pamiętnik programisty » VoIP http://piotr.doniec.eu/devlog Wed, 28 Dec 2011 23:52:24 +0000 en hourly 1 http://wordpress.org/?v=3.2.1 GMail as relayhost in Postfix – without certs http://piotr.doniec.eu/devlog/2011/12/gmail-as-realyhost-in-postfix-without-certs/ http://piotr.doniec.eu/devlog/2011/12/gmail-as-realyhost-in-postfix-without-certs/#comments Tue, 27 Dec 2011 23:23:04 +0000 pejotr http://piotr.doniec.eu/devlog/?p=643 There are many articles describing how to setup GMail as a relayhost in Postfix mail server. Most of them involve creating local CA certificate and generation of client certificate. There is absolutely no need to! Just think, how GMail would be able to validate your own certificate created by your own CA available only on your local drive? What would be a purpose?

To make Postfix work with GMail you just need to add these lines to main.cf:

relayhost = [smtp.gmail.com]:587

# SASL
smtp_sasl_auth_enable=yes
smtp_sasl_password_maps=hash:/etc/postfix/sasl_passwd

# TLS
smtp_use_tls = yes
smtp_tls_CAfile=/etc/pki/tls/cert.pem # CentOS path
smtp_tls_loglevel=2
smtp_sasl_tls_security_options = noanonymous
tls_random_source = dev:/dev/urandom

And put just one line in sasl_passwd

[smtp.gmail.com]:587 username@gmail.com:password

After issuing following commands a connection between GMail and Postfix should work fine. You can test it using mail or sendmail program:

$ postmap hash:/etc/postfix/sasl_passwd
$ /etc/init.d/postfix restart
$ mail test@example.com
Subject: Test main
Test message
.
Cc:

You should have something like this in your /var/log/maillog file:

Dec 29 00:49:48 localhost postfix/smtp[5942]: setting up TLS connection to smtp.gmail.com
Dec 29 00:49:48 localhost postfix/smtp[5942]: certificate verification depth=2 subject=/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
Dec 29 00:49:48 localhost postfix/smtp[5942]: verify return: 1
Dec 29 00:49:48 localhost postfix/smtp[5942]: certificate verification depth=1 subject=/C=US/O=Google Inc/CN=Google Internet Authority
Dec 29 00:49:48 localhost postfix/smtp[5942]: verify return: 1
Dec 29 00:49:48 localhost postfix/smtp[5942]: certificate verification depth=0 subject=/C=US/ST=California/L=Mountain View/O=Google Inc/CN=smtp.gmail.com
Dec 29 00:49:48 localhost postfix/smtp[5942]: verify return: 1
Dec 29 00:49:48 localhost postfix/smtp[5942]: SSL_connect:SSLv3 read server certificate A
Dec 29 00:49:48 localhost postfix/smtp[5942]: SSL_connect:error in SSLv3 read server key exchange A
Dec 29 00:49:48 localhost postfix/smtp[5942]: SSL_connect:error in SSLv3 read server key exchange A
Dec 29 00:49:48 localhost postfix/smtp[5942]: SSL_connect:SSLv3 read server done A
Dec 29 00:49:48 localhost postfix/smtp[5942]: SSL_connect:SSLv3 write client key exchange A
Dec 29 00:49:48 localhost postfix/smtp[5942]: SSL_connect:SSLv3 write change cipher spec A
Dec 29 00:49:48 localhost postfix/smtp[5942]: SSL_connect:SSLv3 write finished A
Dec 29 00:49:48 localhost postfix/smtp[5942]: SSL_connect:SSLv3 flush data
Dec 29 00:49:48 localhost postfix/smtp[5942]: SSL_connect:error in SSLv3 read finished A
Dec 29 00:49:48 localhost last message repeated 3 times
Dec 29 00:49:48 localhost postfix/smtp[5942]: SSL_connect:SSLv3 read finished A
Dec 29 00:49:48 localhost postfix/smtp[5942]: Verified: subject_CN=smtp.gmail.com, issuer=Google Internet Authority
Dec 29 00:49:48 localhost postfix/smtp[5942]: TLS connection established to smtp.gmail.com: TLSv1 with cipher RC4-SHA (128/128 bits)
Dec 29 00:49:50 localhost postfix/smtp[5942]: 955CE3D48A06: to= , relay=smtp.gmail.com[74.125.79.108]:587, delay=2.2, delays=0.12/0.03/0.9/1.2, dsn=2.0.0, status=sent (250 2.0.0 OK 1325116190 t59sm126911139eeh.10)
Dec 29 00:49:50 localhost postfix/qmgr[5923]: 955CE3D48A06: removed

]]> http://piotr.doniec.eu/devlog/2011/12/gmail-as-realyhost-in-postfix-without-certs/feed/ 0 Karta X100P i Kernel Panic http://piotr.doniec.eu/devlog/2009/09/karta-x100p-i-kernel-panic/ http://piotr.doniec.eu/devlog/2009/09/karta-x100p-i-kernel-panic/#comments Mon, 21 Sep 2009 10:14:43 +0000 pejotr http://piotr.doniec.eu/devlog/?p=262 Karta x100pMimo nowych wersji zarówno Trixboxa i Astersika, problem nadaj pozostaje. Po skonfigurowaniu karty, w czasie wyłączania systemu kernel dostaje zadyszki o czym informuje znienawidzonym komunikatem „KERNEL PANIC”. Od ostatniego wpisu na ten temat ( jeszcze na stary blogu, który trafił szlag podczas aktualizacji WP) trochę się zmieniło. Nie ma już co szukać pliku KXXZaptel, bo znalezienie go oznacza że nasz system jest lekko zacofany – Zaptel jest obecnie znany jako DAHDI. Również zawartość odpowiedniego pliku jest lekko inna, ale mimo wszystko można problem rozwiązać.
Co należy zrobić to w /etc/rc6.d odnaleźć plik KXXdahdi, u mnie jest to K92dahdi i zakomentować poniższy fragment, okolice linii 235:

# Unload drivers
#shutdown_dynamic
#echo -n „Unloading DAHDI hardware modules: ”
#if unload_module dahdi; then
# echo „done”
#else
# echo „error”
#fi
#if [ "$LOCKFILE" != '' ]; then
# [ $RETVAL -eq 0 ] && rm -f $LOCKFILE
#fi

i zamykanie systemu zaczyna działać jak należy. Może sam problem nie jest zbyt uciążliwy gdyż działający serwer VoIP nie jest często resetowany. Ale zabawa zaczyna się gdy zaistnieje potrzeba przeprowadzenia takiej operacji zdalnie…

]]> http://piotr.doniec.eu/devlog/2009/09/karta-x100p-i-kernel-panic/feed/ 1