Postfix gmail relay MEGOLDVA!

Linux-haladó

Udvozlok mindenkit.

A tema mar elegge leragott csont, itt is es a neten is, de belefutottam egy olyan dologba, amivel nem nagyon tudok mit kitalalni.
Nem sok ezzel kapcsolatos forumot talaltam, azoknak a java resze is kodos, vagy felbemaradt.

A nota a regi: szeretnem, ha a postfixnek az altalam elore letrehozott gmail fiok relayezne.

Az alabbi tutorialt zongoraztam vegig, lepesrol lepesre:

http://wiki.linuxmce.org/index.php/Postfix_configured_with_Gmail_SMTP

Ha szeretnek egy masik cimre mailt kuldeni a mail, vagy nail paranccsal, akkor a mail.log tartalma a kovetkezo:


Mar 1 19:32:19 tsztmhq postfix/pickup[1829]: 882BA388E7: uid=0 from=
Mar 1 19:32:20 tsztmhq postfix/cleanup[1956]: 882BA388E7: message-id=<20110301183219.882BA388E7@tsztmhq.localdomain>
Mar 1 19:32:20 tsztmhq postfix/qmgr[1830]: 882BA388E7: from=, size=452, nrcpt=1 (queue active)
Mar 1 19:32:20 tsztmhq postfix/tlsmgr[1960]: warning: request to update table btree:/var/run/smtpd_tls_session_cache in non-postfix directory /var/run
Mar 1 19:32:20 tsztmhq postfix/tlsmgr[1960]: warning: redirecting the request to postfix-owned data_directory /var/lib/postfix
Mar 1 19:32:20 tsztmhq postfix/tlsmgr[1960]: warning: request to update table btree:/var/run/smtp_tls_session_cache in non-postfix directory /var/run
Mar 1 19:32:20 tsztmhq postfix/tlsmgr[1960]: warning: redirecting the request to postfix-owned data_directory /var/lib/postfix
Mar 1 19:32:21 tsztmhq postfix/smtp[1959]: warning: cannot get certificate from file /etc/postfix/cert.pem
Mar 1 19:32:21 tsztmhq postfix/smtp[1959]: warning: TLS library problem: 1959:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:647:Expecting: CERTIFICATE:
Mar 1 19:32:21 tsztmhq postfix/smtp[1959]: warning: TLS library problem: 1959:error:140DC009:SSL routines:SSL_CTX_use_certificate_chain_file:PEM lib:ssl_rsa.c:727:
Mar 1 19:32:21 tsztmhq postfix/smtp[1959]: cannot load RSA certificate and key data
Mar 1 19:32:21 tsztmhq postfix/smtp[1959]: 882BA388E7: to=, relay=smtp.gmail.com[74.125.39.109]:587, delay=1.9, delays=0.79/0.89/0.2/0, dsn=4.7.5, status=deferred (TLS is required, but our TLS engine is unavailable)

A postfixem, main.cf fajlja:


# See /usr/share/postfix/main.cf.dist for a commented, more complete version

# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no
##TLS settings
smtp_tls_loglevel = 1
smtp_enforce_tls = yes
smtp_tls_CAfile = /etc/postfix/cacert.pem
smtp_tls_cert_file = /etc/postfix/cert.pem
smtp_tls_key_file = /etc/postfix/key.pem
smtp_tls_session_cache_database = btree:/var/run/smtp_tls_session_cache
smtp_use_tls = yes
smtpd_tls_CAfile = /etc/postfix/cacert.pem
smtpd_tls_cert_file = /etc/postfix/cert.pem
smtpd_tls_key_file = /etc/postfix/key.pem
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database = btree:/var/run/smtpd_tls_session_cache
smtpd_use_tls = yes
###?
#smtpd_enforce_tls = no
smtpd_tls_security_level = may
tls_random_source = dev:/dev/urandom

## SASL Settings
smtpd_sasl_auth_enable = no
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtpd_sasl_local_domain = $myhostname
smtp_sasl_security_options = noanonymus
#smtp_sasl_security_options =
smtp_sasl_tls_security_options = noanonymus
smtpd_sasl_application_name = smtpd

##Gmail Relay
relayhost = [smtp.gmail.com]:587

# Disable DNS lookups
disable_dns_lookups = yes
#
smtp_generic_maps = hash:/etc/postfix/generic
#
#
transport_maps = hash:/etc/postfix/transport

Kernek szepen egy kis segitseget, mert egyszer mar csinaltam ilyet, akkor nem volt az ominozus "TLS engine is unavailable" viszon most jelentkezett, es a forumok olvasgatasaval erdemben nem jutottam semmire.

Elore is koszonom a segitseget.

  • 4882 megtekintés

( wildy | 2011. 03. 01., k – 20:34 )

Elso korben ki kene venni a chroot-bol az smtp-t. Lasd master.cf

A postfix a /var/spool/postfix chroot-ban futtatja bizonyos komponenseit, es ha az smtp is ott fut, akkor a certificatenek is ott kellene lennie. A master.cf-ben vagy egy vagy tobb smtp-re vegzodo sor. Ha ebben a sorban az otodik oszlopban nem n van (ez a chroot oszlopa), akkor ird at, es inditsd ujra a postfixet. Ha ezutan mukodik, akkor ez volt a gond, nyugodtan rakd vissza chroot-ba, csak masold be a szukseges dolgokat (mas modon is meg lehetne oldani, de az bonyolultabb).

1. megoldás
master.cf-ben az smtp sorban ez legyen:

smtp unix - - n - - smtp

A lényeg az ötödik oszlop, ha itt - van n helyett akkor chrootolva fut a processz, és nem fogja megtalálni a certificate-et, hacsak nem rakod be a chrootba, ami pedig a 2. megoldás.

2. megoldás

Ha chrootolva fut valamelyik postfix process, akkor a /var/spool/postfix alá be kell másolni minden olyan fájlt, amire szüksége lehet.
Jelen esetben a /var/spool/postfix/etc/postfix/cacert.pem -re kell a cert.-et berakni. (Vagy ahova chrootol, de Debian alatt ez a default.)

( sj | 2011. 03. 01., k – 21:04 )

FYI: szolj hrgy84-nek, o mar csinalt ilyet, es meg is bloggolta itt a hup-on

Jon a hamburgerado? - politika, flame és offtopic huppereknek szabadon!

( roy_b | 2011. 03. 01., k – 22:05 )

Mostmar annyibol van egy kis javulas, hogy nem olyan hosszu a mail.logban a hibauzenet.


Mar 1 21:55:53 tsztmhq postfix/pickup[2578]: 102C53890B: uid=0 from=
Mar 1 21:55:53 tsztmhq postfix/cleanup[2583]: 102C53890B: message-id=<20110301205553.102C53890B@tsztmhq.localdomain>
Mar 1 21:55:53 tsztmhq postfix/qmgr[2580]: 102C53890B: from=, size=452, nrcpt=1 (queue active)
Mar 1 21:55:53 tsztmhq postfix/error[2593]: 102C53890B: to=, relay=none, delay=0.19, delays=0.12/0.01/0/0.06, dsn=4.7.5, status=deferred (delivery temporarily suspended: TLS is required, but our TLS engine is unavailable)

Most ugy nez ki, mintha elfelejtett volna relayezni...A certeket mar nem siratja, de ugyanugy a TLS engine re panaszkodik.

( roy_b | 2011. 03. 02., sze – 20:54 )

Ahogyan mondtad:

Ket helyen talaltam smtp vel kezdodo sort, ott mindket helyen modositottam, hogy az otodik oszlopban n legyen a chroot nal

Most igy nez ki a conf:


#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet - - n - - smtpd
#submission inet n - - - - smtpd
# -o smtpd_tls_security_level=encrypt
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#smtps inet n - - - - smtpd
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#628 inet n - - - - qmqpd
pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - - 300 1 oqmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - - - - smtp
-o smtp_fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - - - - showq
error unix - - - - - error
retry unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# See the Postfix UUCP_README file for configuration details.
#
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}

Nem nagyon vagom, hogy mi lehet a baj...

( roy_b | 2011. 03. 02., sze – 21:59 )

Most itt a hupon talalt leirassal kezdtem el elorol, az eredmeny mas lett mint amikor a masik howto alapjan szivattyuztam:


Mar 2 22:00:15 tsztmhq postfix/master[2582]: terminating on signal 15
Mar 2 22:00:16 tsztmhq postfix/master[2670]: daemon started -- version 2.5.5, configuration /etc/postfix
Mar 2 22:00:39 tsztmhq postfix/pickup[2671]: 384AC16471: uid=0 from=
Mar 2 22:00:39 tsztmhq postfix/cleanup[2681]: 384AC16471: message-id=<20110302210039.384AC16471@azenkicsigepecskem.dev.hron.me>
Mar 2 22:00:39 tsztmhq postfix/qmgr[2673]: 384AC16471: from=, size=485, nrcpt=1 (queue active)
Mar 2 22:00:39 tsztmhq postfix/smtp[2683]: warning: database /etc/postfix/saslpasswd.db is older than source file /etc/postfix/saslpasswd
Mar 2 22:00:39 tsztmhq postfix/smtp[2683]: certificate verification failed for smtp.gmail.com[74.125.39.109]:587: untrusted issuer /C=US/O=Equifax/OU=Equifax Secure Certificate Authority
Mar 2 22:00:39 tsztmhq postfix/smtp[2683]: 384AC16471: to=, relay=smtp.gmail.com[74.125.39.109]:587, delay=0.53, delays=0.03/0.03/0.41/0.05, dsn=5.5.1, status=bounced (host smtp.gmail.com[74.125.39.109] said: 530-5.5.1 Authentication Required. Learn more at 530 5.5.1 http://mail.google.com/support/bin/answer.py?answer=14257 f24sm224212fak.24 (in reply to MAIL FROM command))
Mar 2 22:00:39 tsztmhq postfix/cleanup[2681]: C5CCB16474: message-id=<20110302210039.C5CCB16474@azenkicsigepecskem.dev.hron.me>
Mar 2 22:00:39 tsztmhq postfix/qmgr[2673]: C5CCB16474: from=<>, size=2713, nrcpt=1 (queue active)
Mar 2 22:00:39 tsztmhq postfix/bounce[2685]: 384AC16471: sender non-delivery notification: C5CCB16474
Mar 2 22:00:39 tsztmhq postfix/qmgr[2673]: 384AC16471: removed
Mar 2 22:00:39 tsztmhq postfix/local[2686]: C5CCB16474: to=, relay=local, delay=0.03, delays=0.01/0.01/0/0, dsn=2.0.0, status=sent (delivered to mailbox)
Mar 2 22:00:39 tsztmhq postfix/qmgr[2673]: C5CCB16474: removed

Innen meritettem:

http://hup.hu/node/92899

postconf data_directory = /var/lib/postfix

Ennyire bena vagyok? Lefelejtek valamit? Vagy mi?

sasl_passwd rendesen ki van toltve?
En ezt dobtam hozza kizarolag (azer a netre nem tennem ki kozvetlenul :) ) a main.cf-hez es mukodik 


relayhost = [smtp.gmail.com]:587    
smtp_sasl_auth_enable=yes    
smtp_sasl_password_maps = hash:/usr/local/etc/postfix/sasl_passwd    
smtp_use_tls = yes    
smtp_sasl_security_options = noanonymous    
smtp_tls_CAfile = /usr/local/etc/postfix/certs/cacert.pem

sasl_passwd meg: 


# cat /usr/local/etc/postfix/sasl_passwd
gmail-smtp.l.google.com foobar@foo.hu:password
smtp.gmail.com foobar@foo.hu:password

@@
"You can hide a semi truck in 300 lines of C."

( roy_b | 2011. 03. 03., cs – 20:41 )

Mostmar komolyan kezd 200 fokos lenni az agyvizem...Regebben egy masik gepre telepitett /meg a telepito cd is ugyanaz/ debian ugyanezzel a hrgy84 - fele tutoriallal: Meg lett csinalva, oszt ment...Most probakeppen atemeltem onnan a main.cf et, a cacert.pem - et, es a sasl_passwd allomanyt.
Es nem megyen! Mar csak arra tudok gondolni, hogy esetleg errol a geprol valami csomag hianyozhat...Nincs esetleg valakinek otlete? Miert nem megy az autentikacio?

Egy level elkuldese utan ez keletkezik a logban:


Mar 3 20:39:00 tsztmhq postfix/master[2120]: terminating on signal 15
Mar 3 20:39:01 tsztmhq postfix/master[2228]: daemon started -- version 2.5.5, configuration /etc/postfix
Mar 3 20:39:07 tsztmhq postfix/pickup[2229]: EFA2316476: uid=0 from=
Mar 3 20:39:07 tsztmhq postfix/cleanup[2239]: EFA2316476: message-id=<20110303193907.EFA2316476@tsztmhq.hu>
Mar 3 20:39:08 tsztmhq postfix/qmgr[2231]: EFA2316476: from=, size=425, nrcpt=1 (queue active)
Mar 3 20:39:08 tsztmhq postfix/smtp[2241]: certificate verification failed for smtp.gmail.com[74.125.39.109]:587: untrusted issuer /C=US/O=Equifax/OU=Equifax Secure Certificate Authority
Mar 3 20:39:08 tsztmhq postfix/smtp[2241]: EFA2316476: to=, relay=smtp.gmail.com[74.125.39.109]:587, delay=0.57, delays=0.04/0.03/0.45/0.06, dsn=5.5.1, status=bounced (host smtp.gmail.com[74.125.39.109] said: 530-5.5.1 Authentication Required. Learn more at 530 5.5.1 http://mail.google.com/support/bin/answer.py?answer=14257 21sm778325fav.17 (in reply to MAIL FROM command))
Mar 3 20:39:08 tsztmhq postfix/cleanup[2239]: 93C6716477: message-id=<20110303193908.93C6716477@tsztmhq.hu>
Mar 3 20:39:08 tsztmhq postfix/qmgr[2231]: 93C6716477: from=<>, size=2411, nrcpt=1 (queue active)
Mar 3 20:39:08 tsztmhq postfix/bounce[2243]: EFA2316476: sender non-delivery notification: 93C6716477
Mar 3 20:39:08 tsztmhq postfix/qmgr[2231]: EFA2316476: removed
Mar 3 20:39:08 tsztmhq postfix/local[2244]: warning: dict_nis_init: NIS domain name not set - NIS lookups disabled
Mar 3 20:39:08 tsztmhq postfix/local[2244]: 93C6716477: to=, relay=local, delay=0.03, delays=0.01/0.01/0/0.01, dsn=2.0.0, status=sent (delivered to mailbox)
Mar 3 20:39:08 tsztmhq postfix/qmgr[2231]: 93C6716477: removed

( roy_b | 2011. 03. 03., cs – 23:19 )

Nem hiszem el <-:

Minden nyugomnek a megoldasa:

===============================

apt-get install ca-certificates

===============================

Ez volt a problema, most mar rendesen mennek a levelek, logokban nem keletkezik semmi.../erdekes modon meg arrol sem, hogy el lett kuldve az uzenet, de nekem ez nem is hianyzik - bar erdekelne, ha valakinek van 5lete, akkor kerem szepen ossza meg/

Nagyon koszonom a sok segitokesz hozzaszolast mindenkinek.

Udvozlet!

( mr shadow v | 2013. 03. 09., szo – 19:10 )

a topicnyitóban említett howto alapján összedobtam a konfigot, de ezt írja:

Mar 9 19:05:51 mailer postfix/smtp[11327]: setting up TLS connection to smtp.gmail.com[173.194.70.108]:587
Mar 9 19:05:51 mailer postfix/smtp[11327]: Verified TLS connection established to smtp.gmail.com[173.194.70.108]:587: TLSv1 with cipher RC4-SHA (128/128 bits)
Mar 9 19:05:51 mailer postfix/smtp[11327]: warning: unknown SASL security options value "noanonymus" in "noanonymus"
Mar 9 19:05:51 mailer postfix/smtp[11327]: warning: bad per-session SASL security properties
Mar 9 19:05:51 mailer postfix/smtp[11327]: fatal: SASL per-connection initialization failed
Mar 9 19:05:52 mailer postfix/qmgr[11313]: warning: private/smtp socket: malformed response
Mar 9 19:05:52 mailer postfix/qmgr[11313]: warning: transport smtp failure -- see a previous warning/fatal/panic logfile record for the problem description
Mar 9 19:05:52 mailer postfix/master[11306]: warning: process /usr/lib/postfix/smtp pid 11327 exit status 1
Mar 9 19:05:52 mailer postfix/master[11306]: warning: /usr/lib/postfix/smtp: bad command startup -- throttling
Mar 9 19:05:52 mailer postfix/error[11329]: 2102C943: to=, relay=none, delay=1.6, delays=0.06/1.5/0/0.03, dsn=4.3.0, status=deferred (unknown mail transport error)

--
>'The time has come,' the Walrus said<