Jump to content


- - - - -

how to setup postfix to send emails out with gmail


Postfix is a Mail Transport Agent (MTA), supporting LDAP, SMTP AUTH (SASL), TLS and running in a chroot environment. Postfix is Wietse Venema's mailer that started life as an alternative to the widely-used Sendmail program. Postfix attempts to be fast, easy to administer, and secure, while at the same time being sendmail compatible enough to not upset existing users. Thus, the outside has a sendmail-ish flavor, but the inside is completely different. This software was formerly known as VMailer. It was released by the end of 1998 as the IBM Secure Mailer. From then on it has lived on as Postfix. This rpm supports LDAP, SMTP AUTH (trough cyrus-sasl) and TLS. If you need MySQL too, rebuild the srpm --with mysql.
Thus, the outside has a sendmail-ish flavor, but the inside is completely different. This software was formerly known as VMailer. It was released by the end of 1998 as the IBM Secure Mailer. From then on it has lived on as Postfix. This rpm supports LDAP, SMTP AUTH (trough cyrus-sasl) and TLS.

Lets get started.

First of all we need to install postfix
sudo apt-get install postfix
sudo  /usr/lib/ssl/misc/CA.sh -newca
CA certificate filename (or enter to create)
(press Enter here)
Making CA certificate ...
Generating a 1024 bit RSA private key
..........++++++
.........++++++
writing new private key to './demoCA/private/./cakey.pem'
Enter PEM pass phrase: <type a password here>
Verifying - Enter PEM pass phrase: <retype the password>
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]: <enter>
State or Province Name (full name) [Some-State]: <enter>
Locality Name (eg, city) []: <enter>
Organization Name (eg, company) [Internet Widgits Pty Ltd]: <enter>
Organizational Unit Name (eg, section) []: <enter>
Common Name (eg, YOUR name) []: <your name>
Email Address []: <your email>

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: <enter>
An optional company name []: <enter>
Using configuration from /usr/lib/ssl/openssl.cnf
Enter pass phrase for ./demoCA/private/./cakey.pem: <same password as before>
Check that the request matches the signature
Signature ok
$ openssl genrsa -out NAS.key 1024
Generating RSA private key, 1024 bit long modulus

$ openssl req -new -key NAS.key -out NAS.csr -days 3650
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]: <enter>
State or Province Name (full name) [Some-State]: <enter>
Locality Name (eg, city) []: <enter>
Organization Name (eg, company) [Internet Widgits Pty Ltd]: <enter>
Organizational Unit Name (eg, section) []: <type something here, this must be different from above>
Common Name (eg, YOUR name) []: <your name>
Email Address []: <your email>

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: <enter>
An optional company name []: <enter>

$ openssl ca -days 3650 -crldays 3650 -out NAS.pem -infiles NAS.csr
Using configuration from /usr/lib/ssl/openssl.cnf
Enter pass phrase for ./demoCA/private/cakey.pem: <same password as before>
Check that the request matches the signature
Signature ok

Certificate is to be certified until Oct 18 11:08:58 2021 GMT (365 days)
Sign the certificate? [y/n]: <type y>


1 out of 1 certificate requests certified, commit? [y/n] <type y>
Write out database with 1 new entries
Data Base Updated





sudo mkdir /etc/postfix/certs
sudo cp NAS.key NAS.pem /etc/postfix/certs
sudo cp /etc/ssl/certs/Equifax_Secure_CA.pem /etc/postfix/certs/cacert.pem



sudo nano /etc/postfix/sasl/sasl_passwd
and enter your email account and password. You can create a new gmail account if you are not happy to leave your password in the file. Also in case you sometimes change your own gmail password, you dont have remember to change it here.

The file should look like this:
gmail-smtp.l.google.com myaccount@gmail.com:mypassword
smtp.gmail.com myaccount@gmail.com:mypassword


Change the permissions of the sasl_passwd file with:
sudo chmod 400 /etc/postfix/sasl/sasl_passwd



We want to make a backup of postfix main.cf file:
sudo cp /etc/postfix/main.cf /etc/postfix/main.cf.orig
sudo nano/etc/postfix/main.cf

This is how the main.cf will look.
# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# auth
smtp_sasl_auth_enable=yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl/sasl_passwd

# TLS client side certificate
smtp_use_tls = yes
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
smtp_tls_note_starttls_offer = yes
tls_random_source = dev:/dev/urandom
smtp_tls_scert_verifydepth = 5
smtp_tls_CAfile = /etc/postfix/certs/cacert.pem
smtp_tls_key_file=/etc/postfix/certs/NAS.key
smtp_tls_cert_file=/etc/postfix/certs/NAS.pem
smtp_tls_enforce_peername = no

# TLS parameters

smtpd_tls_ask_ccert = yes
smtpd_tls_req_ccert =no

smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = NAS
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination = NAS, localhost.localdomain, , localhost
#relayhost =
relayhost = [smtp.gmail.com]:587
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all

sudo postmap /etc/postfix/sasl/sasl_passwd

sudo /etc/init.d/postfix reload




from the box you will send emails from, login with your browser to:
http://www.google.co...ayUnlockCaptcha
and unlock your IP to allow you to send email from postfix

Open two terminals:
In one type tail -f /var/log/mail.log
and in the other do your test to send out an email:

telnet 127.0.0.1 25
EHLO test
MAIL FROM: <from-email>
RCPT TO: <recipient-email>
DATA
Type message here.
<Enter>.<Enter> (press enter, type a dot, press enter)
QUIT



0 Comments