mirror of
https://github.com/LCTT/TranslateProject.git
synced 2024-12-29 21:41:00 +08:00
335 lines
8.7 KiB
Markdown
335 lines
8.7 KiB
Markdown
Getting started with Postfix, an open source mail transfer agent
|
||
======
|
||
|
||
![](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/email_mail_box_envelope_send.jpg?itok=bbJOPIWl)
|
||
|
||
[Postfix][1] is a great program that routes and delivers email to accounts that are external to the system. It is currently used by approximately [33% of internet mail servers][2]. In this article, I'll explain how you can use Postfix to send mail using Gmail with two-factor authentication enabled.
|
||
|
||
Before you get Postfix up and running, however, you need to have some items lined up. Following are instructions on how to get it working on a number of distros.
|
||
|
||
### Prerequisites
|
||
|
||
* An installed OS (Ubuntu/Debian/Fedora/Centos/Arch/FreeBSD/OpenSUSE)
|
||
* A Google account with two-factor authentication
|
||
* A working internet connection
|
||
|
||
|
||
|
||
### Step 1: Prepare Google
|
||
|
||
Open a web browser and log into your Google account. Once you’re in, go to your settings by clicking your picture and selecting "Google Account.” Click “Sign-in & security” and scroll down to "App passwords.” Use your password to log in. Then you can create a new app password (I named mine "postfix Setup”).
|
||
|
||
![](https://opensource.com/sites/default/files/uploads/google_setup_1_app_passwords.png)
|
||
|
||
Note the crazy password (shown below), which I will use throughout this article.
|
||
|
||
![](https://opensource.com/sites/default/files/uploads/google_setup_2_generated_password.png)
|
||
|
||
### Step 2: Install Postfix
|
||
|
||
Before you can configure the mail client, you need to install it. You must also install either the `mailutils` or `mailx` utility, depending on the OS you're using. Here's how to install it for each OS:
|
||
|
||
**Debian/Ubuntu** :
|
||
```
|
||
apt-get update && apt-get install postfix mailutils
|
||
|
||
```
|
||
|
||
**Fedora** :
|
||
```
|
||
dnf update && dnf install postfix mailx
|
||
|
||
```
|
||
|
||
**Centos** :
|
||
```
|
||
yum update && yum install postfix mailx cyrus-sasl cyrus-sasl-plain
|
||
|
||
```
|
||
|
||
**Arch** :
|
||
```
|
||
pacman -Sy postfix mailutils
|
||
|
||
```
|
||
|
||
**FreeBSD** :
|
||
```
|
||
portsnap fetch extract update
|
||
|
||
cd /usr/ports/mail/postfix
|
||
|
||
make config
|
||
|
||
```
|
||
|
||
In the configuration dialog, select "SASL support." All other options can remain the same.
|
||
|
||
From there: `make install clean`
|
||
|
||
Install `mailx` from the binary package: `pkg install mailx`
|
||
|
||
**OpenSUSE** :
|
||
```
|
||
zypper update && zypper install postfix mailx cyrus-sasl
|
||
|
||
```
|
||
|
||
### Step 3: Set up Gmail authentication
|
||
|
||
Once you've installed Postfix, you can set up Gmail authentication. Since you have created the app password, you need to put it in a configuration file and lock it down so no one else can see it. Fortunately, this is simple to do:
|
||
|
||
**Ubuntu/Debian/Fedora/Centos/Arch/OpenSUSE** :
|
||
```
|
||
vim /etc/postfix/sasl_passwd
|
||
|
||
```
|
||
|
||
Add this line:
|
||
```
|
||
[smtp.gmail.com]:587 ben.heffron@gmail.com:thgcaypbpslnvgce
|
||
|
||
```
|
||
|
||
Save and close the file. Since your Gmail password is stored as plaintext, make the file accessible only by root to be extra safe.
|
||
```
|
||
chmod 600 /etc/postfix/sasl_passwd
|
||
|
||
```
|
||
|
||
**FreeBSD** :
|
||
```
|
||
vim /usr/local/etc/postfix/sasl_passwd
|
||
|
||
```
|
||
|
||
Add this line:
|
||
```
|
||
[smtp.gmail.com]:587 ben.heffron@gmail.com:thgcaypbpslnvgce
|
||
|
||
```
|
||
|
||
Save and close the file. Since your Gmail password is stored as plaintext, make the file accessible only by root to be extra safe.
|
||
```
|
||
chmod 600 /usr/local/etc/postfix/sasl_passwd
|
||
|
||
```
|
||
|
||
![](https://opensource.com/sites/default/files/uploads/google_setup_3_vim_config.png)
|
||
|
||
### Step 4: Get Postfix moving
|
||
|
||
This step is the "meat and potatoes"—everything you've done so far has been preparation.
|
||
|
||
Postfix gets its configuration from the `main.cf` file, so the settings in this file are critical. For Google, it is mandatory to enable the correct SSL settings.
|
||
|
||
Here are the six options you need to enter or update on the `main.cf` to make it work with Gmail (from the [SASL readme][3]):
|
||
|
||
* The **smtp_sasl_auth_enable** setting enables client-side authentication. We will configure the client’s username and password information in the second part of the example.
|
||
* The **relayhost** setting forces the Postfix SMTP to send all remote messages to the specified mail server instead of trying to deliver them directly to their destination.
|
||
* With the **smtp_sasl_password_maps** parameter, we configure the Postfix SMTP client to send username and password information to the mail gateway server.
|
||
* Postfix SMTP client SASL security options are set using **smtp_sasl_security_options** , with a whole lot of options. In this case, it will be nothing; otherwise, Gmail won’t play nicely with Postfix.
|
||
* The **smtp_tls_CAfile** is a file containing CA certificates of root CAs trusted to sign either remote SMTP server certificates or intermediate CA certificates.
|
||
* From the [configure settings page:][4] **stmp_use_tls** uses TLS when a remote SMTP server announces STARTTLS support, the default is not using TLS.
|
||
|
||
|
||
|
||
**Ubuntu/Debian/Arch**
|
||
|
||
These three OSes keep their files (certificates and `main.cf`) in the same location, so this is all you need to put in there:
|
||
```
|
||
vim /etc/postfix/main.cf
|
||
|
||
```
|
||
|
||
If the following values aren’t there, add them:
|
||
```
|
||
relayhost = [smtp.gmail.com]:587
|
||
|
||
smtp_use_tls = yes
|
||
|
||
smtp_sasl_auth_enable = yes
|
||
|
||
smtp_sasl_security_options =
|
||
|
||
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
|
||
|
||
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
|
||
|
||
```
|
||
|
||
Save and close the file.
|
||
|
||
**Fedora/CentOS**
|
||
|
||
These two OSes are based on the same underpinnings, so they share the same updates.
|
||
```
|
||
vim /etc/postfix/main.cf
|
||
|
||
```
|
||
|
||
If the following values aren’t there, add them:
|
||
```
|
||
relayhost = [smtp.gmail.com]:587
|
||
|
||
smtp_use_tls = yes
|
||
|
||
smtp_sasl_auth_enable = yes
|
||
|
||
smtp_sasl_security_options =
|
||
|
||
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
|
||
|
||
smtp_tls_CAfile = /etc/ssl/certs/ca-bundle.crt
|
||
|
||
```
|
||
|
||
Save and close the file.
|
||
|
||
**OpenSUSE**
|
||
```
|
||
vim /etc/postfix/main.cf
|
||
|
||
```
|
||
|
||
If the following values aren’t there, add them:
|
||
```
|
||
relayhost = [smtp.gmail.com]:587
|
||
|
||
smtp_use_tls = yes
|
||
|
||
smtp_sasl_auth_enable = yes
|
||
|
||
smtp_sasl_security_options =
|
||
|
||
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
|
||
|
||
smtp_tls_CAfile = /etc/ssl/ca-bundle.pem
|
||
|
||
```
|
||
|
||
Save and close the file.
|
||
|
||
OpenSUSE also requires that you modify the Postfix master process configuration file `master.cf`. Open it for editing:
|
||
```
|
||
vim /etc/postfix/master.cf
|
||
|
||
```
|
||
|
||
Uncomment the line that reads:
|
||
```
|
||
#tlsmgr unix - - n 1000? 1 tlsmg
|
||
|
||
```
|
||
|
||
It should look like this:
|
||
```
|
||
tlsmgr unix - - n 1000? 1 tlsmg
|
||
|
||
```
|
||
|
||
Save and close the file.
|
||
|
||
**FreeBSD**
|
||
```
|
||
vim /usr/local/etc/postfix/main.cf
|
||
|
||
```
|
||
|
||
If the following values aren’t there, add them:
|
||
```
|
||
relayhost = [smtp.gmail.com]:587
|
||
|
||
smtp_use_tls = yes
|
||
|
||
smtp_sasl_auth_enable = yes
|
||
|
||
smtp_sasl_security_options =
|
||
|
||
smtp_sasl_password_maps = hash:/usr/local/etc/postfix/sasl_passwd
|
||
|
||
smtp_tls_CAfile = /etc/mail/certs/cacert.pem
|
||
|
||
```
|
||
|
||
Save and close the file.
|
||
|
||
### Step 5: Set up the password file
|
||
|
||
Remember that password file you created? Now you need to feed it into Postfix using `postmap`. This is part of the `mailutils` or `mailx` utilities.
|
||
|
||
**Debian, Ubuntu, Fedora, CentOS, OpenSUSE, Arch Linux**
|
||
```
|
||
postmap /etc/postfix/sasl_passwd
|
||
|
||
```
|
||
|
||
**FreeBSD**
|
||
```
|
||
postmap /usr/local/etc/postfix/sasl_passwd
|
||
|
||
```
|
||
|
||
### Step 6: Get Postfix grooving
|
||
|
||
To get all the settings and configurations working, you must restart Postfix.
|
||
|
||
**Debian, Ubuntu, Fedora, CentOS, OpenSUSE, Arch Linux**
|
||
|
||
These guys make it simple to restart:
|
||
```
|
||
systemctl restart postfix.service
|
||
|
||
```
|
||
|
||
**FreeBSD**
|
||
|
||
To start Postfix at startup, edit `/etc/rc.conf`:
|
||
```
|
||
vim /etc/rc.conf
|
||
|
||
```
|
||
|
||
Add the line:
|
||
```
|
||
postfix_enable=YES
|
||
|
||
```
|
||
|
||
Save and close the file. Then start Postfix by running:
|
||
```
|
||
service postfix start
|
||
|
||
```
|
||
|
||
### Step 7: Test it
|
||
|
||
Now for the big finale—time to test it to see if it works. The `mail` command is another tool installed with `mailutils` or `mailx`.
|
||
```
|
||
echo Just testing my sendmail gmail relay" | mail -s "Sendmail gmail Relay" ben.heffron@gmail.com
|
||
|
||
```
|
||
|
||
This is what I used to test my settings, and then it came up in my Gmail.
|
||
|
||
![](https://opensource.com/sites/default/files/uploads/google_setup_4_gmail.png)
|
||
|
||
Now you can use Gmail with two-factor authentication in your Postfix setup.
|
||
|
||
--------------------------------------------------------------------------------
|
||
|
||
via: https://opensource.com/article/18/8/postfix-open-source-mail-transfer-agent
|
||
|
||
作者:[Ben Heffron][a]
|
||
选题:[lujun9972](https://github.com/lujun9972)
|
||
译者:[译者ID](https://github.com/译者ID)
|
||
校对:[校对者ID](https://github.com/校对者ID)
|
||
|
||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
|
||
|
||
[a]:https://opensource.com/users/elheffe
|
||
[1]:http://www.postfix.org/start.html
|
||
[2]:http://www.securityspace.com/s_survey/data/man.201806/mxsurvey.html
|
||
[3]:http://www.postfix.org/SASL_README.html
|
||
[4]:http://www.postfix.org/postconf.5.html#smtp_tls_security_level
|