Postfix configured with Gmail SMTP

From LinuxMCE
Revision as of 19:36, 16 February 2012 by Sedgington (Talk | contribs) (The /usr/pluto/bin directory already contains Configure_Postfix_interactive.sh do not follow the steps for installing as the file it links to will not untar. Just run the script)

(diff) ←Older revision | view current revision (diff) | Newer revision→ (diff)
Jump to: navigation, search


Configure Postfix to send mail using Gmail SMTP servers

For those who want to send email from LinuxMCE, you can configure postfix to forward mail through your gmail account.

Please NOTE: The /usr/pluto/bin directory already contains Configure_Postfix_interactive.sh Do NOT follow the steps for installing as the file in the link will not untar once downloaded.

Just run the script in /usr/pluto/bin directory.

This has been rolled into the web admin now and should not be done manually!

Confirmed working with 810

Automatic Install and Configure Postfix

I have created scripts that can be ingegrated ino linuxmce, or run in interactive mode.

Go to the console of your core as root.

Get the scripts:

 wget http://donpaul.info/configure_postfix.tar

Untar the scripts:

 cd /usr/pluto/bin ; tar -xvf /root/configure_postfix.tar

Run the interactive script:

 /usr/pluto/bin/Configure_Postfix_interactive.sh

Manual Install and Configure Postfix

If you prefer to do things yourself...

* make sure you replace "Full Name" with your name, and "user@gmail.com" with your actual gmail address. *

Install postfix

 apt-get install postfix

Create the CA:

 /usr/lib/ssl/misc/CA.pl -newca
 CA certificate filename (or enter to create)
 
 Making CA certificate ...
 Generating a 1024 bit RSA private key
 .............++++++
 ..++++++
 writing new private key to './demoCA/private/cakey.pem'
 Enter PEM pass phrase:
 Verifying - Enter PEM pass phrase:
 -----
 You are about to be asked to enter information that will be incorporated
 into your certificate request.
 What you are about to enter is what is called a Distinguished Name or a DN.
 There are quite a few fields but you can leave some blank
 For some fields there will be a default value,
 If you enter '.', the field will be left blank.
 -----
 Country Name (2 letter code) [AU]:US
 State or Province Name (full name) [Some-State]:North Carolina
 Locality Name (eg, city) []:
 Organization Name (eg, company) [Internet Widgits Pty Ltd]:LinuxMCE
 Organizational Unit Name (eg, section) []:
 Common Name (eg, YOUR name) []:Full Name
 Email Address []:email@gmail.com
 
 Please enter the following 'extra' attributes
 to be sent with your certificate request
 A challenge password []:
 An optional company name []:
 Using configuration from /usr/lib/ssl/openssl.cnf
 Enter pass phrase for ./demoCA/private/cakey.pem:
 Check that the request matches the signature
 Signature ok
 Certificate Details:
         Serial Number:
             9d:29:da:d3:76:20:17:10
         Validity
             Not Before: Mar 31 01:01:29 2009 GMT
             Not After : Mar 30 01:01:29 2012 GMT
         Subject:
            countryName               = US
            stateOrProvinceName       = North Carolina
             organizationName          = LinuxMCE
             commonName                = Full Name
             emailAddress              = usrer@gmail.com
       X509v3 extensions:
           X509v3 Subject Key Identifier:
               A0:79:00:CA:90:00:E4:81:12:00:2A:73:00:00:CA:BD:54:08:03:7B
           X509v3 Authority Key Identifier:
               keyid:A0:79:00:CA:90:00:E4:81:12:00:2A:73:00:00:CA:BD:54:08:03:7B
               DirName:/C=US/ST=North Carolina/O=LinuxMCE/CN=Full name/emailAddress=user@gmail.com
               serial:90:20:0A:03:06:00:17:10
 
           X509v3 Basic Constraints:
               CA:TRUE
 Certificate is to be certified until Mar 30 01:01:29 2012 GMT (1095 days)
 
 Write out database with 1 new entries
 Data Base Updated</nowiki>

Extend the key for 10 years

 openssl x509 -in demoCA/cacert.pem -days 3650 -out cacert.pem -signkey demoCA/private/cakey.pem

Copy the extended key

 cp cacert.pem demoCA

Generate private key

 openssl req -new -nodes -subj '/CN=dcerouter/C=US/ST=North Carolina/O=LinuxMCE/CN=Full Name/emailAddress=user@gmail.com' -keyout key.pem -out req.pem -days 3650

Sign private key

 openssl ca -out cert.pem -infiles req.pem

Copy to the postfix directory

 cp demoCA/cacert.pem /etc/postfix
 cp key.pem /etc/postfix
 cp cert.pem /etc/postfix
 chmod 644 /etc/postfix/cert.pem 
 chmod 644 /etc/postfix/cacert.pem
 chmod 400 /etc/postfix/key.pem

Install the CA Certificates

 apt-get install ca-certificates

Add Equifax certificate

 cat /etc/ssl/certs/Equifax_Secure_CA.pem >> cacert.pem

Create transport file:

 # Contents of /etc/postfix/transport
 #
 # This sends mail to Gmail
 *               smtp:[smtp.gmail.com]:587
 #local mail delivered local
 dcerouter       relay:[dcerouter]

Create generic file

 touch /etc/postfix/generic

Create sasl_passwd file:

 # Contents of /etc/postfix/sasl_passwd
 #
 [smtp.gmail.com]:587             user@gmail.com:password

Be sure to hash the files:

 postmap sasl_passwd
 postmap transport
 postmap generic

Add these lines to the bottom of /etc/postfix/main.cf

   ## TLS Settings
   smtp_tls_loglevel = 1
   smtp_enforce_tls = yes
   smtp_tls_CAfile = /etc/postfix/cacert.pem
   smtp_tls_cert_file = /etc/postfix/cert.pem
   smtp_tls_key_file = /etc/postfix/key.pem
   smtp_tls_session_cache_database = btree:/var/run/smtp_tls_session_cache
   smtp_use_tls = yes
   smtpd_tls_CAfile = /etc/postfix/cacert.pem
   smtpd_tls_cert_file = /etc/postfix/cert.pem
   smtpd_tls_key_file = /etc/postfix/key.pem
   smtpd_tls_received_header = yes
   smtpd_tls_session_cache_database = btree:/var/run/smtpd_tls_session_cache
   smtpd_use_tls = yes
   tls_random_source = dev:/dev/urandom
    
   ##  SASL Settings
   # This is going in to THIS server
   smtpd_sasl_auth_enable = no
   # We need this
   smtp_sasl_auth_enable = yes
   smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
   smtpd_sasl_local_domain = $myhostname
   smtp_sasl_security_options = noanonymous
   #smtp_sasl_security_options =
   smtp_sasl_tls_security_options = noanonymous
   smtpd_sasl_application_name = smtpd
    
   ## Gmail Relay
   relayhost = [smtp.gmail.com]:587
   
   # Disable DNS Lookups
   disable_dns_lookups = yes
   #
   # Great New feature Address Mapping 
   #  for example may mchirico@localhost to mchirico@gmail.com
   smtp_generic_maps = hash:/etc/postfix/generic
   #
   # 
   transport_maps = hash:/etc/postfix/transport

restart postfix

 /etc/init.d/postfix restart

install mailx

 apt-get install mailx

test forward

 mailx -s "testing from linuxmce" youremail@domain.com < /etc/hosts

View log

 tail /var/log/mail.log

You should see your message "Sent"