I have an email [email protected] which is configured to forward all emails to an gmail email address. Replying from gmail mailbox I want it to send emails from [email protected]. Previously gmail allowed this through simple setup settings -> Accounts and Import -> Add another email address you own and then option to send email with verification code to verify that I own it. But now there is available only option "Send mail through your SMTP server"
I have server with postfix installed. Now postfix used only to send email that are originated from this server. iptables will not allow to connect to postfix from different PC/servers and it is now secure as nobody is able to send email through my server.
I googled a lot, but found a lot of articles how to configure postfix to send emails through smtp.gmail.com. But I need to work it vice versa - gmail should send emails through my postfix smtp server in a secure way.
Could you please help me in findings on how to accomplish this?
SASL configuration
https://wiki.debian.org/PostfixAndSASL#Implementation_using_Cyrus_SASL
sudo apt-get install sasl2-bin
sudo nano /etc/postfix/sasl/smtpd.conf
pwcheck_method: saslauthd
auxprop_plugin: sasldb
mech_list: PLAIN LOGIN
#-------------
cp /etc/default/saslauthd /etc/default/saslauthd-postfix
sudo nano /etc/default/saslauthd-postfix
START=yes
DESC="SASL Auth. Daemon for Postfix"
NAME="saslauthd-postf" # max. 15 char.
# Option -m sets working dir for saslauthd (contains socket)
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd" # postfix/smtp in chroot()
#--------------
sudo dpkg-statoverride --add root sasl 710 /var/spool/postfix/var/run/saslauthd
sudo adduser postfix sasl
#sudo saslpasswd2 -c -u mydomain.com support
users must specify [email protected] as login name, not support. Unfortunately was not able to proceed with this variant, it does not work Options without realm, it will default as revers DNS of your server
sudo saslpasswd2 -c gmail
# list all users
sudo sasldblistusers2
# to get password which may be used in telnet
# echo -ne '\0username\0pswd' | openssl enc -base64
sudo services saslauthd start
#sudo testsaslauthd -u support -p pswd -r mydomain.com
#sudo testsaslauthd -u [email protected] -p pswd
First variant when you explicitly state realm works, but second does not work. Therefore chose variant without realm
sudo testsaslauthd -u gmail -p pswd
# delete user
sudo testsaslauthd -d username
sudo service saslauthd restart
POSTFIX RELAY
http://www.admin-hints.com/2009/04/how-to-limit-amount-of-messages-per.html
nano /etc/postfix/main.cf
#Clients that are excluded from connection count (default: $mynetworks)
smtpd_client_event_limit_exceptions = $mynetworks
#The time unit over which client connection rates and other rates are calculated. (default: 60s)
anvil_rate_time_unit = 86400s
#How frequently the server logs peak usage information. (default: 600s)
anvil_status_update_time = 120s
#The maximal number of message delivery requests that any client is allowed to make to this service per time unit. (default: 0) To disable this feature, specify a limit of 0.
smtpd_client_message_rate_limit = 200
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_tls_security_level=may
smtpd_sasl_security_options = noanonymous
smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
sudo nano /etc/postfix/master.cf
# at the line where commented "#submission inet n" starts
submission inet n - - - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_sasl_security_options=noanonymous
-o smtpd_reject_unlisted_recipient=no
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
Check on 25 port (587 uses TLS), my servers reveals only 587 port and 25 is blocked by iptables
test with telnet
telnet mydomain.com 25
ehlo dummy
auth plain ARdtYW4sAGRdY1d4cyM9ZnRn # how to get auth plain with your password read above
MAIL FROM: [email protected]
RCPT TO: [email protected]
DATA
354 End data with <CR><LF>.<CR><LF>
Subject: test subject
Hello,
This is test message
.
# dot at the end
quit
In case of unexpected things look for errors here
tail -f /var/log/mail.log