Setting up Postfix to relay through GMail in Gentoo

Problem

I recently needed to setup mail forwarding from my Gentoo web hosting box out to my "real world" email address. Incidentally this happens to be a Google Apps email address but for the purposes of this document I have indicated it as

user@gmail.com

Solution

I previously had

ssmtp

installed on the system (by default) which was able to route to external TLD's but seemed to fail when a

revalias

was used for local accounts. After spending too much time trying to figure it out, Postfix was picked as an alternative (v2.3.6).

host ~ # emerge -C ssmtp host ~ # USE="sasl ssl" emerge -av postfix

For my application, I simply want to forward all email (from root and my user account) out to my GMail account, and I have found that the following achieves this (local mail update below).

Firstly, we configure Postfix through the

/etc/postfix/main.cf

file. The following ammendments were made:

inet_interfaces = 127.0.0.1 # only visible internally relayhost = [smtp.gmail.com]:587 smtp_use_tls = yes smtp_tls_CAfile = /etc/postfix/cacert.pem smtp_tls_cert_file = /etc/postfix/FOO-cert.pem smtp_tls_key_file = /etc/postfix/FOO-key.pem smtp_tls_session_cache_database = btree:/var/run/smtp_tls_session_cache smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtpd_sasl_local_domain = $myhostname smtp_sasl_security_options = noanonymous

The following guide was used to create the TLS certificate files (*.pem): http://souptonuts.sourceforge.net/postfix_tutorial.html. The quick wrap up:

host ~ # /etc/ssl/misc/CA.pl -newca host ~ # openssl req -new -nodes -subj '/CN=domain.com/O=Name/C=US/ST=State/L=Location/emailAddress=user@gmail.com' -keyout FOO-key.pem -out FOO-req.pem -days 3650 host ~ # openssl ca -out FOO-cert.pem -infiles FOO-req.pem host ~ # cp demoCA/cacert.pem FOO-key.pem FOO-cert.pem /etc/postfix host ~ # chmod 644 /etc/postfix/FOO-cert.pem /etc/postfix/cacert.pem host ~ # chmod 400 /etc/postfix/FOO-key.pem

Secondly, setup the

/etc/postfix/sasl_password

file, as follows:

[smtp.gmail.com]:587 user@gmail.com:password

with the associated hash file (

/etc/postfix/sasl_password.db

) and with appropriate permissions

host /etc/postfix # postmap sasl_password # this creates sasl_password.db host /etc/postfix # chmod 600 sasl_password host /etc/postifx # chmod 600 sasl_password.db

And finally, specify the local forwards:

user@host ~ $ echo 'user@gmail.com' > ~/.forward

Testing

Lets start the daemon and try sending an email,

host ~ # /etc/init.d/postfix start * Starting postfix ... [ ok ] host ~ # mail user Subject: test message this is a test message Cc: host ~ # tail /var/log/messages Oct 4 04:35:47 host postfix/pickup[32541]: 7FF791FF30: uid=0 from=<root> Oct 4 04:35:47 host postfix/cleanup[32559]: 7FF791FF30: message-id=<20071004113547.7FF791FF30@host.domain> Oct 4 04:35:47 host postfix/qmgr[27276]: 7FF791FF30: from=<root@host.domain>, size=347, nrcpt=1 (queue active) Oct 4 04:35:47 host postfix/cleanup[32559]: 861341FF2C: message-id=<20071004113547.7FF791FF30@host.domain> Oct 4 04:35:47 host postfix/local[32561]: 7FF791FF30: to=<user@host.domain>, orig_to=<user>, relay=local, delay=0.04, delays=0.03/0.01/0/0, dsn=2.0.0, status=sent (forwarded as 861341FF2C) Oct 4 04:35:47 host postfix/qmgr[27276]: 861341FF2C: from=<root@host.domain>, size=491, nrcpt=1 (queue active) Oct 4 04:35:47 host postfix/qmgr[27276]: 7FF791FF30: removed Oct 4 04:35:49 host postfix/smtp[32562]: 861341FF2C: to=<user@gmail.com>, orig_to=<user>, relay=smtp.gmail.com[209.85.147.109]:587, delay=1.7, delays=0/0.01/1.1/0.61, dsn=2.0.0, status=sent (250 2.0.0 OK 1191468669 j7sm2598149wah) Oct 4 04:35:49 host postfix/qmgr[27276]: 861341FF2C: removed

Followed shortly with...

Postfix Email

Success! Certainly not a complete Postfix setup but this is all I require. Hope it helps.

Update

I tested local mail (removed my previous

.forward

file so messages would be saved on the local machine) but had an issue off the bat:

user@host ~ $ mail mail: /var/mail/user: Permission denied

Seems pretty obvious why when you have a look at the file;

user@host ~ $ ls -l /var/mail/* ---------- 1 root root 0 Oct 5 08:10 /var/mail/user

Not sure whats going on here, but a file with no permissions and zero size can't really be of any use so I deleted it.

host ~ # rm /var/mail/user user@host ~ $ mail No mail for user

That looks a bit more promising, or at least it appears to be working. Time for the test.

host ~ # mail user Subject: test test CC: host ~ #

Once again looks promising but alas

user@host ~ $ mail No mail for user

Hmmm, so where did that message end up... A quick look at the logs indicates it was delivered.

host ~ # tail /var/log/messages Oct 5 08:09:21 host postfix/pickup[25147]: 68C761FF33: uid=0 from=<root> Oct 5 08:09:21 host postfix/cleanup[25152]: 68C761FF33: message-id=<20071005150921.68C761FF33@host.domain> Oct 5 08:09:21 host postfix/qmgr[25148]: 68C761FF33: from=<root@host.domain>, size=325, nrcpt=1 (queue active) Oct 5 08:09:21 host postfix/local[25154]: 68C761FF33: to=<user@host.domain>, orig_to=<user>, relay=local, delay=0.06, delays=0.03/0.01/0/0.02, dsn=2.0.0, status=sent (delivered to mailbox) Oct 5 08:09:21 host postfix/qmgr[25148]: 68C761FF33: removed

Ok, delivered to "mailbox"... what and where is that. Turns out that I have a directory under the local user called

.maildir

(

~/.maildir

) and it does appear to have a message in there. So why is Postfix putting it there (

/home/user/.maildir

) and

mail

checking (

/var/mail/user

)... I decided to deal with the former issue, where Postfix was putting mail. This turns out to be the setting

home_mailbox

# DELIVERY TO MAILBOX # # The home_mailbox parameter specifies the optional pathname of a # mailbox file relative to a user's home directory. The default # mailbox file is /var/spool/mail/user or /var/mail/user. Specify # "Maildir/" for qmail-style delivery (the / is required). # #home_mailbox = Mailbox #home_mailbox = Maildir/ home_mailbox = .maildir/

So that is the cause and the solution is to simply remove the entry and allow it to use the stated default (

/var/mail/user

). With the modification made and Postfix restarted the test message was sent again with the following results:

user@host ~ $ mail Mail version 8.1.2 01/15/2001. Type ? for help. "/var/mail/user": 1 message 1 new >N 1 root@host.domain Fri Oct 5 08:32 14/476 test & 1 Message 1: From root@host.domain Fri Oct 5 08:32:47 2007 X-Original-To: user To: user@host.domain Subject: test Date: Fri, 5 Oct 2007 08:32:47 -0700 (PDT) From: root@host.domain (root) test & d & q user@host ~ $

Success. And now with that done, the

.forward

was put back in making this nothing more than a learning experience.

References

Gentoo http://www.gentoo.org
Domain Gurus http://www.domaingurus.com
Google Apps http://www.google.com/a
sSMTP http://packages.debian.org/stable/mail/ssmtp
Postfix http://www.postfix.org
GMail http://www.gmail.com
Gmail on Home Linux Box using Postfix and Fetchmail http://souptonuts.sourceforge.net/postfix_tutorial.html

Feedback

Empty FOO-cert file

I received an email from Stephen Hicks,

, informing me of an issue faced and resolved regarding the

FOO-cert

file. I have attached the email correspondence verbatim (excluding the log which has been anonymized) for others who may have experienced a similar problem;

Hi, Thanks for your gentoo/postfix/gmail tutorial. It was very helpful in getting everything working. The one problem I ran into (and banged my head against for a while) was that my FOO-cert file was always being created empty, and `tail /var/log/messages` showed problems with getting the certificate and subsequently gmail complained that I wasn't sending a STARTTLS command: Oct 17 19:37:00 host postfix/smtp[9494]: warning: cannot get certificate from file /etc/postfix/FOO-cert.pem Oct 17 19:37:00 host postfix/smtp[9494]: warning: TLS library problem: 9494:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:647:Expecting: CERTIFICATE: Oct 17 19:37:00 host postfix/smtp[9494]: warning: TLS library problem: 9494:error:140DC009:SSL routines:SSL_CTX_use_certificate_chain_file:PEM lib:ssl_rsa.c:727: Oct 17 19:37:00 host postfix/smtp[9494]: cannot load RSA certificate and key data Oct 17 19:37:01 host postfix/smtp[9494]: C64D523545: to=<user@gmail.com>, relay=smtp.gmail.com[209.85.163.109]:587,delay=0.23, delays=0.03/0.01/0.14/0.04, dsn=5.7.0, status=bounced (host smtp.gmail.com[209.85.163.109] said: 530 5.7.0 Must issue a STARTTLS command first. p33sm6206256elf.16 (in reply to MAIL FROM command)) Oct 17 19:37:01 host postfix/cleanup[9492]: 12C3023550: message-id=<20081017233701.12C3023550@host.com> I finally fixed this by just commenting out the smtp_tls_cert_file line in /etc/postfix/main.cf. I have no idea why this worked, but it seemed to get the job done. It might be useful to make a note about that on your tutorial...? Cheers, steve

Thanks Steve for your feedback!

Corrections

Thank-you Stefan Bauer, for pointing out a typo which has now been corrected. Well spotted!

Last updated: 4th October 2007