Natural Born Coder

Postfix Relay via Gmail

by

doozer
in

I’ve got a Linux bux that I use as a webserver and media centre. Since it runs 24/7 and is world facing I wan’t to be able to monitor it and the easiest way to do that is to have it send me emails about it’s status. For example every night I want to receive and email about what package updates there are waiting to be installed. I’ve chosen to set up Postfix so that it relays email via my personal Gmail account as this is quick to set up and easy to manage.

Obviously I’m not the first person to have done this but I couldn’t find a set of instructions that exactly matched my installation. The references section at the end of these instructions covers the main resources that I used but I also read a number of other pages.

I’m running Kubunut 11.10 which comes complete with Postfix 2.8.5 at the time of writing. The verison number of your Postfix install can be found with:

postconf -d mail_version

Any version from 2.2 onwards should work with these instructions though. As well as Postfix you’ll also need openssl and ca-certificates installed to provide encryption facilities. I wouldn’t even bother checking though, if you’ve done a regular install you’ll have everything you need.

It’s probably worth pointing out that this set up is not really suitable for a multi-user system since all email sent by the system will have a copy place in the sent mail folder of the user defined in the sasl_passwd file. For a multi-user system you’ll want to set up a proper (local) mail server.

Configuring the Postfix Server

A pretty standard set up for relaying through a Google account is shown below.

relayhost = smtp.gmail.com:587

#SASL Configuration
smtp_sasl_auth_enable = yes
smtp_sasl_path = smtpd
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_auth_enable = yes
smtp_cname_overrides_servername = no
smtp_sasl_security_options = noanonymous
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtp_use_tls  = yes

The first couple of lines just set up the host. The first line of note start relayhost and it tells Postfix that it should relay mail through another host and in this case it’s smtp.gmail.com:587. The port number is important since Google don’t accept mail on port 25.

Next comes a block of SASL configuration. Just copy this verbatim as it should work with most servers. The only settings you might like to fiddle with is smtp_sasl_security_options since this controls whether the password is send clear text.

Note that you shouldn’t include myhostname and mydomain settings if you want to alias local accounts to a remote address. If you include these two settings the address will be re-written to be “user@myhostname.mydomain”  when you try to send email to “user” which will then fail when it gets passed onto the relay host. This wont be a problem if you only send email to remote addresses.

Setting up a Password

Now that the server is configured to relay emails you need to provide it with the user name and password that it will authenticate with. To do this you need to create a plain text file which contains your login details and then hash it for Postfix. First create the password file

sudo touch /etc/postfic/sasl_passwd
sudo chmod 600 /etc/postfix/sasl_passwd
sudo emacs /etc/postfix/sasl_passwd

When the file opens enter a single line susbstituting appropriately

smtp.gmail.com:587 username:password

Note that I’ve configured the file to be read only for root. This is necessary as it contains your plain text password to connect to your acocunt. Now use this file to create the password database

sudo postmap hash:/etc/postfix/sasl_passwd

You should now have a file /etc/postfix/sasl_passwd.db (make sure this has permissions of 600 as well) this is the file that Postfix looks up the relayhost on. You can check that the database has been created properly with the command

sudo postmap -q smtp.gmail.com:587 /etc/postfix/sasl_passwd

which should display the username and password that will be used by Postfix when authenticating. If you want you can now delete your plain text file ifyou want. Restart Postfix

sudo /etc/init.d/postfix restart

and test that mail can be sent from the command line with

mail -s "Test 1" example@example.com

Press return at the Cc prompt and Ctrl-D on a blank line when you’ve finished adding body text. If all has gone to plan when you check the mail for example@example.com you should find an email waiting for you.

A Note on Certificates

Strictly speaking you should include the configuration parameter: smtp_tls_CSfile since it tells Postfix where to look for the CA certificates that it will us to confim that the Google mail server is actually the Google mail server. The system will, however, work quite happily without this setting it will just issue a warning everytime you try to relay an email.

Some of the other instuction pages for setting up this type of relaying go to huge lengths to set up client certificates etc etc. None of that is necessary since Google mail servers only support password authentication at the moment.

Debugging

If you run in to problems with the set up first check that all the setting names are correct (I managed to spell smtp incorrectly and copy pased it all over the place first time around) after that try tailing the log file to see what the mail server is doing

tail -f /var/log/mail.log

Unlike some pieces of software the Postfix log messages are actually quite informative when something goes wrong.

References