Postfix configured with Gmail SMTP: Difference between revisions

For those who want to send email from LinuxMCE, you can configure postfix to forward mail through your gmail account.

I have created scripts that can be ingegrated ino linuxmce, or run in interactive mode.

Go to the console of your core as root.

Get the scripts:

 wget http://donpaul.info/configure_postfix.tar

Untar the scripts:

 cd /usr/pluto/bin ; tar -xvf /root/configure_postfix.tar

Run the interactive script:

 /usr/pluto/bin/Configure_Postfix_interactive.sh

If you prefer to do things yourself...

* make sure you replace "Full Name" with your name, and "user@gmail.com" with your actual gmail address. *

Install postfix

 apt-get install postfix

Create the CA:

 /usr/lib/ssl/misc/CA.pl -newca

 CA certificate filename (or enter to create)
 
 Making CA certificate ...
 Generating a 1024 bit RSA private key
 .............++++++
 ..++++++
 writing new private key to './demoCA/private/cakey.pem'
 Enter PEM pass phrase:
 Verifying - Enter PEM pass phrase:
 -----
 You are about to be asked to enter information that will be incorporated
 into your certificate request.
 What you are about to enter is what is called a Distinguished Name or a DN.
 There are quite a few fields but you can leave some blank
 For some fields there will be a default value,
 If you enter '.', the field will be left blank.
 -----
 Country Name (2 letter code) [AU]:US
 State or Province Name (full name) [Some-State]:North Carolina
 Locality Name (eg, city) []:
 Organization Name (eg, company) [Internet Widgits Pty Ltd]:LinuxMCE
 Organizational Unit Name (eg, section) []:
 Common Name (eg, YOUR name) []:Full Name
 Email Address []:email@gmail.com
 
 Please enter the following 'extra' attributes
 to be sent with your certificate request
 A challenge password []:
 An optional company name []:
 Using configuration from /usr/lib/ssl/openssl.cnf
 Enter pass phrase for ./demoCA/private/cakey.pem:
 Check that the request matches the signature
 Signature ok
 Certificate Details:
         Serial Number:
             9d:29:da:d3:76:20:17:10
         Validity
             Not Before: Mar 31 01:01:29 2009 GMT
             Not After : Mar 30 01:01:29 2012 GMT
         Subject:
            countryName               = US
            stateOrProvinceName       = North Carolina
             organizationName          = LinuxMCE
             commonName                = Full Name
             emailAddress              = usrer@gmail.com
       X509v3 extensions:
           X509v3 Subject Key Identifier:
               A0:79:00:CA:90:00:E4:81:12:00:2A:73:00:00:CA:BD:54:08:03:7B
           X509v3 Authority Key Identifier:
               keyid:A0:79:00:CA:90:00:E4:81:12:00:2A:73:00:00:CA:BD:54:08:03:7B
               DirName:/C=US/ST=North Carolina/O=LinuxMCE/CN=Full name/emailAddress=user@gmail.com
               serial:90:20:0A:03:06:00:17:10
 
           X509v3 Basic Constraints:
               CA:TRUE
 Certificate is to be certified until Mar 30 01:01:29 2012 GMT (1095 days)
 
 Write out database with 1 new entries
 Data Base Updated</nowiki>

Extend the key for 10 years

 openssl x509 -in demoCA/cacert.pem -days 3650 -out cacert.pem -signkey demoCA/private/cakey.pem

Copy the extended key

 cp cacert.pem demoCA

Generate private key

 openssl req -new -nodes -subj '/CN=dcerouter/C=US/ST=North Carolina/O=LinuxMCE/CN=Full Name/emailAddress=user@gmail.com' -keyout key.pem -out req.pem -days 3650

Sign private key

 openssl ca -out cert.pem -infiles req.pem

Copy to the postfix directory

 cp demoCA/cacert.pem /etc/postfix
 cp key.pem /etc/postfix
 cp cert.pem /etc/postfix
 chmod 644 /etc/postfix/cert.pem 
 chmod 644 /etc/postfix/cacert.pem
 chmod 400 /etc/postfix/key.pem

Install the CA Certificates

 apt-get install ca-certificates

Add Equifax certificate

 cat /etc/ssl/certs/Equifax_Secure_CA.pem >> cacert.pem

Create transport file:

 # Contents of /etc/postfix/transport
 #
 # This sends mail to Gmail
 *               smtp:[smtp.gmail.com]:587
 #local mail delivered local
 dcerouter       relay:[dcerouter]

Create generic file

 touch /etc/postfix/generic

Create sasl_passwd file:

 # Contents of /etc/postfix/sasl_passwd
 #
 [smtp.gmail.com]:587             user@gmail.com:password

Be sure to hash the files:

 postmap sasl_passwd
 postmap transport
 postmap generic

Add these lines to the bottom of /etc/postfix/main.cf

   ## TLS Settings
   smtp_tls_loglevel = 1
   smtp_enforce_tls = yes
   smtp_tls_CAfile = /etc/postfix/cacert.pem
   smtp_tls_cert_file = /etc/postfix/cert.pem
   smtp_tls_key_file = /etc/postfix/key.pem
   smtp_tls_session_cache_database = btree:/var/run/smtp_tls_session_cache
   smtp_use_tls = yes
   smtpd_tls_CAfile = /etc/postfix/cacert.pem
   smtpd_tls_cert_file = /etc/postfix/cert.pem
   smtpd_tls_key_file = /etc/postfix/key.pem
   smtpd_tls_received_header = yes
   smtpd_tls_session_cache_database = btree:/var/run/smtpd_tls_session_cache
   smtpd_use_tls = yes
   tls_random_source = dev:/dev/urandom
    
   ##  SASL Settings
   # This is going in to THIS server
   smtpd_sasl_auth_enable = no
   # We need this
   smtp_sasl_auth_enable = yes
   smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
   smtpd_sasl_local_domain = $myhostname
   smtp_sasl_security_options = noanonymous
   #smtp_sasl_security_options =
   smtp_sasl_tls_security_options = noanonymous
   smtpd_sasl_application_name = smtpd
    
   ## Gmail Relay
   relayhost = [smtp.gmail.com]:587
   
   # Disable DNS Lookups
   disable_dns_lookups = yes
   #
   # Great New feature Address Mapping 
   #  for example may mchirico@localhost to mchirico@gmail.com
   smtp_generic_maps = hash:/etc/postfix/generic
   #
   # 
   transport_maps = hash:/etc/postfix/transport

restart postfix

 /etc/init.d/postfix restart

install mailx

 apt-get install mailx

test forward

 mailx -s "testing from linuxmce" youremail@domain.com < /etc/hosts

View log

 tail /var/log/mail.log

You should see your message "Sent"