s87ag4g3jr6dk88hs9zl46h3790marc5c2qw7l71k4pvhr2";
-  };
-
-  # A request has been made to merge this patch into ssmtp.
-  # See: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858781
-  patches = [ ./ssmtp_support_AuthPassFile_parameter.patch ];
-
-  configureFlags = [
-    "--sysconfdir=/etc"
-    (lib.enableFeature tlsSupport "ssl")
-  ];
-
-  postConfigure = ''
-    # Don't run the script that interactively generates a config file.
-    # Also don't install the broken, cyclic symlink /lib/sendmail.
-    sed -e '/INSTALLED_CONFIGURATION_FILE/d' \
-        -e 's|/lib/sendmail|$(TMPDIR)/sendmail|' \
-        -i Makefile
-    substituteInPlace Makefile \
-      --replace '$(INSTALL) -s' '$(INSTALL) -s --strip-program $(STRIP)'
-  '';
-
-  installFlags = [ "etcdir=$(out)/etc" ];
-
-  installTargets = [ "install" "install-sendmail" ];
-
-  buildInputs = lib.optional tlsSupport openssl;
-
-  NIX_LDFLAGS = lib.optionalString tlsSupport "-lcrypto";
-
-  meta = with lib; {
-    description = "simple MTA to deliver mail from a computer to a mail hub";
-    platforms = platforms.linux;
-    license = licenses.gpl2;
-    maintainers = with maintainers; [ basvandijk ];
-  };
-}
diff --git a/pkgs/tools/networking/ssmtp/ssmtp_support_AuthPassFile_parameter.patch b/pkgs/tools/networking/ssmtp/ssmtp_support_AuthPassFile_parameter.patch
deleted file mode 100644
index 371c0f6de2b..00000000000
--- a/pkgs/tools/networking/ssmtp/ssmtp_support_AuthPassFile_parameter.patch
+++ /dev/null
@@ -1,69 +0,0 @@
-diff -Naurb a/ssmtp.c b/ssmtp.c
---- a/ssmtp.c	2009-11-23 10:55:11.000000000 +0100
-+++ b/ssmtp.c	2017-03-25 03:00:26.508283016 +0100
-@@ -57,6 +57,7 @@
- char arpadate[ARPADATE_LENGTH];
- char *auth_user = (char)NULL;
- char *auth_pass = (char)NULL;
-+char *auth_passfile = (char)NULL;
- char *auth_method = (char)NULL;		/* Mechanism for SMTP authentication */
- char *mail_domain = (char)NULL;
- char *from = (char)NULL;		/* Use this as the From: address */
-@@ -1053,6 +1054,15 @@
- 					log_event(LOG_INFO, "Set AuthPass=\"%s\"\n", auth_pass);
- 				}
- 			}
-+			else if(strcasecmp(p, "AuthPassFile") == 0 && !auth_passfile) {
-+				if((auth_passfile = strdup(q)) == (char *)NULL) {
-+					die("parse_config() -- strdup() failed");
-+				}
-+
-+				if(log_level > 0) {
-+					log_event(LOG_INFO, "Set AuthPassFile=\"%s\"\n", auth_passfile);
-+				}
-+			}
- 			else if(strcasecmp(p, "AuthMethod") == 0 && !auth_method) {
- 				if((auth_method = strdup(q)) == (char *)NULL) {
- 					die("parse_config() -- strdup() failed");
-@@ -1415,6 +1425,8 @@
- 	struct passwd *pw;
- 	int i, sock;
- 	uid_t uid;
-+	FILE *fp;
-+	char pass_buf[BUF_SZ+1];
- 	bool_t minus_v_save, leadingdot, linestart = True;
- 	int timeout = 0;
- 	int bufsize = sizeof(b)-1;
-@@ -1433,6 +1445,17 @@
- 		log_event(LOG_INFO, "%s not found", config_file);
- 	}
- 
-+	if(auth_passfile != (char *)NULL) {
-+		if((fp = fopen(auth_passfile, "r")) == (FILE *)NULL) {
-+			  die("Could not open the AuthPassFile %s", auth_passfile);
-+		}
-+		if (fgets(pass_buf, BUF_SZ, fp) == NULL) {
-+			die("Error while reading a line from the AuthPassFile %s, or it is empty", auth_passfile);
-+		}
-+		fclose(fp);
-+		auth_pass = strdup(pass_buf);
-+	}
-+
- 	if((p = strtok(pw->pw_gecos, ";,"))) {
- 		if((gecos = strdup(p)) == (char *)NULL) {
- 			die("ssmtp() -- strdup() failed");
-diff -Naurb a/ssmtp.conf.5 b/ssmtp.conf.5
---- a/ssmtp.conf.5	2008-02-29 03:50:15.000000000 +0100
-+++ b/ssmtp.conf.5	2017-03-25 01:45:52.890165426 +0100
-@@ -61,6 +61,11 @@
- .Pp
- .It Cm AuthPass
- The password to use for SMTP AUTH.
-+It is recommended to use AuthPassFile which also takes precedence over AuthPass.
-+.Pp
-+.It Cm AuthPassFile
-+A file that should contain the password to use for SMTP AUTH.
-+This takes precedence over AuthPass.
- .Pp
- .It Cm AuthMethod
- The authorization method to use.
diff --git a/pkgs/top-level/aliases.nix b/pkgs/top-level/aliases.nix
index 62e809c01a6..1e5688a453e 100644
--- a/pkgs/top-level/aliases.nix
+++ b/pkgs/top-level/aliases.nix
@@ -1207,6 +1207,7 @@ mapAliases ({
   sqliteInteractive = throw "'sqliteInteractive' has been renamed to/replaced by 'sqlite-interactive'"; # Converted to throw 2022-02-22
   squid4 = squid;  # added 2019-08-22
   sshfsFuse = throw "'sshfsFuse' has been renamed to/replaced by 'sshfs-fuse'"; # Converted to throw 2022-02-22
+  ssmtp = throw "'ssmtp' has been removed due to the software being unmaintained. 'msmtp' can be used as a replacement"; # Added 2022-04-17
   stanchion = throw "Stanchion was part of riak-cs which is not maintained anymore"; # added 2020-10-14
   steam-run-native = steam-run; # added 2022-02-21
   stumpwm-git = throw "stumpwm-git has been broken for a long time and lispPackages.stumpwm follows Quicklisp that is close to git version"; # Added 2021-05-09
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index c818f46df93..7d3d71538c8 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -10231,8 +10231,6 @@ with pkgs;
 
   sshoogr = callPackage ../tools/networking/sshoogr { };
 
-  ssmtp = callPackage ../tools/networking/ssmtp { };
-
   ssocr = callPackage ../applications/misc/ssocr { };
 
   ssss = callPackage ../tools/security/ssss { };
diff --git a/pkgs/top-level/release-small.nix b/pkgs/top-level/release-small.nix
index a267b20d667..7bf4a234bb6 100644
--- a/pkgs/top-level/release-small.nix
+++ b/pkgs/top-level/release-small.nix
@@ -124,7 +124,7 @@ with import ./release-lib.nix { inherit supportedSystems nixpkgsArgs; };
   smartmontools = all;
   sqlite = unix; # Cygwin builds fail
   squid = linux;
-  ssmtp = linux;
+  msmtp = linux;
   stdenv = all;
   strace = linux;
   su = linux;