SMTP Relay Server with Gmail
This is a brief guide on installing a SMTP relay server on Fedora 12. I have taken these instructions from various sites and tried to merge them into one. These are the sites I used in my research:
Soup to Nuts
G-loaded Journal
Carlton’s Online Notebook
The commands and things used in this guide are explained in more details on those sites. If you want to know what the commands are for then please feel free to visit those sites.
Here is the guide:
Install postfix and remove sendmail
yum install postfix
yum remove sendmail
Check to see if postfix has been compiled with the necessary files
ldd `which postfix` | grep libsasl
ldd `which postfix` | grep libssl
They should hopefully return something like this:
# ldd `which postfix` | grep libsasl
libsasl2.so.2 => /usr/lib64/libsasl2.so.2 (0x00007f646039a000)
# ldd `which postfix` | grep libssl
libssl.so.10 => /usr/lib64/libssl.so.10 (0x00007f0ed4b79000)
This should work for a base install of Fedora 12, if you do not see any outputs then you might need a different version of postfix.
Next we need to make sure that openssl and openssl-perl are both installed and up to date. These will be used to generate ssl certificates
yum install openssl openssl-perl
We need to make ourselves a Certificate Authority..You can skip this step if you already have certificated made
Peform these actions as root (su):
mkdir -m 0755 /etc/pki_jungle
mkdir -m 0755 \
/etc/pki_jungle/myCA \
/etc/pki_jungle/myCA/private \
/etc/pki_jungle/myCA/certs \
/etc/pki_jungle/myCA/newcerts \
/etc/pki_jungle/myCA/crlcp /etc/pki/tls/openssl.cnf /etc/pki_jungle/myCA/openssl.my.cnf
chmod 0600 /etc/pki_jungle/myCA/openssl.my.cnf
touch /etc/pki_jungle/myCA/index.txt
echo '01' > /etc/pki_jungle/myCA/serial
cd /etc/pki_jungle/myCA/
openssl req -config openssl.my.cnf -new -x509 -extensions v3_ca -keyout private/myca.key -out certs/myca.crt -days 1825
At this point you will be prompted for a passphrase, choose a strong passphrase
Country Name (2 letter code) [NZ]:ER
State or Province Name (full name) [Earth]:Earth
Locality Name (eg, city) []: Land
Organization Name (eg, company) [My Company Ltd]:My Network
Organizational Unit Name (eg, section) []:My Certificate Authority
Common Name (eg, your name or your server’s hostname) []:server.example.com
Email Address []:whatever@server.example.com
once that is done
chmod 0400 /etc/pki_jungle/myCA/private/myca.key
Next we need to edit the openssl.my.cnf, I would recommend using something like WinSCP if you are not comfortable with commandline text editors
Open /etc/pki_jungle/myCA/openssl.my.cnf and make the following changes
[ CA_default ]dir = . # <--CHANGE THIS
certs = $dir/certs
crl_dir = $dir/crl
database = $dir/index.txt
#unique_subject = no
new_certs_dir = $dir/newcerts
certificate = $dir/certs/myca.crt # <--CHANGE THIS
serial = $dir/serial
#crlnumber = $dir/crlnumber
crl = $dir/crl.pem
private_key = $dir/private/myca.key # <--CHANGE THIS
RANDFILE = $dir/private/.rand
x509_extensions = usr_cert
Next we will need to create the server certificate
cd /etc/pki_jungle/myCA/
openssl req -config openssl.my.cnf -new -nodes -keyout private/server.key -out server.csr -days 365
Fill out the fields as previously done
Country Name (2 letter code) [NZ]:ER
State or Province Name (full name) [Earth]:Earth
Locality Name (eg, city) []: Land
Organization Name (eg, company) [My Company Ltd]:My Network
Organizational Unit Name (eg, section) []:My Certificate Authority
Common Name (eg, your name or your server’s hostname) []:server.example.com
Email Address []:whatever@server.example.com
The Common Name (CN) is the info that uniquely distinguishes your service, so be sure that you type it correctly.
When prompted for some extra attributes (challenge password, optional company name) just hit the [Enter] key.
chown root.root /etc/pki_jungle/myCA/private/server.key
chmod 0400 /etc/pki_jungle/myCA/private/server.key
cd /etc/pki_jungle/myCA/
openssl ca -config openssl.my.cnf -policy policy_anything -out certs/server.crt -infiles server.csr
Download the Thawte certs from here https://www.thawte.com/roots/index.html
Unzip the file and copy the Thawte Roots\Thawte Personal Root Certificates\Thawte Personal Premium CA\Thawte Personal Premium CA.pem to /etc/pki_jungle/myCA/certs/ make sure to remove all the spaces from the filename
You will need to create a file called sasl_passwd in the /etc/postfix directory
Add the following to the sasl_passwd:
[smtp.gmail.com]:587 user@gmail.com:password
After the file is created run the following command
postmap /etc/postfix/sasl_passwd
chown root.postfix /etc/postfix/sasl_passwd*
chmod 0640 /etc/postfix/sasl_passwd*
Next edit /etc/postfix/main.cf and add the following to the bottom of the file
#### GMail SSL SMTP Relay
relayhost = [smtp.gmail.com]:587
#auth
smtp_sasl_auth_enable=yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
#tls
smtp_use_tls = yes
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
smtp_tls_note_starttls_offer = yes
tls_random_source = dev:/dev/urandom
smtp_tls_scert_verifydepth = 5
smtp_tls_key_file=/etc/pki_jungle/myCA/private/server.key
smtp_tls_cert_file=/etc/pki_jungle/myCA/certs/server.crt
smtpd_tls_ask_ccert = yes
smtpd_tls_req_ccert =no
smtp_tls_enforce_peername = no
smtpd_use_tls = yes
smtpd_tls_auth_only = no
smtp_tls_CAfile = /etc/pki_jungle/myCA/certs/ThawtePersonalPremiumCA.pem
While you have main.cf open you might want to change a few other things aswell. Uncomment by removing the # character and fill in the settings which suit your network
myhostname = smtp.nav.local
mydomain = nav.local
myorigin = $mydomain
inet_interfaces = all
(comment out inet_interfaces = localhost so it reads #inet_interfaces = localhost)
Save the file
On your fedora box go to System > Administration > Firewall
Tick the Mail (SMTP) box and click on apply.
Next restart your postfix service by typing in
/etc/init.d/postfix restart
You should now be able to configure your mail client to use your server as an smtp server. If you cannot send mail out then have a look at /var/log/maillogs for some information.