Postfix relay via gmail

Issues related to applications and software problems
Post Reply
hunter86_bg
Posts: 2019
Joined: 2015/02/17 15:14:33
Location: Bulgaria
Contact:

Postfix relay via gmail

Post by hunter86_bg » 2017/08/07 19:28:40

Hello community,

many of the linux utilities/programs support mail reporting. This ,of course, will be useless without sending your e-mail to the real world.

Here is a short guide how to turn your machine into a relay server for your lan and also to relay all mails (not destined to you) via gmail.
1.Enable "less secure apps" on the following link (I will try to set it up with the 2-step auth,but for now - this is it)
2.You may need to install additional software. Here are my versions:

Code: Select all

# rpm -qa | grep sasl
cyrus-sasl-plain-2.1.26-21.el7.x86_64
cyrus-sasl-2.1.26-21.el7.x86_64
cyrus-sasl-lib-2.1.26-21.el7.x86_64
cyrus-sasl-md5-2.1.26-21.el7.x86_64
cyrus-sasl-scram-2.1.26-21.el7.x86_64
cyrus-sasl-gssapi-2.1.26-21.el7.x86_64
3.Create your sasl_password:

Code: Select all

# cat /etc/postfix/sasl_passwd
[smtp.gmail.com]:587 <my_email>@gmail.com:<my_password>
4.Create your tls_policy:

Code: Select all

# cat /etc/postfix/tls_policy
[smtp.gmail.com]:587 encrypt
5.Change the permissions of both sasl_password and tls_policy:

Code: Select all

chmod 600 /etc/postfix/{sasl_passwd,tls_policy}
6.Update postfix with your newly created files:

Code: Select all

postmap /etc/postfix/sasl_passwd && postmap /etc/postfix/tls_policy
7.Edit your postfix main configuration file.Here is mine:

Code: Select all

# grep -Ev "^$|^#" /etc/postfix/main.cf 
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
mail_owner = postfix
myhostname = <Desktop.example.com>
mydomain = <example.com>
myorigin = $mydomain
inet_interfaces = all
inet_protocols = all
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
unknown_local_recipient_reject_code = 550
mynetworks = <192.168.122.0/24, 192.168.100.0/24, 127.0.0.0/8>
relayhost = [smtp.gmail.com]:587
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
 
  
debug_peer_level = 2
debugger_command =
	 PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
	 ddd $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.10.1/samples
readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
smtp_use_tls = yes
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = 
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
smtp_tls_security_level = encrypt
smtp_tls_CAfile = /etc/pki/tls/cert.pem
8.Restart postfix:

Code: Select all

systemctl restart postfix.service
9.Test (if you want to use "mail" command - you will need 'mailx' package):

Code: Select all

echo TEST | mail -s TEST some_email@somedomain.com && postqueue -p
10.OPTIONAL -> you can check /usr/share/doc/postfix-*/README_FILES/STANDARD_CONFIGURATION_README how to configure null clients (lan machines, VMs,etc. ) to use your host as relayhost.

If you have any ideas,comments,remarks - don't hesitate to comment.

simon_lefisch
Posts: 92
Joined: 2017/07/12 21:02:02

Re: Postfix relay via gmail

Post by simon_lefisch » 2017/08/08 16:32:48

hunter86_bg wrote:Hello community,

many of the linux utilities/programs support mail reporting. This ,of course, will be useless without sending your e-mail to the real world.

Here is a short guide how to turn your machine into a relay server for your lan and also to relay all mails (not destined to you) via gmail.
1.Enable "less secure apps" on the following link (I will try to set it up with the 2-step auth,but for now - this is it)
2.You may need to install additional software. Here are my versions:

Code: Select all

# rpm -qa | grep sasl
cyrus-sasl-plain-2.1.26-21.el7.x86_64
cyrus-sasl-2.1.26-21.el7.x86_64
cyrus-sasl-lib-2.1.26-21.el7.x86_64
cyrus-sasl-md5-2.1.26-21.el7.x86_64
cyrus-sasl-scram-2.1.26-21.el7.x86_64
cyrus-sasl-gssapi-2.1.26-21.el7.x86_64
3.Create your sasl_password:

Code: Select all

# cat /etc/postfix/sasl_passwd
[smtp.gmail.com]:587 <my_email>@gmail.com:<my_password>
4.Create your tls_policy:

Code: Select all

# cat /etc/postfix/tls_policy
[smtp.gmail.com]:587 encrypt
5.Change the permissions of both sasl_password and tls_policy:

Code: Select all

chmod 600 /etc/postfix/{sasl_passwd,tls_policy}
6.Update postfix with your newly created files:

Code: Select all

postmap /etc/postfix/sasl_passwd && postmap /etc/postfix/tls_policy
7.Edit your postfix main configuration file.Here is mine:

Code: Select all

# grep -Ev "^$|^#" /etc/postfix/main.cf 
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
mail_owner = postfix
myhostname = <Desktop.example.com>
mydomain = <example.com>
myorigin = $mydomain
inet_interfaces = all
inet_protocols = all
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
unknown_local_recipient_reject_code = 550
mynetworks = <192.168.122.0/24, 192.168.100.0/24, 127.0.0.0/8>
relayhost = [smtp.gmail.com]:587
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
 
  
debug_peer_level = 2
debugger_command =
	 PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
	 ddd $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.10.1/samples
readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
smtp_use_tls = yes
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = 
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
smtp_tls_security_level = encrypt
smtp_tls_CAfile = /etc/pki/tls/cert.pem
8.Restart postfix:

Code: Select all

systemctl restart postfix.service
9.Test (if you want to use "mail" command - you will need 'mailx' package):

Code: Select all

echo TEST | mail -s TEST some_email@somedomain.com && postqueue -p
10.OPTIONAL -> you can check /usr/share/doc/postfix-*/README_FILES/STANDARD_CONFIGURATION_README how to configure null clients (lan machines, VMs,etc. ) to use your host as relayhost.

If you have any ideas,comments,remarks - don't hesitate to comment.
Is there any way to send an email without having a domain to send from? i.e. the senders name is alerts@myserver.localdomain. Been trying to figure this out but cant get it going. I know I'm missing something that's probably easy.
Hardware:
Supermicro X10SRi-F mobo
E5-2683v4 16-core CPU
112GB ECC RAM
2x 250GB SSD RAID1 (current CentOS 7 version)
2x 500GB SSD RAID1 (VM Disk Image Storage)
2x 4TB HDD RAID1 (Backup Storage via FreeNAS VM)
2X 6TB HDD RAID1 (Data Storage via FreeNAS VM)

hunter86_bg
Posts: 2019
Joined: 2015/02/17 15:14:33
Location: Bulgaria
Contact:

Re: Postfix relay via gmail

Post by hunter86_bg » 2017/08/08 16:46:15

You can define it as:

Code: Select all

mydomain = localdomain
It shouldn't affect the relay, but it won't send any emails destined to "someone@localdomain"

hunter86_bg
Posts: 2019
Joined: 2015/02/17 15:14:33
Location: Bulgaria
Contact:

Re: Postfix relay via gmail

Post by hunter86_bg » 2020/03/05 21:50:49

Due to security restrictions , the pass in step 3 must be a gmail app password instead of your gmail login pass.

Post Reply