Postfix relay through Gmail
Sunday, December 14th, 2008Since Discuz (a PHP based BBS application) don’t support TLS SMTP (Gmail), I setup a relay SMTP server using Postfix yesterday. Relay SMTP Server is like a middleman. When the site administrator want to send mail notifications to their members, Discuz first connects to the middleman (Relay SMTP Server) instead of Gmail (because Discuz don’t support TLS SMTP), and the middleman will redirect such emails to Gmail SMTP server. Finally, the mails are delivered to recipients by Gmail.
After you have done SMTP relay, not only work in Discuz, other PHP applications that use mail() function should work as well.
I’ve tried below steps in my CentOS 4.5 and Fedora 10 servers, both distributions work and the emails are able to send out via PHP mail() function.
In my scenario, both SMTP Server (Postfix) and Discuz (or other mail PHP applications) are installed on the same server. Otherwise, it is necessary to do some additional configurations on your Postfix and your PHP application must support ESMTP.
Before you do:
You must enable Gmail IMAP (with SMTP) function. Details:
http://mail.google.com/support/bin/answer.py?answer=77695
Basic commands:
Install postfix and change to appropriate directory:
yum install postfix
mkdir /etc/postfix/certs
cd /etc/postfix/certs
Create own certificate authority (CA):
For CentOS4:
/usr/share/ssl/misc/CA -newca
For CentOS 5/Fedora 10:
/etc/pki/tls/misc/CA -newca
Follow the prompts and make intelligent responses.
Create the client keys/certs:
Again with intelligent responses and ensuring you use the same common name and country code.
openssl genrsa -out postfixclient.key 1024
openssl req -new -key postfixclient.key -out postfixclient.csr
openssl ca -out ./postfixclient.pem -infiles postfixclient.csr
Amend Postfix configuration:
Open /etc/postfix/main.cf:
vim /etc/postfix/main.cf
And add the following lines:
relayhost = [smtp.gmail.com]:587
smtp_connection_cache_destinations = smtp.gmail.com
relay_destination_concurrency_limit = 1
smtp_sasl_auth_enable=yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_use_tls = yes
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
smtp_tls_note_starttls_offer = yes
tls_random_source = dev:/dev/urandom
smtp_tls_scert_verifydepth = 5
smtp_tls_key_file=/etc/postfix/certs/postfixclient.key
smtp_tls_cert_file=/etc/postfix/certs/postfixclient.pem
smtp_tls_enforce_peername = no
smtpd_tls_req_ccert =no
smtpd_tls_ask_ccert = yes
Create username and password database:
vim /etc/postfix/sasl_passwd
In /etc/postfix/sasl_passwd, add the following lines:
[smtp.gmail.com]:587 username@gmail.com:password
username@gmail.com is your Gmail login account and you must provide the corresponding password.
Enter the following commands and Postfix will parse the password file:
postmap /etc/postfix/sasl_passwd
Change appropriate permissions:
Other users cannot see the password files.
chmod 640 /etc/postfix/sasl_passwd*
chgrp postfix /etc/postfix/sasl_passwd*
The configuration is complete! Restart Postfix after you make any change:
/etc/init.d/postfix restart
Testing (optional):
This step will send an email to test whether it is configured successfully.
telnet 127.0.0.1 25
EHLO 127.0.0.1
MAIL FROM: username@gmail.com
RCPT TO: receipent@xxx.com
DATA
HIHI
If you can see this email, it means that the SMTP relay is configured successfully.
.
(Don’t forget to enter dot at the end)
Discuz configuration:
In mail_config.inc.php under Discuz root directory, change $mailsend option to 1 because your local server has already supported mail sending. For example:
$mailsend = 1; // sendmail type
// 0=do not send any mails
// 1=send via PHP mail() function and UNIX sendmail
// 2=send via Discuz! SMTP/ESMTP interface
// 3=send via PHP mail() and SMTP(only for win32, do not support ESMTP)
References:
http://souptonuts.sourceforge.net/postfix_tutorial.html
http://www.wormly.com/blog/2008/11/05/relay-gmail-google-smtp-postfix/