The Peculiar Case of Email in the Cloud

The Procedure

First, you need to install Postfix along with the tools needed for enabling SASL connections. Your procedure will vary based on distribution, but for Ubuntu/Debian folks, it will go something like this:


sudo apt-get install postfix mailutils libsasl2-2
 ↪ca-certificates libsasl2-modules

When Postfix installs, it will ask what type of system you're configuring. Multiple options will work, since you're editing the main file afterward, but I recommend you choose "Internet Site" and answer the questions accordingly. (Again, don't worry too much about what answers you put in the setup dialog, most of it will get overridden by your modifications anyway.)

Next, edit the main.cf file:


sudo nano /etc/postfix/main.cf

Then, change or add the following stanza of information somewhere in the file. Pay close attention, because there will be a few lines that look similar, but are subtly different. You'll probably have to add all the lines below:


relayhost = [smtp.gmail.com]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_CAfile = /etc/postfix/cacert.pem
smtp_use_tls = yes

Now you need to create that cacert.pem file. You could just reference the original file directly, but I like to have all the required files in one folder—that makes it easier to replicate when spinning up new servers:


sudo cat /etc/ssl/certs/Thawte_Premium_Server_CA.pem >
 ↪/etc/postfix/cacert.pem

In order to send mail, you need to have your authentication information on the server. Create the file from scratch:


sudo nano /etc/postfix/sasl/sasl_passwd

Enter your Gmail account information. It feels wrong to type a user name and password into a file, but you're going to lock the file's permissions pretty tight in the next step. Use this format in the file:


[smtp.gmail.com]:587 USER@gmail.com:PASSWORD

The USER and PASSWORD obviously need to be substituted with your account credentials. You also can use a Google Hosted Domain account, just use the full e-mail address instead of @gmail.com. Then secure the file and create a hash database so Postfix can read it properly:


sudo chmod 400 /etc/postfix/sasl/sasl_passwd
sudo postmap /etc/postfix/sasl/sasl_passwd

Finally, reload Postfix and test outgoing e-mail:


sudo service postfix reload
echo "It Worked" | mail -s "Email Test" anotheruser@example.com

______________________

Shawn Powers is a Linux Journal Associate Editor. You might find him on IRC, Twitter, or training IT pros at CBT Nuggets.