pamiętnik programisty

There are many articles describing how to setup GMail as a relayhost in Postfix mail server. Most of them involve creating local CA certificate and generation of client certificate. There is absolutely no need to! Just think, how GMail would be able to validate your own certificate created by your own CA available only on your local drive? What would be a purpose?

To make Postfix work with GMail you just need to add these lines to main.cf:

relayhost = [smtp.gmail.com]:587</code>

# SASL
smtp_sasl_auth_enable=yes
smtp_sasl_password_maps=hash:/etc/postfix/sasl_passwd

# TLS
smtp_use_tls = yes
smtp_tls_CAfile=/etc/pki/tls/cert.pem # CentOS path
smtp_tls_loglevel=2
smtp_sasl_tls_security_options = noanonymous
tls_random_source = dev:/dev/urandom

And put just one line in sasl_passwd

[smtp.gmail.com]:587 username@gmail.com:password

After issuing following commands a connection between GMail and Postfix should work fine. You can test it using mail or sendmail program:

$ postmap hash:/etc/postfix/sasl_passwd
$ /etc/init.d/postfix restart
$ mail test@example.com
Subject: Test main
Test message
.
Cc:

You should have something like this in your /var/log/maillog file:

Dec 29 00:49:48 localhost postfix/smtp[5942]: setting up TLS connection to smtp.gmail.com
Dec 29 00:49:48 localhost postfix/smtp[5942]: certificate verification depth=2 subject=/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
Dec 29 00:49:48 localhost postfix/smtp[5942]: verify return: 1
Dec 29 00:49:48 localhost postfix/smtp[5942]: certificate verification depth=1 subject=/C=US/O=Google Inc/CN=Google Internet Authority
Dec 29 00:49:48 localhost postfix/smtp[5942]: verify return: 1
Dec 29 00:49:48 localhost postfix/smtp[5942]: certificate verification depth=0 subject=/C=US/ST=California/L=Mountain View/O=Google Inc/CN=smtp.gmail.com
Dec 29 00:49:48 localhost postfix/smtp[5942]: verify return: 1
Dec 29 00:49:48 localhost postfix/smtp[5942]: SSL_connect:SSLv3 read server certificate A
Dec 29 00:49:48 localhost postfix/smtp[5942]: SSL_connect:error in SSLv3 read server key exchange A
Dec 29 00:49:48 localhost postfix/smtp[5942]: SSL_connect:error in SSLv3 read server key exchange A
Dec 29 00:49:48 localhost postfix/smtp[5942]: SSL_connect:SSLv3 read server done A
Dec 29 00:49:48 localhost postfix/smtp[5942]: SSL_connect:SSLv3 write client key exchange A
Dec 29 00:49:48 localhost postfix/smtp[5942]: SSL_connect:SSLv3 write change cipher spec A
Dec 29 00:49:48 localhost postfix/smtp[5942]: SSL_connect:SSLv3 write finished A
Dec 29 00:49:48 localhost postfix/smtp[5942]: SSL_connect:SSLv3 flush data
Dec 29 00:49:48 localhost postfix/smtp[5942]: SSL_connect:error in SSLv3 read finished A
Dec 29 00:49:48 localhost last message repeated 3 times
Dec 29 00:49:48 localhost postfix/smtp[5942]: SSL_connect:SSLv3 read finished A
Dec 29 00:49:48 localhost postfix/smtp[5942]: Verified: subject_CN=smtp.gmail.com, issuer=Google Internet Authority
Dec 29 00:49:48 localhost postfix/smtp[5942]: TLS connection established to smtp.gmail.com: TLSv1 with cipher RC4-SHA (128/128 bits)
Dec 29 00:49:50 localhost postfix/smtp[5942]: 955CE3D48A06: to= , relay=smtp.gmail.com[74.125.79.108]:587, delay=2.2, delays=0.12/0.03/0.9/1.2, dsn=2.0.0, status=sent (250 2.0.0 OK 1325116190 t59sm126911139eeh.10)
Dec 29 00:49:50 localhost postfix/qmgr[5923]: 955CE3D48A06: removed