Difference between revisions of "Email relay"

Line 30: Line 30:
 
=Installation=
 
=Installation=
  
 +
<syntaxhighlight lang="bash">
 
apt-get install postfix mailutils libsasl2-2 ca-certificates libsasl2-modules
 
apt-get install postfix mailutils libsasl2-2 ca-certificates libsasl2-modules
 +
</syntaxhighlight>
  
 +
Choose:
 +
* Internet Site
 +
* Type your FQDN like: dev.daxiongmao.eu  ||  smartcard-gw.smartcards.vehco.com
 +
 +
 +
 +
 +
=Configuration=
 +
 +
 +
==POSTFIX global conf==
  
 
Edit Postfix configuration
 
Edit Postfix configuration
  
 +
<syntaxhighlight lang="bash">
 +
vim /etc/postfix/main.cf
 +
</syntaxhighlight>
  
  
 +
Add / adjust the SMTP relay and SASL settings (~ line 37)
  
Set SMTP relay and SASL settings
+
<syntaxhighlight lang="bash">
 +
## SMTP relay  
 +
relayhost = [smtp.gmail.com]:587
 +
smtp_sasl_auth_enable = yes
 +
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
 +
smtp_sasl_security_options = noanonymous
 +
smtp_sasl_tls_security_options = noanonymous
 +
smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
 +
</syntaxhighlight>
  
  
 +
Do not change the default TLS settings !!
  
  
 +
==Credentials file==
  
 
Create login / password file
 
Create login / password file
 +
 +
<syntaxhighlight lang="bash">
 
vim /etc/postfix/sasl_password
 
vim /etc/postfix/sasl_password
 +
</syntaxhighlight>
  
  
 
Put the following content
 
Put the following content
 +
 +
<syntaxhighlight lang="bash">
 
[smtp.gmail.com]:587    USERNAME@gmail.com:PASSWORD
 
[smtp.gmail.com]:587    USERNAME@gmail.com:PASSWORD
 +
</syntaxhighlight>
  
  
 
Set rights
 
Set rights
 +
 +
<syntaxhighlight lang="bash">
 
chmod 640 /etc/postfix/sasl_password
 
chmod 640 /etc/postfix/sasl_password
 
chown postfix:postfix /etc/postfix/sasl_password  
 
chown postfix:postfix /etc/postfix/sasl_password  
 +
</syntaxhighlight>
  
  
 
Compute new hash for postfix
 
Compute new hash for postfix
 +
 +
<syntaxhighlight lang="bash">
 
chown -R postfix /etc/postfix
 
chown -R postfix /etc/postfix
 
postmap /etc/postfix/sasl_password
 
postmap /etc/postfix/sasl_password
 +
</syntaxhighlight>
  
 +
 +
==TLS policy==
  
 
Create TLS policy file
 
Create TLS policy file
 +
 +
<syntaxhighlight lang="bash">
 
vim /etc/postfix/tls_policy
 
vim /etc/postfix/tls_policy
 +
</syntaxhighlight>
  
  
 
Put the following content
 
Put the following content
 +
 +
<syntaxhighlight lang="bash">
 
[smtp.gmail.com]:587 encrypt
 
[smtp.gmail.com]:587 encrypt
 +
</syntaxhighlight>
  
  
 
Compute new hash for postfix
 
Compute new hash for postfix
 +
 +
<syntaxhighlight lang="bash">
 
postmap /etc/postfix/tls_policy
 
postmap /etc/postfix/tls_policy
 +
</syntaxhighlight>
 +
 +
 +
  
 +
=Test you configuration=
  
Test you configuration
+
<syntaxhighlight lang="bash">
 +
echo "Test from my new SMTP relay" | mail -s "Test Postfix SMTP relay" target@domain.com
 +
</syntaxhighlight>
  
  
 +
Check your logs!! ... see below
  
Check your logs!
 
  
 +
 +
=Logs=
 +
 +
==Application logs==
 +
 +
<syntaxhighlight lang="bash">
 
cat /var/log/mail.log
 
cat /var/log/mail.log
 +
</syntaxhighlight>
  
  
Line 97: Line 160:
  
  
 +
==Error Log==
 +
 +
<syntaxhighlight lang="bash">
 
cat /var/log/mail.err
 
cat /var/log/mail.err
 +
</syntaxhighlight>
  
 +
it should be empty
  
  

Revision as of 09:25, 13 August 2014


Principle

Our server will forward all emails to another SMTP server. The SMTP server we're gonna install is stupid: only local domain, no account checking, no anti-virus or spam protection.

  1. From a local point of view, all emails are send using Linux default configuration and system users
  2. From the other hand - the big SMTP server ("Gmail", "Outlook", ...) - all emails come from the same account


Principle:

SMTP server relay


As you can see, POSTFIX SMTP server will just act as a proxy between local services and Gmail.



When to use it ?

If you only have a single server and want to monitor it, then use a relay! That's much easier than setup a complete email server. It's also easier to maintain!



Installation

apt-get install postfix mailutils libsasl2-2 ca-certificates libsasl2-modules

Choose:

  • Internet Site
  • Type your FQDN like: dev.daxiongmao.eu || smartcard-gw.smartcards.vehco.com



Configuration

POSTFIX global conf

Edit Postfix configuration

vim /etc/postfix/main.cf


Add / adjust the SMTP relay and SASL settings (~ line 37)

## SMTP relay 
relayhost = [smtp.gmail.com]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
smtp_tls_policy_maps = hash:/etc/postfix/tls_policy


Do not change the default TLS settings !!


Credentials file

Create login / password file

vim /etc/postfix/sasl_password


Put the following content

[smtp.gmail.com]:587    USERNAME@gmail.com:PASSWORD


Set rights

chmod 640 /etc/postfix/sasl_password
chown postfix:postfix /etc/postfix/sasl_password


Compute new hash for postfix

chown -R postfix /etc/postfix
postmap /etc/postfix/sasl_password


TLS policy

Create TLS policy file

vim /etc/postfix/tls_policy


Put the following content

[smtp.gmail.com]:587 encrypt


Compute new hash for postfix

postmap /etc/postfix/tls_policy



Test you configuration

echo "Test from my new SMTP relay" | mail -s "Test Postfix SMTP relay" target@domain.com


Check your logs!! ... see below


Logs

Application logs

cat /var/log/mail.log


You should see something like:

Aug 13 10:15:46 smartcard-gw postfix/pickup[11711]: 558D442DDF: uid=0 from=<root@dev>

Aug 13 10:15:46 smartcard-gw postfix/cleanup[11836]: 558D442DDF: message-id=<20140813081546.558D442DDF@dev>

Aug 13 10:15:46 smartcard-gw postfix/qmgr[11712]: 558D442DDF: from=<root@dev.daxiongmao.eu>, size=361, nrcpt=1 (queue active)

Aug 13 10:15:48 smartcard-gw postfix/smtp[11838]: 558D442DDF: to=<target@domain.com>, relay=smtp.gmail.com[173.194.71.108]:587, delay=2.4, delays=0.02/0.04/0.89/1.5, dsn=2.0.0, status=sent (250 2.0.0 OK 1407917748 n2sm761208lag.18 - gsmtp)

Aug 13 10:15:48 smartcard-gw postfix/qmgr[11712]: 558D442DDF: removed


Error Log

cat /var/log/mail.err

it should be empty




Sources