Setting up Postfix to relay through GMail in Gentoo

Home

Problem

I recently needed to setup mail forwarding from my Gentoo web hosting box out to my "real world" email address. Incidentally this happens to be a Google Apps email address but for the purposes of this document I have indicated it as
user@gmail.com
.

Solution

I previously had
ssmtp
installed on the system (by default) which was able to route to external TLD's but seemed to fail when a
revalias
was used for local accounts. After spending too much time trying to figure it out, Postfix was picked as an alternative (v2.3.6).
host ~ # emerge -C ssmtp host ~ # USE="sasl ssl" emerge -av postfix
For my application, I simply want to forward all email (from root and my user account) out to my GMail account, and I have found that the following achieves this (local mail update below).

Firstly, we configure Postfix through the
/etc/postfix/main.cf
file. The following ammendments were made:
inet_interfaces = 127.0.0.1 # only visible internally relayhost = [smtp.gmail.com]:587 smtp_use_tls = yes smtp_tls_CAfile = /etc/postfix/cacert.pem smtp_tls_cert_file = /etc/postfix/FOO-cert.pem smtp_tls_key_file = /etc/postfix/FOO-key.pem smtp_tls_session_cache_database = btree:/var/run/smtp_tls_session_cache smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtpd_sasl_local_domain = $myhostname smtp_sasl_security_options = noanonymous
The following guide was used to create the TLS certificate files (*.pem): http://souptonuts.sourceforge.net/postfix_tutorial.html. The quick wrap up:
host ~ # /etc/ssl/misc/CA.pl -newca host ~ # openssl req -new -nodes -subj '/CN=domain.com/O=Name/C=US/ST=State/L=Location/emailAddress=user@gmail.com' -keyout FOO-key.pem -out FOO-req.pem -days 3650 host ~ # openssl ca -out FOO-cert.pem -infiles FOO-req.pem host ~ # cp demoCA/cacert.pem FOO-key.pem FOO-cert.pem /etc/postfix host ~ # chmod 644 /etc/postfix/FOO-cert.pem /etc/postfix/cacert.pem host ~ # chmod 400 /etc/postfix/FOO-key.pem
Secondly, setup the
/etc/postfix/sasl_password
file, as follows:
[smtp.gmail.com]:587 user@gmail.com:password
with the associated hash file (
/etc/postfix/sasl_password.db
) and with appropriate permissions
host /etc/postfix # postmap sasl_password # this creates sasl_password.db host /etc/postfix # chmod 600 sasl_password host /etc/postifx # chmod 600 sasl_password.db
And finally, specify the local forwards:
user@host ~ $ echo 'user@gmail.com' > ~/.forward

Testing

Lets start the daemon and try sending an email,
host ~ # /etc/init.d/postfix start * Starting postfix ... [ ok ] host ~ # mail user Subject: test message this is a test message Cc: host ~ # tail /var/log/messages Oct 4 04:35:47 host postfix/pickup[32541]: 7FF791FF30: uid=0 from=<root> Oct 4 04:35:47 host postfix/cleanup[32559]: 7FF791FF30: message-id=<20071004113547.7FF791FF30@host.domain> Oct 4 04:35:47 host postfix/qmgr[27276]: 7FF791FF30: from=<root@host.domain>, size=347, nrcpt=1 (queue active) Oct 4 04:35:47 host postfix/cleanup[32559]: 861341FF2C: message-id=<20071004113547.7FF791FF30@host.domain> Oct 4 04:35:47 host postfix/local[32561]: 7FF791FF30: to=<user@host.domain>, orig_to=<user>, relay=local, delay=0.04, delays=0.03/0.01/0/0, dsn=2.0.0, status=sent (forwarded as 861341FF2C) Oct 4 04:35:47 host postfix/qmgr[27276]: 861341FF2C: from=<root@host.domain>, size=491, nrcpt=1 (queue active) Oct 4 04:35:47 host postfix/qmgr[27276]: 7FF791FF30: removed Oct 4 04:35:49 host postfix/smtp[32562]: 861341FF2C: to=<user@gmail.com>, orig_to=<user>, relay=smtp.gmail.com[209.85.147.109]:587, delay=1.7, delays=0/0.01/1.1/0.61, dsn=2.0.0, status=sent (250 2.0.0 OK 1191468669 j7sm2598149wah) Oct 4 04:35:49 host postfix/qmgr[27276]: 861341FF2C: removed
Followed shortly with...

Postfix Email

Success! Certainly not a complete Postfix setup but this is all I require. Hope it helps.

Update

I tested local mail (removed my previous
.forward
file so messages would be saved on the local machine) but had an issue off the bat:
user@host ~ $ mail mail: /var/mail/user: Permission denied
Seems pretty obvious why when you have a look at the file;
user@host ~ $ ls -l /var/mail/* ---------- 1 root root 0 Oct 5 08:10 /var/mail/user
Not sure whats going on here, but a file with no permissions and zero size can't really be of any use so I deleted it.
host ~ # rm /var/mail/user user@host ~ $ mail No mail for user
That looks a bit more promising, or at least it appears to be working. Time for the test.
host ~ # mail user Subject: test test CC: host ~ #
Once again looks promising but alas
user@host ~ $ mail No mail for user
Hmmm, so where did that message end up... A quick look at the logs indicates it was delivered.
host ~ # tail /var/log/messages Oct 5 08:09:21 host postfix/pickup[25147]: 68C761FF33: uid=0 from=<root> Oct 5 08:09:21 host postfix/cleanup[25152]: 68C761FF33: message-id=<20071005150921.68C761FF33@host.domain> Oct 5 08:09:21 host postfix/qmgr[25148]: 68C761FF33: from=<root@host.domain>, size=325, nrcpt=1 (queue active) Oct 5 08:09:21 host postfix/local[25154]: 68C761FF33: to=<user@host.domain>, orig_to=<user>, relay=local, delay=0.06, delays=0.03/0.01/0/0.02, dsn=2.0.0, status=sent (delivered to mailbox) Oct 5 08:09:21 host postfix/qmgr[25148]: 68C761FF33: removed
Ok, delivered to "mailbox"... what and where is that. Turns out that I have a directory under the local user called
.maildir
(
~/.maildir
) and it does appear to have a message in there. So why is Postfix putting it there (
/home/user/.maildir
) and
mail
checking (
/var/mail/user
)... I decided to deal with the former issue, where Postfix was putting mail. This turns out to be the setting
home_mailbox
:
# DELIVERY TO MAILBOX # # The home_mailbox parameter specifies the optional pathname of a # mailbox file relative to a user's home directory. The default # mailbox file is /var/spool/mail/user or /var/mail/user. Specify # "Maildir/" for qmail-style delivery (the / is required). # #home_mailbox = Mailbox #home_mailbox = Maildir/ home_mailbox = .maildir/
So that is the cause and the solution is to simply remove the entry and allow it to use the stated default (
/var/mail/user
). With the modification made and Postfix restarted the test message was sent again with the following results:
user@host ~ $ mail Mail version 8.1.2 01/15/2001. Type ? for help. "/var/mail/user": 1 message 1 new >N 1 root@host.domain Fri Oct 5 08:32 14/476 test & 1 Message 1: From root@host.domain Fri Oct 5 08:32:47 2007 X-Original-To: user To: user@host.domain Subject: test Date: Fri, 5 Oct 2007 08:32:47 -0700 (PDT) From: root@host.domain (root) test & d & q user@host ~ $
Success. And now with that done, the
.forward
was put back in making this nothing more than a learning experience.

References

Feedback

Empty FOO-cert file

I received an email from Stephen Hicks, , informing me of an issue faced and resolved regarding the
FOO-cert
file. I have attached the email correspondence verbatim (excluding the log which has been anonymized) for others who may have experienced a similar problem;
Hi, Thanks for your gentoo/postfix/gmail tutorial. It was very helpful in getting everything working. The one problem I ran into (and banged my head against for a while) was that my FOO-cert file was always being created empty, and `tail /var/log/messages` showed problems with getting the certificate and subsequently gmail complained that I wasn't sending a STARTTLS command: Oct 17 19:37:00 host postfix/smtp[9494]: warning: cannot get certificate from file /etc/postfix/FOO-cert.pem Oct 17 19:37:00 host postfix/smtp[9494]: warning: TLS library problem: 9494:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:647:Expecting: CERTIFICATE: Oct 17 19:37:00 host postfix/smtp[9494]: warning: TLS library problem: 9494:error:140DC009:SSL routines:SSL_CTX_use_certificate_chain_file:PEM lib:ssl_rsa.c:727: Oct 17 19:37:00 host postfix/smtp[9494]: cannot load RSA certificate and key data Oct 17 19:37:01 host postfix/smtp[9494]: C64D523545: to=<user@gmail.com>, relay=smtp.gmail.com[209.85.163.109]:587,delay=0.23, delays=0.03/0.01/0.14/0.04, dsn=5.7.0, status=bounced (host smtp.gmail.com[209.85.163.109] said: 530 5.7.0 Must issue a STARTTLS command first. p33sm6206256elf.16 (in reply to MAIL FROM command)) Oct 17 19:37:01 host postfix/cleanup[9492]: 12C3023550: message-id=<20081017233701.12C3023550@host.com> I finally fixed this by just commenting out the smtp_tls_cert_file line in /etc/postfix/main.cf. I have no idea why this worked, but it seemed to get the job done. It might be useful to make a note about that on your tutorial...? Cheers, steve
Thanks Steve for your feedback!

Corrections


Last updated: 4th October 2007