Loading
Setup Postfix to Login to Your Email Account and Deliver Mail
Unless you're a sysadmin you don't generally have to worry that much about getting email delivered, you just hookup your GUI email client to your external email account and you're done. But what if your system tries to deliver mail, for example from cron? Normally, this just goes to root or perhaps some designated user on your system, but what if you'd like it to get delivered to your external email account?
The obvious answer is you setup your system to forward root's email to your external email account, eg change this line in /etc/aliases:
root: you
to
root: you@example.com
or you can change root's .forward file to accomplish the same thing.
So, what's the problem? The problem comes when your IP address (or your ISP's IP address) someday gets blacklisted and all of a sudden you're not getting any system mail anymore. This problem can also arise if you have scripts which deliver mail to somebody: at some point their email server may refuse to talk to your system because it thinks you're a spammer or something.
In these cases, assuming your email provider allows you to have SMTP access, one solution is to have your system deliver email to your email provider and let your email provider deliver it to the final destination. Your email provider is probably (hopefully) more likely to stay on top of problems related to their IP addresses and blacklists so your email has a higher probability of getting delivered (in the case of cron it's already at its destination).
Getting your system to deliver mail to an external email account, ie getting your system to relay mail via another server requires a bit of configuration. Few, if any, email providers allow their servers to be used as open relays, an open relay being an email relay that anyone can use. So one of the first things you have to do is tell your system how to login to your email account so that it can relay email. Furthermore you may also have to, or want to, configure your system to use TLS/SSL when it logs in so that your username and password are protected.
In this example, I'll show you how I set up my system to deliver mail to my fastmail account. I use openSUSE and therefore my system uses postfix to deliver email. If you use another Linux distro these steps may require modification, and if you use exim or some other system for email delivery this won't help at all.
First, if it's not already installed and running, install the SASL authentication daemon saslauthd and start it. Next edit the file /etc/postfix/sasl_passwd and add this line to the bottom of the file:
mail.messagingengine.com USERNAME:PASSWORD
The values in this file determine the username and password that SASL uses when logging in to a particular server. Obviously, change these values for your external email account. You should be able to find the server name on your email provider's web site, although it usually takes some digging.
Now run postmap to convert the text password file to a .db file:
postmap sasl_passwd
Next edit the file /etc/postfix/master.cf and uncomment the tlsmgr line:
tlsmgr unix - - n 1000? 1 tlsmgr
Now edit the file /etc/postfix/main.cf and add the following lines to the bottom of the file:
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_type = cyrus
smtp_sasl_mechanism_filter = PLAIN, LOGIN
smtp_tls_security_level = verify
smtp_tls_mandatory_ciphers = high
smtp_tls_verify_cert_match = nexthop
smtp_sasl_tls_security_options = noanonymous
relayhost = [mail.messagingengine.com]:587
#debug_peer_list = mail.messagingengine.com
These options tell postfix to use SASL authentication when doing SMTP (ie delivering mail) and they also tell it to use TLS security when logging in. The relayhost option tells postfix the default server to use when relaying email, the :XXX value is the port number to use (another value you'll have to dig out of your email provider's help pages). The last option, the commented out one, debug_peer_list allows you tell postfix to show TLS related debug information on a per server basis. This is often useful when trying to diagnose TLS connection problems. In this case it turned out to be useful because postfix did not recognize the CA (certificate authority) that issued Fastmail's SSL certificate (Entrust). (Actually, I don't know if postfix recognizes any CA's out of the box.)
After some groping around on the Entrust site my SSL memory came back to me and I did a search for "root certificates" and got to a page where I could download a copy of Entrust's root certificate (you may need to start here).
Once you've downloaded the certificate, save a copy in /etc/postfix and remove group/other read/write access. Then add the following line to /etc/postfix/main.cf:
smtp_tls_CAfile = /etc/postfix/entrust_ssl_ca.cer
Restart postfix:
$ /etc/init.d/postfix restart
Now send a test email from the command line:
$ mail -s test you@example.com <<<test
And hopefully it will arrive in your external email account.
______________________
Mitch Frazier is an Associate Editor for Linux Journal.
White Paper
Fabric-Based Computing Enables Optimized Hyperscale Data Centers
Today’s modular x86 servers are compute-centric, designed as a least common denominator to support a wide range of IT workloads. Those generic, virtualized IT workloads have much different resource optimization requirements than hyperscale and cloud applications. They have resulted in a “one size fits all” enterprise IT architecture that is not optimized for a specific set of IT workloads, and especially not emerging hyperscale workloads, such as web applications, big data, and object storage. In this report, you will learn how shifting the focus from traditional compute-centric IT architectures to an innovative disaggregated fabric-based architecture can optimize and scale your data center.
Sponsored by AMD
White Paper
Red Hat White Paper: Using an Open Source Framework to Catch the Bad Guy
Built-in forensics, incident response, and security with Red Hat Enterprise Linux 6
Every security policy provides guidance and requirements for ensuring adequate protection of information and data, as well as high-level technical and administrative security requirements for a system in a given environment. Traditionally, providing security for a system focuses on the confidentiality of the information on it. However, protecting the data integrity and system and data availability is just as important. For example, when processing United States intelligence information, there are three attributes that require protection: confidentiality, integrity, and availability.
Learn more about catching the bad guy in this free white paper.
Sponsored by DLT Solutions
- New Products
- Making Linux and Android Get Along (It's Not as Hard as It Sounds)
- Drupal Is a Framework: Why Everyone Needs to Understand This
- A Topic for Discussion - Open Source Feature-Richness?
- Home, My Backup Data Center
- What's the tweeting protocol?
- New Products
- RSS Feeds
- Readers' Choice Awards
- Dart: a New Web Programming Experience
- Reply to comment | Linux Journal
12 hours 15 min ago - Reply to comment | Linux Journal
14 hours 48 min ago - Reply to comment | Linux Journal
16 hours 5 min ago - great post
16 hours 40 min ago - Google Docs
17 hours 3 min ago - Reply to comment | Linux Journal
21 hours 51 min ago - Reply to comment | Linux Journal
22 hours 38 min ago - Web Hosting IQ
1 day 12 min ago - Thanks for taking the time to
1 day 1 hour ago - Linux is good
1 day 3 hours ago
Enter to Win an Adafruit Prototyping Pi Plate Kit for Raspberry Pi
It's Raspberry Pi month at Linux Journal. Each week in May, Adafruit will be giving away a Pi-related prize to a lucky, randomly drawn LJ reader. Winners will be announced weekly.
Fill out the fields below to enter to win this week's prize-- a Prototyping Pi Plate Kit for Raspberry Pi.
Congratulations to our winners so far:
- 5-8-13, Pi Starter Pack: Jack Davis
- 5-15-13, Pi Model B 512MB RAM: Patrick Dunn
- Next winner announced on 5-21-13!
Free Webinar: Linux Backup and Recovery
Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.
In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.
Developer Poll
Comments
Thanks!
Wow. I had this exact problem---down to the detail of sending mail through my fastmail account---when setting up a linux host as a webserver. I didn't want to run a mailserver, but still needed local mail to be delivered to a working address. Thanks a bunch for this article.
Hello, I need the same
Hello,
I need the same scenario but in the reverse way, let's say I have a postfix server install at my office and I have the user testmail@mydomain.com and the mydomain.com is hosted at USA, I wanna any message sent to testmail@mydomain.com to be received at the main hosting which is in USA, and I wanna get my email via the postfic that is exist in the office, by setting up the postfix to connect to the mydomain.com at USA automatically and check if there is an emails in the mailbox get them and download in the testmail account at my office.
In this case I will get my email from the server that it's in my office instead of the connection to the main server.
I hope to find this solution at your side :( and please contact me at: rmbaba@gmail.com
Cheers,
Not Postfix
The solution to that problem is not postfix, it's fetchmail. Fetchmail can login to you USA account, fetch the mail and then deliver it to your local postfix. Your local postfix can then deliver it to people in the office.
Mitch Frazier is an Associate Editor for Linux Journal.
Almost works...
I almost have this working with gmail but it's not rewriting the To address. Postfix is delivering the email to gmail but it's still addressed to 'root@localhost.localdomain'. In /etc/aliases I have
don my.email@gmail.com
...
root don
I've also tried .forward files for both accounts. I'm missing some config option but I don't know what it is, any ideas?
Thanks
That's a Different Issue
That isn't part of what's being done here. The final destination of an email, perhaps somewhat bizarrely, doesn't really depend on the "To:" header.
Try adding this to /etc/postfix/generic:
Then run:
Then add this to /etc/postfix/main.cf:
smtp_generic_maps = hash:/etc/postfix/genericand restart postfix.
Mitch Frazier is an Associate Editor for Linux Journal.
very cool
This is very cool. Very helpful when you want to get your system mail. Or cron jobs, or whatever. I have a script that emails me my home IP address if/when it ever changes. It checks every five minutes and only emails me if it changes. The cool part is that I use google as the smpt server, by authing to google first, then sending the mail. Very similar to this, I just use gmail. -bb
This is very cool but I
This is very cool but I don't understand what that has to do with linux
The guys in the white coats are your friends
Don't be afraid, they won't hurt you.
Mitch Frazier is an Associate Editor for Linux Journal.