I have a Windows 2008 Virtual Private Server for SEO software, and some shared Linux hosting for WordPress blogs (such as this one) etc, I decided to look for new hosting lately as my hosting just cant cope with the load so last weekend decided to setup a Linux VPS with ethernet servers the price was insanely cheap so thought it worth a punt, everything was a breeze to setup except my need to have emails simply relayed out and sent to Google Apps.

The guy at ethernet servers was extremely helpful (even on a Sunday!) and installed virtualmin for me to have a nice web interface to multi site hosting, so getting WordPress up and running took no time at all.

The headache came from virtualmin setting Postfix as the mail handler and I spend a whole day trying to work out how to use google SMTP instead of it, After having a hell of a headache yesterday I followed these steps and today cracked it so that phpmail from sites on the Linux VPS (CentOS 6) end up sent nicely via SMTP to Gmail.

Prerequisites: Basically command line knowledge, ability to use text editors.

1. Install, configure, and test Postfix (already installed if you use virtualmin).

Postfix is a full featured mail server. That said, the scope of this guide is merely to configure it for use as an “smtp” relay for Gmail. In other words, we’ll be using our gmail account credentials and their system to relay our event alert mail. I found the following guide on the internet and used it to configure and test Postfix successfully:

A. Install

(Note the following install commands are based on yum/Fedora. Alter based on your distribution

Install Postfix and cyrus-sasl with your application manager of choice. If you’re compiling from source, be sure to make Postfix with the -DUSE_SASL_AUTH flag for SASL support and -DUSE_TLS for TLS support.

$ yum install postfix cyrus-sasl

Stop the sendmail service

$ /etc/init.d/sendmail stop

Remove sendmail from the startup runlevels

$ chkconfig --del sendmail

B. Configure Postfix as Gmail SMTP relay

If you’re attempting to relay mail using Gmail, then it will be necessary to use TLS with Postfix. You’ll have to point Postfix at your server’s trusted CA root certificate bundle, but luckily “…client-side certificates are not required when relaying mail to GMail”.

1. First, double-check that Postfix was configured with SSL support (ie. ldd should return at least one line starting with libssl):

$ whereis -b postfix
postfix: /usr/sbin/postfix /etc/postfix /usr/libexec/postfix
$ ldd /usr/sbin/postfix
libssl.so.6 => /lib/libssl.so.6 (0x00111000)

2. Now we need to find your server’s CA root certificate bundle, which is typically distributed with openssl. The bundle file is used by Postfix to verify Gmail’s SSL certificate (signed by Thawte). On my CentOS server, this file was located at /etc/pki/tls/certs/ca-bundle.crt, but may be in a different location on your box (ie. /etc/ssl/certs). Mine was in /usr/share/doc/mutt.

$ locate ca-bundle.crt

3. Edit /etc/postfix/main.cf with the following values (edit-Postfix comes with a predefined template, I moved that to main.cf.bak and used Nano to create a blank file for the following content. It was cleaner when it came to testing as the template comes with a bunch of text explanation for each setting. If you’re blindly following a guide like this one, it just all gets in the way):

Copy/paste the following into a blank “/etc/postfix/main.cf” file using your favorite text editor (I like Nano):

relayhost = smtp.gmail.com:587
mydomain = local.domain
myhostname = host.local.domain
myorigin = $myhostname
smtpd_sasl_path = smtpd
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_type = cyrus
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
smtp_use_tls  = yes
smtp_tls_CAfile = /path/to/your/ca-bundle.crt
smtp_sasl_tls_security_options = noanonymous

4. Copy/paste the following into a blank “/etc/postfix/sasl_passwd” file. Change username & password to your gmail username and password of course.

# The server info must exactly match the value
# for "relayhost" in /etc/postfix/main.cf
smtp.gmail.com:587 username:password

5. Generate a postfix lookup table from the previous file

$ postmap hash:/etc/postfix/sasl_passwd

5a. Make sure that the hash “took” by checking it with the following command. The response should be the user:pass that you defined for the file. Basically, we’re confirming that Postfix has the ability to pull up the user:pass when it needs it and you didn’t hose the command with the wrong path or file name or something:

postmap -q smtp.gmail.com:587 /etc/postfix/sasl_passwd

6. Get rid of the clear text password file (I’d really do this at the end, once it’s confirmed functional, but don’t forget)

$ rm /etc/postfix/sasl_passwd

C1. Restart postfix and send a test email

$ postfix reload
$ sendmail [email protected]
Test relay thru Gmail

2. Go check your the email account you sent your test email to.

3. Troubleshooting

Monitor postfix mail log in a separate session with the following command

$ tail -f /var/log/maillog