Activities

January 2010
M T W T F S S
« Dec   Feb »
 123
45678910
11121314151617
18192021222324
25262728293031

Postfix – SMTP Relay server using gmail.

Requirements.
I need to get nagios alerts which is used to monitor LAN to my officail email. I had configured external mail server as relay. But the hosting company blocked the traffic from my network 😀 later.

Solution
Configure postfix as relay mail server which is using Google smtp.
1. Install Postfix ( yum install postfix) .You must check if the version of postfix you are using is “cyrus” enabled.

 [root@web-test1 ~]# postconf -A
       cyrus

2. Copy in a working OpenSSL config file (/etc/ssl/openssl.cnf)

 [root@web-test1 ~]# locate openssl.cnf
/etc/pki/dovecot/dovecot-openssl.cnf
<strong>/etc/pki/tls/openssl.cnf</strong>

3. make a backup of /etc/phi/tls/openssl.conf and open the file empty the content
How to empty a file
#vi /etc/phi/tls/openssl.conf then press Escape paste :1,$d then press i for edit mode then paste the content below,
#vi /etc/phi/tls/openssl.conf

# OpenSSL configuration file. ( /etc/ssl/openssl.cnf )
# Calomel.org at https://calomel.org
#
# Establish working directory.
dir= .
[ ca ]
default_ca= CA_default

[ CA_default ]
serial= $dir/serial
database= $dir/index.txt
new_certs_dir= $dir/newcerts
certificate= $dir/cacert.pem
private_key= $dir/private/cakey.pem
default_days= 3650
default_md= md5
preserve= no
email_in_dn= no
nameopt= default_ca
certopt= default_ca
policy= policy_match

[ policy_match ]
countryName= match
stateOrProvinceName= match
organizationName= match
organizationalUnitName= optional
commonName= supplied
emailAddress= optional

[ req ]
default_bits= 1024# Size of keys
default_keyfile= key.pem# name of generated keys
default_md= md5# message digest algorithm
string_mask= nombstr# permitted characters
distinguished_name= req_distinguished_name
req_extensions= v3_req

[ req_distinguished_name ]
# Variable name Prompt string
0.organizationName= Organization Name (company)
organizationalUnitName= Organizational Unit Name (department, division)
emailAddress= Email Address
emailAddress_max= 40
localityName= Locality Name (city, district)
stateOrProvinceName= State or Province Name (full name)
countryName= Country Name (2 letter code)
countryName_min= 2
countryName_max= 2
commonName= Common Name (hostname, IP, or your name)
commonName_max= 64

# Default values for the above, for consistency and less typing.
# Variable name Value
0.organizationName_default= Example
localityName_default= SomeCity
stateOrProvinceName_default= HI
countryName_default= US
commonName_default= example.org

[ v3_ca ]
basicConstraints= CA:TRUE
subjectKeyIdentifier= hash
authorityKeyIdentifier= keyid:always,issuer:always

[ v3_req ]
basicConstraints= CA:FALSE
subjectKeyIdentifier= hash

4. Create a temporary folder for generating ssl certificates
#mkdir /tmp/ssl
#cd /tmp/ssl
#mkdir newcerts private
#echo ’01’ > serial
#touch index.txt
5. Creating ssl certificate files.
#openssl req -new -x509 -keyout private/cakey.pem -out cacert.pem
It will ask something about you.
Create a Public Certificate
#openssl req -new -nodes -subj ‘/CN=Organization Name/O=Example/C=IN/ST=Mycity/emailAddress=admin@doman.com’ -keyout example_gmail-key.pem -out example_gmail-req.pem

Pls note that both information should be same on giving commands.
6. Sign your Certificate.
#openssl ca -out example_gmail-cert.pem -infiles example_gmail-req.pem
7. Copy the Certificates into the Postfix directory and set permissions.
#cp cacert.pem example_gmail-key.pem example_gmail-cert.pem /etc/postfix/
#chmod 644 /etc/postfix/cacert.pem /etc/postfix/example_gmail-cert.pem
#chmod 400 /etc/postfix/example_gmail-key.pem
8. Download the root certificates from http://www.thawte.com/roots/
# wget https://www.verisign.com/support/thawte-roots.zip
9.

# cat  Thawte Roots/Thawte Personal Root Certificates/Thawte Personal Premium <strong>CA/Thawte Personal Premium CA.txt</strong> >> /etc/postfix/cacert.pem

10. Open postfix configuration file and add/modify the line.
for me i used to add the lines at the end of the file.

### GMAIL Relay Host and Smtp-Auth options
relayhost = [smtp.gmail.com]:587
smtp_tls_CAfile = /etc/postfix/cacert.pem
smtp_tls_cert_file = /etc/postfix/example_gmail-cert.pem
smtp_tls_key_file = /etc/postfix/example_gmail-key.pem
smtp_tls_session_cache_database = btree:/var/run/smtp_tls_session_cache
smtp_use_tls = yes
smtpd_tls_CAfile = /etc/postfix/cacert.pem
smtpd_tls_cert_file = /etc/postfix/example_gmail-cert.pem
smtpd_tls_key_file = /etc/postfix/example_gmail-key.pem
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database = btree:/var/run/smtpd_tls_session_cache
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
smtpd_sasl_auth_enable = no
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtpd_sasl_local_domain = $myhostname
smtp_sasl_security_options = noanonymous
#smtp_sasl_security_options =
smtp_sasl_tls_security_options = noanonymous
smtpd_sasl_application_name = smtpd

10. Make a Postfix SASL2 username and password file.

#cat ” [smtp.gmail.com]:587 mygmailid@gmail.com:mygmailpassd” >
/etc/postfix/sasl_passwd
#postmap /etc/postfix/sasl_passwd

It’s the time to check the configuration.
#service postfix restart
# echo ” This is my posftfix mail ” | mail -s ” postfix relay server testing ” myemailid@mydomain.com
then check the postfix server logs to see what is happening ..
#tail -f /var/log/maillog

Hopefully you will get a mail shortly 🙂

This is help me very much to touble to get LAN nagios alerts at office time. i’m really thankful a thread on https://calomel.org regarding this.

1 comment to Postfix – SMTP Relay server using gmail.

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>