[HowTo] Postfix utilizando Gmail como smtp en Ubuntu/Debian.

Les pego el post de http://prantran.blogspot.com que a mi me salvó la vida, resulta que los mails que enviaba desde mi "server casero" eran rechazados aparentemente por no tener una ip estática o por estar en alguna lista negra (a pesar de nunca haber hecho spam ni nada por el estilo). Teniendo este gran problema, no se me ocurrió mejor idea que salir a través de gmail, y funcionó perfecto.

Getting Postfix to work on Ubuntu with Gmail

Here's what I want to do. I have an Ubuntu box (Edgy-Eft) at home, and I want to be able to send out email, and I want to use gmail as my relayhost. There are several sites online that explain bits of how to do this, and Mike Chirico's is particularly good. I used his tutorial as a starting point, but I noticed I had to do a few things differently to get it working on my own system, so I'm documenting the differences.

Differences

Disclaimer: Different about my setup is that I am using the Ubuntu packages, whereas Chirico's tutorial has you compile the packages yourself. There's nothing wrong with doing that, in fact, it's probably good for your soul, but I'd prefer to make use of the Ubuntu package manager as much as possible. Further, I'm not interested in using fetchmail, so I've done nothing with that.

Installing Postfix

The first thing I did was install postfix.

# apt-get install postfix

I told the configuration script that I was installing for an internet site. Happily, debian/ubuntu's postfix comes with TLS and SASL compiled in.

Generate Your Certificates

In order to connect to gmail, you need a certificate. Here's what happened when I generated my certificate.

# /usr/lib/ssl/misc/CA.pl -newca

Now generate a private key...

# openssl req -new -nodes -subj '/CN=prancingtarantula.net/O=Prancing Tarantula/C=US/ST=Illinois/L=Chicago/emailAddress=mattoxbeckman@gmail.com' -keyout FOO-key.pem -out FOO-req.pem -days 3650 

And sign it...

# openssl ca -out FOO-cert.pem -infiles FOO-req.pem

Now I copied them to the /etc/postfix directory.

# cp demoCA/cacert.pem FOO-key.pem FOO-cert.pem /etc/postfix
# chmod 644 /etc/postfix/FOO-cert.pem /etc/postfix/cacert.pem
# chmod 400 /etc/postfix/FOO-key.pem 

One difference from the tutorial: when running postfix, you may get warnings like this one:

Jan  4 17:21:59 calvin postfix/smtp[28881]: setting up TLS connection to smtp.gmail.com
Jan  4 17:21:59 calvin postfix/smtp[28881]: certificate verification failed for
smtp.gmail.com: num=20:unable to get local issuer certificate
Jan  4 17:21:59 calvin postfix/smtp[28881]: SSL_connect error to smtp.gmail.com: -1 

I've copied them in so people searching for them will find this. These warnings are because postfix doesn't know where to find the Thawte certificate that gmail used to sign its own certificate. Ubuntu includes it in its ssl package. You need to append it to the cacert.pem file you generated earlier.

cat /etc/ssl/certs/Thawte_Premium_Server_CA.pem >> cacert.pem

Transport

To cause the mail to be routed, you need a transport file. Here's mine:

# Contents of /etc/postfix/transport
#
# This sends mail to Gmail
*               smtp:[smtp.gmail.com]:587 

Different from the tutorial is the specification of port 587. If you leave that off, postfix will attempt to connect to port 25, which is blocked by many ISPs now. If you get a timeout error in your log file, that's what's happening. The Gmail help pages say you should be able to use port 465 also, but that times out for me as well. You'll have to add another line if you expect to receive mail at your machine.

SASL

You now need to set the SASL passwords. My file looks like this one:

# Contents of sasl_passwd
#
[smtp.gmail.com]:587             mattoxbeckman@gmail.com:password 

Of course, replace password and the email address with something appropriate for your system. Again, note the 587... if you leave that off, you will get very confusing log messages like this one:

Jan  4 18:20:30 calvin postfix/smtp[31770]: 49D438A6F:  to=, orig_to=, 
relay=smtp.gmail.com[64.233.163.109]:587, delay=7661,  delays=7660/0.1/0.19/0.03,
dsn=5.5.1, status=bounced  (host smtp.gmail.com[64.233.163.109] said:  530 5.5.1
Authentication Required 16sm56842404nzo  (in reply to MAIL FROM command)) 

This will be very frustrating because you will see the passwords are there, but they just aren't being used. Be sure to hash the files:

# postmap sasl_passwd
# postmap transport 

Wrapup

The lines in tls_per_site, main.cf and master.cf are like the tutorial. Just paste them into your own versions, and you should be good to go.