quinta-feira, novembro 05, 2015

Configuring Gmail as Sendmail email relay

Configuring Gmail as Sendmail email relay



linux sendmail forward to gmail



Configuring Gmail as a Sendmail email relay

Contents[Hide]

Introduction

Install prerequisites

Create Gmail Authentication file

Configure your sendmail

Configuration test

1. Introduction

In this configuration tutorial we will guide you through the process of configuring sendmail to be an email relay for your gmail or google apps account. This allows you to send email from your bash scripts, hosted website or from command line using mail command. Other examples where you can utilize this setting is for a notification purposes such or failed backups etc. Sendmail is just one of many utilities which can be configured to rely on gmail account where the others include postfix, exim , ssmpt etc. In this tutorial we will use Debian and sendmail for this task.



2. Install prerequisites

# apt-get install sendmail mailutils sendmail-bin

3. Create Gmail Authentication file

# mkdir -m 700 /etc/mail/authinfo/

# cd /etc/mail/authinfo/

next we need to create an auth file with a following content. File can have any name, in this example the name is gmail-auth:

vim gmail-auth


AuthInfo: "U:root" "I:YOUR GMAIL EMAIL ADDRESS" "P:YOUR PASSWORD"

Replace the above email with your gmail or google apps email.



Please note that in the above password example you need to keep 'P:' as it is not a part of the actual password.



In the next step we will need to create a hash map for the above authentication file:



# makemap hash gmail-auth '<' gmail-auth

4. Configure your sendmail

Put bellow lines into your sendmail.mc configuration file right above first "MAILER" definition line:

vim /etc/mail/sendmail.mc

define(`SMART_HOST',`[smtp.gmail.com]')dnl
define(`RELAY_MAILER_ARGS', `TCP $h 587')dnl
define(`ESMTP_MAILER_ARGS', `TCP $h 587')dnl
define(`confAUTH_OPTIONS', `A p')dnl
TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
FEATURE(`authinfo',`hash -o /etc/mail/authinfo/gmail-auth.db')dnl

Do not put the above lines on the top of your sendmail.mc configuration file !



In the next step we will need to re-build sendmail's configuration. To do that execute:



# make -C /etc/mail

Reload sendmail service:



/etc/init.d/sendmail reload

and you are done.



5. Configuration test

Now you can send an email from your command line using mail command:



$ echo "Just testing my sendmail gmail relay" | mail -s "Sendmail gmail Relay" my-email@my-domain.com



If you will experience substitutional delays after executing the above command to most likely cause is that you have not configured your host with FQDN.  Check your logs for a warning:



----------- if you see the error AUTH=client, available mechanisms do not fulfill requirements ---
on /var/log/maillog

just install yum -y install cyrus-sasl-plain

2. Upgrading Cyrus SASL
If your SASL installation doesn’t have the “plain” and “login” lib you will have authentication problem with Gmail. You can see why when you get to the sendmail configuration in the later steps. The common error in the /var/log/maillog is this:
AUTH=client, available mechanisms do not fulfill requirements
It was a vague error and I was so frustrated with it at one point I was ready to give up. However, this article about setting up Postfix with Gmail casted some light and helped me figured out the cause.
The problem is that SASL doesn’t have all the necessary plugins. The “login” and “plain” are the plugins necessary to talk to Gmail smtp. So I had to upgrade SASL to fix the problem. Here is what I did:
$ wget http://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-2.1.21.tar.gz
$ tar -xzf cyrus-sasl-2.1.21.tar.gz
$ cd cyrus-sasl-2.1.21
$ ./configure
$ make
$ make install
$ mv /usr/lib/sasl2 /usr/lib/sasl2.orig
$ ln -s /usr/local/lib/sasl2 /usr/lib/sasl2
Note: if you have issue installing Cyrus SASL around compiling digestmd5.c, it’s because your compiler is too new. Read here to find out how to patch it.
Since I just switched out the old sasl2 lib without recompiling sendmail, I was concerned sendmail would poop during runtime. Luckily that didn’t happen. Dynamic lib rocks!

------------------

Relaying Postfix mails via smtp.gmail.com:

First, install all necessary packages:

sudo apt-get install postfix mailutils libsasl2-2 ca-certificates libsasl2-modules
If you do not have postfix installed before, postfix configuration wizard will ask you some questions. Just select your server as Internet Site and for FQDN use something like mail.example.com

Then open your postfix config file:

vim /etc/postfix/main.cf
and following lines to it:

relayhost = [smtp.gmail.com]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_CAfile = /etc/postfix/cacert.pem
smtp_use_tls = yes


You might have noticed that we haven’t specified our Gmail username and password in above lines. They will go into a different file. Open/Create

vim /etc/postfix/sasl_passwd
And add following line:

[smtp.gmail.com]:587    USERNAME@gmail.com:PASSWORD
If you want to use your Google App’s domain, please replace @gmail.com with your @domain.com

Fix permission and update postfix config to use sasl_passwd file:

sudo chmod 400 /etc/postfix/sasl_passwd
sudo postmap /etc/postfix/sasl_passwd


Next, validate certificates to avoid running into error. Just run following command:

3. Generate your own CA certificate

a. Change directory to /etc/pki/tls/certs

#cd /etc/pki/tls/certs

b.Create a key and test certificate in one file

#make hostname.pem

You will something like

[root@FLT certs]# make hostname.pem
umask 77 ; \
PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
/usr/bin/openssl req -utf8 -newkey rsa:1024 -keyout $PEM1 -nodes -x509 -days 365 -out $PEM2 -set_serial 0 ; \
cat $PEM1 >  hostname.pem ; \
echo    >> hostname.pem ; \
cat $PEM2 >> hostname.pem ; \
rm -f $PEM1 $PEM2
Generating a 1024 bit RSA private key
.++++++
..++++++
writing new private key to ‘/tmp/openssl.z12084’

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.

Country Name (2 letter code) [GB]:
State or Province Name (full name) [Berkshire]:
Locality Name (eg, city) [Newbury]:
Organization Name (eg, company) [My Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server’s hostname) []:
Email Address []:

c. Fill-up the necessary information and copy the file on /etc/postfix as cacert.pem

#cp /etc/pki/tls/certs/hostname.pem /etc/postfix/cacert.pem


Nenhum comentário: