The Complete Magazine on Open Source

Relay Mails Using Gmail on RHEL6.1

SHARE
/ 214 0

This article explains the use of Postfix as a mail transfer agent to relay mails using Gmail.

In this article, lets explore how to configure RHEL 6.1 [x86] to relay emails using Gmail. In order to do so, we need to configure Postfix in RHEL 6.1. Postfix is a free and open source mail transfer agent [MTA] that routes and delivers emails. It’s an alternative to Sendmail, which, to date, is the most widely used MTA that routes and delivers emails. It supports various mail transfer and delivery methods, which includes SMTP (Simple Mail Transfer Protocol).

Prerequisites
The settings given below are configured.
1. The operating system, host name and IP address used are RHEL 6.1, PILOTVM01.linuxrocks.org and 192.168.1.15, respectively.
2. The /etc/hosts configuration file should look like what’s shown below:

#cat /etc/hosts

127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.1.15 PILOTVM01 PILOTVM01.linuxrocks.org

3. To set the IP address, type:

[GUI – System -> Preferences -> Network Connection;
4. Now, turn ‘OFF’ the firewall:
[GUI – System -> Administration -> Firewall.
If you want to stop the firewall using command, we can run:

service iptables stop
chkconfig iptables off

5. Next, disable SELinux.

6. Now change the system’s date and time [optional].
To change date and time go to System -> Administration -> Date & Time and modify the value.

Postfix configuration on RHEL 6.1 x86
Before we start with the configuration, here are some points to consider. For office users, Internet connectivity to Postfix Server is a must. In case of limited Internet connectivity as part of organisational policy, at least Gmail must be accessible.
For home users, Internet connectivity to Postfix Server should not be an issue.
Since, in my environment, I have a separate colour coded cable for free Internet, I just needed to configure the IP address mode to be dynamic so as to receive the IP address automatically. In my case, the IP address received is 192.168.1.15
So, the network configuration depends upon the environment in which you are configuring Postfix Server.
Verify if the Postfix package is already installed, as follows:

#rpm -qa | grep postfix*
postfix-2.6.6-2.1.el6_0.i686

As observed, the package is already installed.

If not installed, please install the package from the RHEL 6.1 DVD with the following command:

#rpm --ivh --aid --force postfix-2.6.6-2.1.el6_0.i686.rpm

In case of package dependencies, keep appending the dependent package name with the above command till all dependencies are resolved and Postfix is installed.
Once the package is installed, open the primary configuration file of Postfix with the Vi Editor:

#vi /etc/postfix/main.cf

Now add the following lines at the end of the configuration file [precisely after Line 676]:

#EDITED BY ARINDAM MITRA
smtp_sasl_security_options = noanonymous
#sasl [Simple Authentication and Secure Layer] #option, no anonymous login.
relayhost = smtp.gmail.com:587
#Setting Gmail as relay
smtp_use_tls = yes
#Use TLS [Transport Layer Security]
smtp_tls_CAfile = /etc/postfix/cacert.pem
#Trusted Server Certificate while verifying
smtp_sasl_auth_enable = yes
#Use of sasl [Simple Authentication and Secure Layer]
#while authenticating to foreign SMTP Server, in our
#case, it is GMAIL
smtp_sasl_password_maps = hash:/etc/postfix/sasl/passwd
#Location of Hash Password File [as its more Secure]

Now follow the steps given below:

[[email protected] ~]#cd /etc/postfix/

Verify if the directory named sasl exists:

[[email protected] postfix]#ll
total 140
-rw-r--r--. 1 root root 19579 Mar 9 2011 access
-rw-r--r--. 1 root root 11681 Mar 9 2011 canonical
-rw-r--r--. 1 root root 9904 Mar 9 2011 generic
-rw-r--r--. 1 root root 18287 Mar 9 2011 header_checks
-rw-r--r-- 1 root root 27256 May 18 10:51 main.cf
-rw-r--r--. 1 root root 5113 Mar 9 2011 master.cf
-rw-r--r--. 1 root root 6816 Mar 9 2011 relocated
-rw-r--r--. 1 root root 12500 Mar 9 2011 transport
-rw-r--r--. 1 root root 12494 Mar 9 2011 virtual

As observed, no directory named sasl exists.
Proceed further by creating a directory named sasl and re-verify:

[[email protected] postfix]#mkdir sasl
[[email protected] postfix]#ll
total 144
-rw-r--r--. 1 root root 19579 Mar 9 2011 access
-rw-r--r--. 1 root root 11681 Mar 9 2011 canonical
-rw-r--r--. 1 root root 9904 Mar 9 2011 generic
-rw-r--r--. 1 root root 18287 Mar 9 2011 header_checks
-rw-r--r-- 1 root root 27256 May 18 10:51 main.cf
-rw-r--r--. 1 root root 5113 Mar 9 2011 master.cf
-rw-r--r--. 1 root root 6816 Mar 9 2011 relocated
drwxr-xr-x 2 root root 4096 May 18 11:03 sasl
-rw-r--r--. 1 root root 12500 Mar 9 2011 transport
-rw-r--r--. 1 root root 12494 Mar 9 2011 virtual

Browse to directory sasl, create a 0 byte file named passwd, open it with the Vi editor and add the following lines:

[[email protected] postfix]#cd sasl/
[[email protected] sasl]#touch passwd
[[email protected] sasl]#cat passwd
[[email protected] sasl]# vi passwd
[[email protected] sasl]#

[[email protected] sasl]#cat passwd
smtp.gmail.com:587 [email protected]:GMAIL PASSWORD
[[email protected] sasl]#

Now change the permissions so that only the owner [in our case, root] can read and write the passwd file:

[[email protected] sasl]#chmod 600 passwd
[[email protected] sasl]#ll
total 4
-rw------- 1 root root 52 May 18 11:08 passwd
[[email protected] sasl]#

HASH the passwd file so that it is more secure.

[[email protected] sasl]#postmap passwd

As observed, after HASHING, passwd and passwd.db both reside in the same location.

[[email protected] sasl]#ll
total 12
-rw------- 1 root root 52 May 18 11:08 passwd
-rw------- 1 root root 12288 May 18 11:10 passwd.db
[[email protected] sasl]#

Now generate the TRUSTED SERVER CERTIFICATE for verification.

[[email protected] sasl]#cd /etc/pki/tls/certs/
[[email protected] certs]#ll
total 1220
-rw-r--r--. 1 root root 578465 Apr 7 2010 ca-bundle.crt
-rw-r--r--. 1 root root 658225 Apr 7 2010 ca-bundle.trust.crt
-rwxr-xr-x. 1 root root 610 Feb 10 2011 make-dummy-cert
-rw-r--r--. 1 root root 2242 Feb 10 2011 Makefile
[[email protected] certs]#

[[email protected] certs]#make pilotvm01.pem
umask 77 ; \
PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
/usr/bin/openssl req -utf8 -newkey rsa:2048 -keyout $PEM1 -nodes -x509 -days 365 -out $PEM2 -set_serial 0 ; \
cat $PEM1 > pilotvm01.pem ; \
echo “” >> pilotvm01.pem ; \
cat $PEM2 >> pilotvm01.pem ; \
rm -f $PEM1 $PEM2
Generating a 2048 bit RSA private key
...........+++
..............+++
writing new private key to ‘/tmp/openssl.4L2n3J’
-----

You will be asked to enter information that will be incorporated in your certificate request.
What you will enter is called a ‘distinguished name’ or a DN. There are quite a few fields but you can leave some blank. For some fields, there will be a default value. If you enter ‘.’, the field will be left blank.

Country Name (2 letter code) [XX]:IN
State or Province Name (full name) []:MAHARASHTRA
Locality Name (eg, city) [Default City]:PUNE
Organization Name (eg, company) [Default Company Ltd]:OSFY
Organizational Unit Name (eg, section) []:PUBLISHING
Common Name (eg, your name or your server›s hostname) []:PILOTVM01
Email Address []:[email protected]
[[email protected] certs]#

[[email protected] certs]#ll
total 1224
-rw-r--r--. 1 root root 578465 Apr 7 2010 ca-bundle.crt
-rw-r--r--. 1 root root 658225 Apr 7 2010 ca-bundle.trust.crt
-rwxr-xr-x. 1 root root 610 Feb 10 2011 make-dummy-cert
-rw-r--r--. 1 root root 2242 Feb 10 2011 Makefile
-rw------- 1 root root 3141 May 18 11:14 pilotvm01.pem
[[email protected] certs]#

Now rename the certificate from pilotvm01.pem as cacert.pem while copying it to /etc/Postfix/:

[[email protected] certs]#cp pilotvm01.pem /etc/Postfix/cacert.pem
[[email protected] certs]#cd
[[email protected] ~]#

Verify if the Postfix Service is running, as follows:

[[email protected] ~]#service Postfix status
master (pid 2093) is running...
[[email protected] ~]#

After verification, restart the Postfix Service:

[[email protected] ~]#service postfix restart
Shutting down postfix: [ OK ]
Starting postfix: [ OK ]
[[email protected] ~]#

Now, let’s try sending email.
1. To send email as the root user, type:

echo “This is message body” | mail -s “This is Subject” <VALID EMAIL ADDRESS>

Example:

[[email protected] ~]#echo “This is the message body” | mail -s “This is the Subject” [email protected]

Observation:
On receiving email, the ‘From Address’ is displayed as [email protected].
2. Now let’s create a normal user ‘adminlinux’ and then send email:

[[email protected] ~]#useradd adminLinux
[[email protected] ~]#su - adminLinux

[[email protected] ~]$pwd
/home/adminLinux
[[email protected] ~]$

[[email protected] ~]$echo «This is the message body» | mail -s «This is the Subject» [email protected]
[[email protected] ~]$

Observation:
On receiving email, the ‘From Address’ is displayed as <[email protected]>.
3. To send email with attachments as user adminlinux, type:

[[email protected] ~]$echo “This is message body” | mail -s “This is Subject” -r “Arindam<[email protected]>” -a /root/df.txt [email protected]
Note: 1. With the -r option, the ‘from’ name and address can be specified.
2. With the -a option, attachments can be added.