Postfix configured with Gmail SMTP
From LinuxMCE
Revision as of 02:22, 31 March 2009 by Dpaul (Talk | contribs) (New page: Category:Tutorials == Configure Postfix to send mail using Gmail SMTP servers == For those who want to send email from LinuxMCE, you can configure postfix to forward mail through you...)
Configure Postfix to send mail using Gmail SMTP servers
For those who want to send email from LinuxMCE, you can configure postfix to forward mail through your gmail account.
Install and Configure Postfix
Create the CA:
/usr/lib/ssl/misc/CA.pl -newca
CA certificate filename (or enter to create) Making CA certificate ... Generating a 1024 bit RSA private key .............++++++ ..++++++ writing new private key to './demoCA/private/cakey.pem' Enter PEM pass phrase: Verifying - Enter PEM pass phrase: ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:US State or Province Name (full name) [Some-State]:North Carolina Locality Name (eg, city) []: Organization Name (eg, company) [Internet Widgits Pty Ltd]:LinuxMCE Organizational Unit Name (eg, section) []: Common Name (eg, YOUR name) []:Full Name Email Address []:email@gmail.com Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: Using configuration from /usr/lib/ssl/openssl.cnf Enter pass phrase for ./demoCA/private/cakey.pem: Check that the request matches the signature Signature ok Certificate Details: Serial Number: 9d:29:da:d3:76:20:17:10 Validity Not Before: Mar 31 01:01:29 2009 GMT Not After : Mar 30 01:01:29 2012 GMT Subject: countryName = US stateOrProvinceName = North Carolina organizationName = LinuxMCE commonName = Full Name emailAddress = usrer@gmail.com X509v3 extensions: X509v3 Subject Key Identifier: A0:79:00:CA:90:00:E4:81:12:00:2A:73:00:00:CA:BD:54:08:03:7B X509v3 Authority Key Identifier: keyid:A0:79:00:CA:90:00:E4:81:12:00:2A:73:00:00:CA:BD:54:08:03:7B DirName:/C=US/ST=North Carolina/O=LinuxMCE/CN=Full name/emailAddress=user@gmail.com serial:90:20:0A:03:06:00:17:10 X509v3 Basic Constraints: CA:TRUE Certificate is to be certified until Mar 30 01:01:29 2012 GMT (1095 days) Write out database with 1 new entries Data Base Updated</nowiki>
Extend the key for 10 years
openssl x509 -in demoCA/cacert.pem -days 3650 -out cacert.pem -signkey demoCA/private/cakey.pem
Copy the extended key
cp cacert.pem demoCA
Generate private key
openssl req -new -nodes -subj '/CN=dcerouter/C=US/ST=North Carolina/O=LinuxMCE/CN=Full Name/emailAddress=user@gmail.com' -keyout key.pem -out req.pem -days 3650
Sign private key
openssl ca -out cert.pem -infiles req.pem
copy to the postfix directory
cp demoCA/cacert.pem /etc/postfix cp key.pem /etc/postfix cp cert.pem /etc/postfix chmod 644 /etc/postfix/cert.pem chmod 644 /etc/postfix/cacert.pem chmod 400 /etc/postfix/key.pem
Install the CA Certificates
apt-get install ca-certificates
Add thawte certificate
cat /etc/ssl/certs/Thawte_Premium_Server_CA.pem >> cacert.pem
Create transport file:
# Contents of /etc/postfix/transport # # This sends mail to Gmail * smtp:[smtp.gmail.com]:587 #local mail delivered local dcerouter relay:[dcerouter]
Create generic file
# touch /etc/postfix/generic
Create sasl_passwd file:
# Contents of /etc/postfix/sasl_passwd # [smtp.gmail.com]:587 user@gmail.com:password
Be sure to hash the files:
postmap sasl_passwd postmap transport postmap generic
Add these lines to the bottom of /etc/postfix/main.cf
## TLS Settings smtp_tls_loglevel = 1 smtp_enforce_tls = yes smtp_tls_CAfile = /etc/postfix/cacert.pem smtp_tls_cert_file = /etc/postfix/cert.pem smtp_tls_key_file = /etc/postfix/key.pem smtp_tls_session_cache_database = btree:/var/run/smtp_tls_session_cache smtp_use_tls = yes smtpd_tls_CAfile = /etc/postfix/cacert.pem smtpd_tls_cert_file = /etc/postfix/cert.pem smtpd_tls_key_file = /etc/postfix/key.pem smtpd_tls_received_header = yes smtpd_tls_session_cache_database = btree:/var/run/smtpd_tls_session_cache smtpd_use_tls = yes tls_random_source = dev:/dev/urandom ## SASL Settings # This is going in to THIS server smtpd_sasl_auth_enable = no # We need this smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtpd_sasl_local_domain = $myhostname smtp_sasl_security_options = noanonymous #smtp_sasl_security_options = smtp_sasl_tls_security_options = noanonymous smtpd_sasl_application_name = smtpd ## Gmail Relay relayhost = [smtp.gmail.com]:587 # Disable DNS Lookups disable_dns_lookups = yes # # Great New feature Address Mapping # for example may mchirico@localhost to mchirico@gmail.com smtp_generic_maps = hash:/etc/postfix/generic # # transport_maps = hash:/etc/postfix/transport
restart postfix
/etc/init.d/postfix restart
install mailx
apt-get install mailx
test forward
mailx -s "testing from linuxmce" youremail@domain.com < /etc/hosts
View log
tail /var/log/mail.log
You should see your message "Sent"