Install the required packages
sudo apt-get install ca-certificates
sudo aptitude install
postfix
libsasl2
libsasl2-modules
Configure Postfix
sudo mkfifo /var/spool/postfix/public/pickup
You’ll want the following lines in your /etc/postfix/main.cf file:
relayhost = [smtp.gmail.com]:587
smtp_use_tls
= yes
smtp_sasl_auth_enable
= yes
smtp_sasl_password_maps
= hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options
= noanonymous
smtp_tls_loglevel
= 1
smtp_tls_per_site
= hash:/etc/postfix/tls_per_site
smtp_tls_CAfile
= /etc/ssl/certs/Equifax_Secure_CA.pem
smtp_tls_session_cache_database
= btree:/var/lib/postfix/smtp_tls_session_cache
The above lines are telling Postfix that you want to relay mail through gmail on a specific port, telling it to authenticate, and where to find the username and password.
The last three lines specify the authentication types supported, where the certificate authority file is and that it should use tls.
Define Username and Password
Next we’ll need to populate the sasl_passwd file.
sudo
nano
/etc/postfix/sasl_passwdAdd the following content:
[smtp.gmail.com]:587 username@gmail.com:password
This file should have restrictive permissions and then needs to be translated into a .db that Postfix will read.
sudo chmod 400 /etc/postfix/sasl_passwd
sudo
postmap /etc/postfix/sasl_passwd
At this point you can restart Postfix and it should work, however it will complain about not being able to authenticate the certificate.
To take care of this issue we’ll use the ca-certificate package we installed and tell it where it can validate the certificate.
cat /etc/ssl/certs/
Equifax_Secure_CA.pem | sudo tee -a /etc/postfix/cacert.pem
We also need to
populate a TLS per site file.
sudo nano /etc/postfix/postmap tls_per_site
sudo nano /etc/postfix/postmap tls_per_site
Add the following content:
smtp.gmail.com MUST
This file needs to be translated into a .db that Postfix will read.
sudo postmap /etc/postfix/
tls_per_site
Go ahead and
reload postfix and you should be set.
sudo /etc/init.d/postfix reload