Hi,

I'm trying to setup postfix on my server to relay outgoing emails to smtp.gmail.com.

Here's my configuration

/etc/postfix/main.cf

queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
mail_owner = postfix
myhostname = myhostname.mydomain.com
mydomain = mydomain.com
myorigin = $mydomain
inet_interfaces = 127.0.0.1
mydestination = $myhostname, localhost.$mydomain, localhost
unknown_local_recipient_reject_code = 550
mynetworks_style = subnet
mynetworks = 127.0.0.0/8
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.4.5/samples
readme_directory = /usr/share/doc/postfix-2.4.5/README_FILES

smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject _unauth_destination
smtp_tls_per_site = hash:/etc/postfix/tls_per_site
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtpd_sasl_auth_enable = no
smtp_sasl_auth_enable = yes
smtp_sasl_type = cyrus
smtpd_sasl_local_domain = $myhostname
smtp_sasl_tls_security_options = noanonymous
smtp_sasl_security_options =
smtpd_sasl_application_name = smtpd

smtp_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtp_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtp_tls_key_file = /etc/postfix/ssl/smtpd.key
smtp_tls_session_cache_database = btree:/var/run/smtp_tls_session_cache
smtp_use_tls = yes
smtp_tls_note_starttls_offer = yes

smtpd_tls_auth_only = no
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_tls_session_cache_database = btree:/var/run/smtpd_tls_session_cache
tls_random_source = dev:/dev/urandom

relayhost = [smtp.gmail.com]:587

disable_dns_lookups = yes

smtp_generic_maps = hash:/etc/postfix/generic
transport_maps = hash:/etc/postfix/transport

/etc/postfix/sasl_passwd

[smtp.gmail.com]:587 myemail@gmail.com:mypass

/etc/postfix/transport

* smtp:[smtp.gmail.com]:587

/etc/hosts

"my public ip" myhostname.mydomain.com
127.0.0.1 localhost.localdomain localhost

When I try to send an email, it looks successful

/var/log/maillog

Jun 15 12:13:47 myhostname postfix/smtp[17854]: 54030249809E: to=<xxx@yyy.com>, relay=smtp.gmail.com[72.14.205.111]:587, delay=15, delays=0.06/0.05/1.5/14, dsn=2.0.0, status=sent (250 2.0.0 OK 1213546427 27sm882051qbw.19)

But in my gmail, I receive a bounce because google filters my email as spam

This is an automatically generated Delivery Status Notification

Delivery to the following recipient failed permanently:

xxx@yyy.com

Technical details of permanent failure:
PERM_FAILURE: Message rejected. See http://mail.google.com/support/bin/answer.py?answer=69585 for more information.

----- Original message -----

Received: by 10.150.123.16 with SMTP id v16mr8996608ybc.40.1213546416258;
Sun, 15 Jun 2008 09:13:36 -0700 (PDT)
Return-Path: <myemail@gmail.com>
Received: from myhostname.mydomain.com ( [my public ip])
by mx.google.com with ESMTPS id 27sm882051qbw.19.2008.06.15.09.13.34
(version=TLSv1/SSLv3 cipher=RC4-MD5);
Sun, 15 Jun 2008 09:13:34 -0700 (PDT)
Received: from myhostname.mydomain.com (localhost.localdomain [127.0.0.1])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
by myhostname.mydomain.com (Postfix) with ESMTP id 54030249809E
for <xxx@yyy.com>; Sun, 15 Jun 2008 12:13:32 -0400 (EDT)
Received: (from root@localhost)
by myhostname.mydomain.com (8.14.2/8.14.2/Submit) id m5FGDWsW017848
for xxx@yyy.com; Sun, 15 Jun 2008 12:13:32 -0400
Date: Sun, 15 Jun 2008 12:13:32 -0400
From: root <myemail@gmail.com>
Message-Id: <200806151613.m5FGDWsW017848@myhostname.mydomain.co m>
To: xxx@yyy.com
Subject:

Since I saw a lot of posts saying that postfix relay to gmail works for them, the only reason I can think that can cause my mail to be rejected by google is DNS.

For those of you that were able to make this work, did you have to create an A record in DNS for myhostname.mydomain.com and a PTR record for reverse DNS.

If it's not DNS, any idea why my setup is not working

Thanks

You should definitely create an A record and also an SPF record for your hostname. Also make sure that the PTR record is ok.

Thank you. I will try that.

I created an A record and a PTR record for the host I use to relay emails from to my gmail account and an SPF record for my domain name
v=spf1 include:aspmx.googlemail.com ~all

and I still can't send emails from my server using my gmail account. I see the email I sent in my gmail account but I don't see any bounce.

In my logs, all looks ok

Jun 30 15:44:31 store postfix/smtp[26109]: 649BA24980B5: to=<zzz@xxx.com>, relay=smtp.gmail.com[72.14.205.109]:587, delay=1364, delays=1362/0.05/0.75/1.4, dsn=2.0.0, status=sent (250 2.0.0 OK 1214855071 k8sm6697487qba.5)

Can you please help me find out why my setup still does not work

Your spf record is not correct, you are claiming you only send mail from gmail and yet your server is not on googles network.

I thought that I needed to put include:aspmx.googlemail.com so that mail from my domain that comes from gmail will be accepted since I'm relaying all my outgoing mails with my gmail account.

But you are correct. There is a mistake in my SPF. I forgot to put my own domain name as an authorized sender. So I changed it to

v=spf1 a:mydomain.com include:aspmx.googlemail.com -all

But mail still is not delivered by gmail, no bounce.

I don't understand what's wrong, can someone please help.

Can someone please help

I just tried to send an email from my server to my gmail account and it worked. Does that mean that gmail allow only relaying mails if the destination of the email is my own gmail email adrress or any gmail email adresses. Can you please confirm if you were able to relay email through gmail to non gmail destination emails.

Thanks

The purpose of relaying is that you can send emails also to non-gmail addresses, so there's still something wrong.

So I found the problem.

I made a mistake when I typed my domain in

myhostname = myhostname.mydomain.com
mydomain = mydomain.com

Now it works well.

The only things to fix now are:

1- how to send an alias as the originator of the mail instead of the local unix account to replace

From: root <xxx@gmail.com> by

From: xxx <xxx@gmail.com>

I tried to add in my main.cf

alias_maps = hash:/etc/postfix/aliases
alias_database = hash:/etc/postfix/aliases

and I run

postalias /etc/postfix/aliases

Here's the content of /etc/postfix/aliases

root: xxx

I also tried to use the generic file. Here's the content

root@myhostname.mydomain.com xxx@gmail.com

But neither works.

2- how to deliver local mail like logwatch locally instead of through gmail since I gmailis not able to deliver mail to my domain because I don't have an MX record in DNS and I'm not sure if I can create one that points to google MX.

Here's my transport file

mydomain.com local:
.mydomain.com local:
* smtp:[smtp.gmail.com]:587

3- When I check the message header in the recepient account, I see

Received: from myhostname.mydomain.com ( [my public ip address])
by mx.google.com with ESMTPS id p31sm2455504qbp.6.2008.07.05.05.40.57
(version=TLSv1/SSLv3 cipher=RC4-MD5);
Sat, 05 Jul 2008 05:40:58 -0700 (PDT)
Received: from myhostname.mydomain.com (unknown [127.0.0.1])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
by myhostname.mydomain.com (Postfix) with ESMTP id 829F524980AC
for <xxx@yyy.com>; Sat, 5 Jul 2008 08:40:18 -0400 (EDT)
Received: (from root@localhost)
by myhostname.mydomain.com (8.14.2/8.14.2/Submit) id m65CeI0s006336
for xxx@yyy.com; Sat, 5 Jul 2008 08:40:18 -0400
Date: Sat, 5 Jul 2008 08:40:18 -0400
From: root <xxx@gmail.com>

How can I fix my configuration to get rid of references to unknown [127.0.0.1] and (from root@localhost).

Im my /etc/hosts, I only put my public ip address. I removed localhost and 127.0.0.1.

4- Each time I reboot my server, postfix fails to start. I don't know why. When I execute the script manually to start the service, it works.

Here's my init script

#!/bin/bash

# Source function library.
. /etc/rc.d/init.d/functions

# Source networking configuration.
. /etc/sysconfig/network

# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 0

[ -x /usr/sbin/postfix ] || exit 0
[ -d /etc/postfix ] || exit 0
[ -d /var/spool/postfix ] || exit 0

RETVAL=0

start() {
# Start daemons.
echo -n "Starting postfix: "
alias_database=$(postconf -h alias_database 2>/dev/null)
RETVAL=1
[ -z "$alias_database" ] && {
failure "determination of alias_database"
echo
return 0
}
/usr/sbin/postalias ${alias_database//,} 2>/dev/null
RETVAL=$?
[ $RETVAL -ne 0 ] && {
failure "postalias $alias_database"
echo
return 0
}
/usr/sbin/postfix start 2>/dev/null 1>&2 && success || failure
RETVAL=$?
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/postfix
echo
return $RETVAL
}

stop() {
# Stop daemons.
echo -n "Shutting down postfix: "
/usr/sbin/postfix stop 2>/dev/null 1>&2 && success || failure
RETVAL=$?
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/postfix
echo
return $RETVAL
}

reload() {
echo -n "Reloading postfix: "
/usr/sbin/postfix reload 2>/dev/null 1>&2 && success || failure
RETVAL=$?
echo
return $RETVAL
}

abort() {
/usr/sbin/postfix abort 2>/dev/null 1>&2 && success || failure
return $?
}

flush() {
/usr/sbin/postfix flush 2>/dev/null 1>&2 && success || failure
return $?
}

check() {
/usr/sbin/postfix check 2>/dev/null 1>&2 && success || failure
return $?
}

restart() {
stop
start
}

# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
stop
start
;;
reload)
reload
;;
abort)
abort
;;
flush)
flush
;;
check)
check
;;
status)
status master
;;
condrestart)
[ -f /var/lock/subsys/postfix ] && restart || :
;;
*)
echo "Usage: postfix {start|stop|restart|reload|abort|flush|check|statu s|condrestart}"
exit 1
esac

exit $?

Here's the chkconfig output

# chkconfig --list | grep postfix
postfix 0:off 1:off 2:on 3:on 4:on 5:on 6:off

Thank you for heping me resolve these issues.

1- how to send an alias as the originator of the mail instead of the local unix account to replace

From: root <xxx@gmail.com> by

From: xxx <xxx@gmail.com>

I tried to add in my main.cf

alias_maps = hash:/etc/postfix/aliases
alias_database = hash:/etc/postfix/aliases

and I run

postalias /etc/postfix/aliases

Here's the content of /etc/postfix/aliases

root: xxx

I also tried to use the generic file. Here's the content

root@myhostname.mydomain.com xxx@gmail.com

But neither works.You must set the correct sender address in your email client.



4- Each time I reboot my server, postfix fails to start. I don't know why. When I execute the script manually to start the service, it works.



Here's the chkconfig output

# chkconfig --list | grep postfix
postfix 0:off 1:off 2:on 3:on 4:on 5:on 6:off

Thank you for heping me resolve these issues.Which distribution are you using? Any errors in your mail logs?

Thank you Falko for your answer.

1- So there is no way to force my gmail email address as the sender of all the emails from all accounts of my server.

The only way is to do it on the client. Is that it ?

I thought smtp_generic_maps = hash:/etc/postfix/generic is supposed to do just that as per the doc. But the from field in the message header at the receipient shows root <zzz@gmail.com>. So the email adress is correct but the name is still the local user account.

4- I use fedora FC 8. I checked /var/log/messages and it looks like the issue is related to selinux policy.

setroubleshoot: SELinux is preventing master (postfix_master_t) "read write" to ./master.pid (var_run_t). For complete SELinux messages. run sealert -l a907be07-4f94-4f07-87b5-f09524a884ec

Raw Audit Messages

host=myhostname.mydomain.com type=AVC msg=audit(1215395831.39:10): avc: denied { read write } for pid=2214 comm="master" name="master.pid" dev=dm-1 ino=38371404 scontext=system_u:system_r:postfix_master_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file

host=myhostname.mydomain.com type=SYSCALL msg=audit(1215395831.39:10): arch=c000003e syscall=2 success=no exit=-13 a0=2aaaaacf57a0 a1=2 a2=0 a3=0 items=0 ppid=2213 pid=2214 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="master" exe="/usr/libexec/postfix/master" subj=system_u:system_r:postfix_master_t:s0 key=(null)

Here's what I have in maillog when I restart the server

postfix/postfix-script[14004]: stopping the Postfix mail system
postfix/postfix-script[14007]: waiting for the Postfix mail system to terminate
postfix/postfix-script[14010]: waiting for the Postfix mail system to terminate
postfix/postfix-script[14013]: waiting for the Postfix mail system to terminate
postfix/postfix-script[14016]: waiting for the Postfix mail system to terminate
postfix/postfix-script[14019]: waiting for the Postfix mail system to terminate
postfix/postfix-script[14021]: warning: stopping the Postfix mail system with force
postfix/postfix-script[2215]: fatal: the Postfix mail system is already running

I'm not sure what to do to fix this. I don't know selinux that well.

Any answer for 2 and 4, anybody.

Please disable SELinux (see chapter 7 on http://www.howtoforge.com/fedora-8-server-lamp-email-dns-ftp-ispconfig-p3 ).

I updated selinix package to update the policies and restarted the server.

Now postfix starts correctly.

Does anyone have an answer for my other questions.

Special thanks for Falko for his help to fix my issues.