mdadm
, but it took me a couple of separate attempts to get it configured to use Gmail as its SMTP relay. There are a lot of good Postfix tutorials out there, but this post will detail the steps I took for my particular situation. I'm currently running Ubuntu 11.10 Server 64-bit, so I needed mdadm
to be able to send me notification emails, and I already had CA and server certs for Apache and ProFTP, so I'll skip those steps here.I started out by following Ubuntu's community documentation on Postfix, which had some good information on generic configuration (I recommend using Maildir), but I ended up following a blog post by Mark Sanborn, because it focuses on using Gmail. I borrow heavily from that post, so I thank Mark for his work, but the post itself misses a couple of things that caused me trouble. Several comments to that post provided solutions, so I include those corrections.
If you need to generate certs, I suggest you follow steps 1-3 from Mark Sanborn's post, however in my example, the CA cert is
/etc/ssl/certs/cacert.pem
, the server cert is /etc/ssl/certs/hierax.crt
, and the server key is /etc/ssl/private/hierax.key
. The /etc/ssl
tree is a more appropriate location for their storage when you have multiple applications sharing certs.- Install the Postfix package.
The Postfix package is built with and so has dependencies on the encryption library packages necessary to use Gmail as an SMTP relay, so we just install postfix.
You'll have to do some initial setup during the installation, an explanation for which I suggest you read the Configuration section of the Ubuntu community documentation link above.sudo aptitude install postfix
- Install the SASL package.
Thelibsasl2-modules
package is required to use TLS which Google requires.
Most likely because I'm running the 64-bit version of Ubuntu 11.10 Server, the SASL modules were installed intosudo aptitude install libsasl2-modules
/usr/lib/x86_64-linux-gnu/sasl2/
, but Postfix expects them in/usr/lib/sasl2/
, so I created symlinks:sudo ln -s /usr/lib/x86_64-linux-gnu/sasl2/libanonymous.so /usr/lib/sasl2/libanonymous.so sudo ln -s /usr/lib/x86_64-linux-gnu/sasl2/libcrammd5.so /usr/lib/sasl2/libcrammd5.so sudo ln -s /usr/lib/x86_64-linux-gnu/sasl2/libdigestmd5.so /usr/lib/sasl2/libdigestmd5.so sudo ln -s /usr/lib/x86_64-linux-gnu/sasl2/liblogin.so /usr/lib/sasl2/liblogin.so sudo ln -s /usr/lib/x86_64-linux-gnu/sasl2/libntlm.so /usr/lib/sasl2/libntlm.so sudo ln -s /usr/lib/x86_64-linux-gnu/sasl2/libplain.so /usr/lib/sasl2/libplain.so sudo ln -s /usr/lib/x86_64-linux-gnu/sasl2/libsasldb.so /usr/lib/sasl2/libsasldb.so
- Bind Google's CA cert to ours.
Ubuntu already comes with the Equifax Secure CA cert that Google uses (it used to be Thawte Premium Server CA), so we just have to append it to our CA cert. This command will have to be run as root.sudo su - cat /etc/ssl/certs/Equifax_Secure_CA.pem >> /etc/ssl/certs/cacert.pem
- Edit the Postfix configuration file.
I can't guarantee that all of these parameters are necessary, as they're a combination of those from the two guides I linked above, but it works for me.# # TLS Settings # smtp_use_tls = yes smtp_tls_CAfile = /etc/ssl/certs/cacert.pem smtp_tls_cert_file = /etc/ssl/certs/hierax.crt smtp_tls_key_file = /etc/ssl/private/hierax.key smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtp_tls_note_starttls_offer = yes smtp_tls_security_level = encrypt tls_random_source = dev:/dev/urandom # # SASL Settings # smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_sasl_security_options = noanonymous smtp_sasl_tls_security_options = noanonymous broken_sasl_auth_clients = yes relayhost = [smtp.gmail.com]:587 transport_maps = hash:/etc/postfix/transport
- Setup the transport file.
The following line goes into/etc/postfix/transport
and tells Postfix to send all mail through gmail; see the transport man page for more information.
Next we turn the transport file into a lookup hash for Postfix; this will generate* smtp:[smtp.gmail.com]:587
/etc/postfix/transport.db
.sudo postmap /etc/postfix/transport
- Setup the SASL password file.
The SASL password file we defined above as/etc/postfix/sasl_passwd
stores login information for the SMTP server.
This file too has to be turned into a lookup hash; the resulting file is[smtp.gmail.com]:587 <your_username>@gmail.com:<your_password>
/etc/postfix/sasl_passwd.db
.sudo postmap /etc/postfix/sasl_passwd
- Restart Postfix.
You should see something like the following at the end ofsudo /etc/init.d/postfix restart
/var/log/mail.log
:Oct 15 23:03:34 hierax postfix/master[4394]: terminating on signal 15 Oct 15 23:03:35 hierax postfix/master[24450]: daemon started -- version 2.5.5, configuration /etc/postfix
- Test it out.
You can test your configuration without actually sending an email; the-bv
switch tosendmail
just sends an email report to your local mailbox for testing.
You should see something like the following at the end ofsendmail -bv <test email addr>
/var/log/mail.log
:Oct 15 23:15:16 hierax postfix/smtp[24677]: AFD01BE2DE: to=<<test email addr>>, relay=smtp.gmail.com[74.125.93.109]:587, delay=1.5, delays=0.04/0.01/1.3/0.09, dsn=2.1.5, status=deliverable (250 2.1.5 OK 6sm1385198qwk.24)
No comments:
Post a Comment