9

Using Centos 5.4, with Postfix. I can do a

mail foo@gmail.com 
subject: blah
 test
.
Cc:

and the msg gets sent to gmail, but it resides in the spam folder, which is to be expected.

My goal is to be able to generate email msgs, and to have them appear in the regular Inbox! As I understand Postfix/Gmail, it's possible to configure Postfix to send/relay mail via the authenticated/valid user using port 587, which would no longer have the mail be seen as spam.

I've tried a number of parameters based on different sites/articles from the 'net, with no luck. Some of the articles, actually seem to conflict with other articles! I've also looked over the stacflow postings on this, but i'm still missing something... Also talked to a few people on IRC (Centos/Postfix) and still have questions..

So, i'm turning to Serverfault, once again!

If there's someone who's managed to accomplish this, would you mind posting your main.cf, sasl-passwd, and any other conf files that you use to get this working! If I can review your config files, I can hopefully see where I've screwed up, and figure out how to correct the issue.

Thanks for reading this, and any help/pointers you provide!

ps, If there is a stackflow posting that speaks to this that I may have missed, feel free to point it out to me!

-tom

voretaq7
  • 79,345
  • 17
  • 128
  • 213
tom smith
  • 441
  • 2
  • 6
  • 10

1 Answers1

19

While I haven't tried to relay through a provider using the submission port (587) it should be possible. To enable Postfix to relay you'll need to setup a file with the authenticated credentials to use and make some modifications to your /etc/postfix/main.cf config file.

The first is the authentication credentials. For this I simply use /etc/postfix/sasl_passwd which I add the appropriate line using the template:

smtp.provider.com    smtp_user:smtp_passwd

You'll want to be sure this file is protected so I recommend root:root ownership and 0600 permissions be set on it. You'll then want to run the following to create the hash mapped version as root.

postmap hash:/etc/postfix/sasl_passwd

With this out of the way turn your attention go the /etc/postfix/main.cf you may find some of the values already set so you will need to change them accordingly but the important details are as follows:

smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options =
smtp_tls_security_level = may

These will enable Postfix to be able to use the sasl_passwd file to authenticate when sending mail. You'll then need to tell Postfix it should use the provider to send the mail by adding the configuration

relayhost = smtp.provider.com:port

By default Postfix assumes port 25 if you don't specify and this has worked for me in the past. With your requested setup you'll need to specify 587 as the port. With that said I'm not sure if you'll need to modify the sasl_passwd entry to be smtp.provider.com:587 instead of simply smtp.provider.com as I've not tried doing this over a non-default port before so you'll have to try it for yourself.

These configuration steps alone are handling mail forwarding on several servers I maintain through a central mail server.

Updated to include fully working example

It actually turns out I'd configured my Ubuntu (Debian-based) laptop to use port 587 on my email provider (not-Gmail) as my DSL provider blocks outbound port 25 traffic. I updated to use one of my Gmail accounts to send mail out instead. The only change I needed to make

I'm obscuring the private data but otherwise pasting as-is working configuration for Postfix.

First we have /etc/postfix/main.cf:

# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
#smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
#smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
#smtpd_use_tls=yes
#smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_tls_security_level = may

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = example.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination = solitare, localhost.localdomain, , localhost
relayhost = smtp.gmail.com:587
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options =

Next we have /etc/postfix/sasl_passwd:

smtp.gmail.com:587  myusername@gmail.com:mypassword

I then ran the following SMTP session:

jbouse@solitare:~$ telnet localhost 25
Trying 127.0.0.1...
Connected to solitare.
Escape character is '^]'.
220 example.com ESMTP Postfix (Ubuntu)
helo localhost
250 example.com
mail from: jbouse@example.com
250 2.1.0 Ok
rcpt to: myotherusername@gmail.com
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
To: myotherusername@gmail.com
From: jbouse@example.com
Subject: Testing Postfix smarthost via Gmail
this is just a test
.
250 2.0.0 Ok: queued as 6269B280191
quit
221 2.0.0 Bye
Connection closed by foreign host.

Then I log into my myotherusername Gmail account and read the message:

Return-Path: <myotherusername@gmail.com>
Received: from example.com (mydslproviderhostname.net [x.x.x.229])
        by mx.google.com with ESMTPS id 6sm401663ywd.11.2010.03.04.19.19.58
        (version=TLSv1/SSLv3 cipher=RC4-MD5);
        Thu, 04 Mar 2010 19:19:58 -0800 (PST)
Sender: "Jeremy Bouse" <myotherusername@gmail.com>
Received: from localhost (solitare [127.0.0.1])
    by example.com (Postfix) with SMTP id 6269B280191
    for <myotherusername@gmail.com>; Thu,  4 Mar 2010 22:17:39 -0500 (EST)
To: myotherusername@gmail.com
From: jbouse@example.com
Subject: Testing Postfix smarthost via Gmail
Message-Id: <20100305031745.6269B280191@example.com>
Date: Thu,  4 Mar 2010 22:17:39 -0500 (EST)

this is just a test

Now having shown my 13 years as a systems administrator are not wasted I have email sending from my laptop through Gmail without having any need to generate a self-signed x.509 certificate as others would tell you. The key addition to the /etc/postfix/main.cf is the smtp_tls_security_level setting to may to tell Postfix that it is okay to issue the STARTTLS command when connecting to another MTA if it supports TLS. If you forget the smtp_tls_security_level setting you may see an entry in your /var/log/mail.log along the lines of:

Mar  4 22:10:58 solitare postfix/smtp[19873]: 20E07280191: to=<myotherusername@gmail.com>, relay=smtp.gmail.com[74.125.47.109]:587, delay=38, delays=38/0.03/0.08/0.01, dsn=5.7.0, status=bounced (host smtp.gmail.com[74.125.47.109] said: 530 5.7.0 Must issue a STARTTLS command first. 20sm399188ywh.48 (in reply to MAIL FROM command))

However with it set properly you should see something along the lines of:

Mar  4 22:20:00 solitare postfix/smtp[20313]: 6269B280191: to=<myotherusername@gmail.com>, relay=smtp.gmail.com[74.125.47.109]:587, delay=141, delays=110/29/0.36/1.9, dsn=2.0.0, status=sent (250 2.0.0 OK 1267759200 6sm401663ywd.11)
Jeremy Bouse
  • 11,241
  • 2
  • 27
  • 40
  • Hi Jeremy... Thanks for the reply. A few questions. I've seen net postings that have smtpd_... params.. I take I don't need those. Also, some of the articles, have/refer to TSL certs.. do I need to deal with those at all? thanks!! – tom smith Mar 04 '10 at 20:44
  • the smtpd_... params are for Postfix as a server... In the case of relaying to a smarthost Postfix is operating as a client which uses the smtp_... params. – Jeremy Bouse Mar 04 '10 at 21:43
  • This won't work, Jeremy: Gmail requires TLS and for you to generate a self-signed certificate along with it. – gravyface Mar 04 '10 at 22:09
  • 1
    gravyface, you obviously do not know what you're talking about. I suggest you go read up on SMTP & TLS/SSL/x.509 a bit as you lack the knowledge on the subject matter. – Jeremy Bouse Mar 05 '10 at 03:35
  • 1
    http://www.felipe-alfaro.org/blog/2009/05/10/have-postfix-relay-e-mail-to-gmail/ ... Second paragraph echoes my own comments... – Jeremy Bouse Mar 05 '10 at 14:58
  • 1
    Thanks for clearing that up, Jeremy. I always thought it was a little odd that you had to sign your own certificate, but in my haste (and in the many articles/tutorials I've seen) they all said to do so. Live and learn. – gravyface Mar 05 '10 at 21:41
  • You can't easily use Gmail to relay for you. Gmail will replace the From address with the authenticated sender's address, effectively making all relayed mail appear to be sent from your Gmail account. – Martijn Heemels Nov 18 '10 at 21:54
  • Martijn, you are incorrect as using Gmail to relay will not affect the From address. It will update the Return-Path header as it should for any authenticated sender but if I set Postfix up on my old laptop as documented relaying through Gmail and then setup Thunderbird on my new laptop to use the old laptop as the outgoing mail server. Send a message to my Yahoo address from my personal domain email address it shows "From:" my personal domain but the "Return-Path:" shows the Gmail account I relayed through. – Jeremy Bouse Nov 19 '10 at 00:42
  • @Jeermy BouseLeaving smtp_sasl_security_options empty is not secure in a general configuration as it will allow sending of password in plaintext. Using smtp_sasl_tls_security_options = noanonymous and not mentioning smtp_sasl_security_options at all will still make gmail work and allow plaintext logins only over TLS which remains secure. Your example works because smtp_sasl_tls_security_options has by default the same value as smtp_sasl_security_options and changing the latter changes both. See http://www.postfix.org/SASL_README.html#client_sasl_policy – Catalin Iacob Jan 11 '11 at 19:26
  • @Catalin, My configuration is in use only on a machine sitting behind a firewall so nothing except local workstations are able to make use of it. I guess I should have included a disclaimer stating this wasn't a secure configuration but a workable one. – Jeremy Bouse Jan 11 '11 at 20:18
  • Awesome post, worked perfectly right out of the box, setup and working in seconds, not minutes, on Ubuntu 9.10 32-bit desktop edition. Used synaptic to install dovecot-postfix deb package, then just pasted in the code to main.cf, etc. and changed only "example.com" to "myinternalnetwork.com". I only wonder why the emails hitting my gmail inbox show the sender as the same name as the recipient (even though I specified sender as name@myinternalnetwork.com), i.e. on the gmail inbox side sender and received both shown as "username@gmail.com" as if I had just simply sent myself an email. –  Nov 18 '10 at 21:42
  • 5 years later and this is still saving asses. Mine specifically. Thank you @JeremyBouse! – slightlyfaulty Jul 09 '15 at 21:10