Thread: postfix + google = headache. your help needed
View Single Post

  #1 (permalink)  
Old 02-25-2008, 11:06 AM
TECK TECK is offline
Junior Member
User
  
Join Date: Apr 2007
My distro: CentOS 5
Posts: 9
Rep Power: 0
TECK is on a distinguished road
Default postfix + google = headache. your help needed
Hi all,

I installed recently Postfix + Dovecot (yum) on a CentOS 5.1 test box. The configuration went OK, I can telnet on port 25, 587 and 465 with no problems.

Code:
# hostname -f
localhost.localdomain

#openssl s_client -connect localhost:465
CONNECTED(00000003)
depth=0 /C=CA/ST=Quebec/L=Montreal/O=Axivo Inc./CN=localhost/emailAddress=webmaster@localhost
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=CA/ST=Quebec/L=Montreal/O=Axivo Inc./CN=localhost/emailAddress=webmaster@localhost
verify return:1
[more certificate code here ...]
---
220 localhost.localdomain ESMTP Postfix
ehlo localhost
250-localhost.localdomain
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN

# telnet localhost 587
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 localhost.localdomain ESMTP Postfix
ehlo localhost
250-localhost.localdomain
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
Now, if I want to send a test email using a PHP script (I tried in vBulletin), I get this message in maillog:
Code:
Feb 24 23:21:08 localhost postfix/smtp[4148]: connect to ALT1.ASPMX.L.GOOGLE.com[209.85.133.114]: Connection timed out (port 25)
The email I send out to is set on a Gmail for my domain host. In other words, mail.domain.com is CNAMEed to Google servers.
I was wondering if you could look at my setup and let me know if I missed something.

main.cf
Code:
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
mail_owner = postfix
default_privs = nobody
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost
unknown_local_recipient_reject_code = 550
mynetworks = 192.168.1.0/24, 127.0.0.0/8
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
home_mailbox = Maildir/
mail_spool_directory = /var/spool/mail
mailbox_command = /usr/bin/procmail
local_destination_concurrency_limit = 2
default_destination_concurrency_limit = 20
debug_peer_level = 1
debugger_command =
     PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
     xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.3.3/samples
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES

smtp_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_recipient_restrictions =
    permit_mynetworks,
    permit_sasl_authenticated,
    reject_unauth_destination
smtpd_delay_reject = yes
broken_sasl_auth_clients = yes
smtpd_use_tls = yes
smtpd_tls_auth_only = no
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_smtp_use_tls = yes
tls_random_exchange_name = /etc/postfix/prng_exch
tls_random_source = dev:/dev/urandom
master.cf (with some verbose turned on)
Code:
smtp      inet  n       -       n       -       -       smtpd -v
submission inet n       -       n       -       -       smtpd -v
  -o smtpd_enforce_tls=no
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
smtps     inet  n       -       n       -       -       smtpd -v
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
...
the rest is unchanged as default conf
I also set the mta to sendmail.postfix.
Code:
# alternatives --config mta

$ ls -l /usr/sbin/sendmail
lrwxrwxrwx 1 root root 21 Dec 14 23:13 /usr/sbin/sendmail -> /etc/alternatives/mta

$ ls -l /etc/alternatives/mta
lrwxrwxrwx 1 root root 26 Feb 23 23:16 /etc/alternatives/mta -> /usr/sbin/sendmail.postfix
I also added the certificates into Dovecot.

Code:
# vi /etc/dovecot.conf
ssl_cert_file = /etc/postfix/ssl/smtpd.crt
ssl_key_file = /etc/postfix/ssl/smtpd.key
ssl_key_password = challenged_password
To generate the certificates, I used:

Code:
# mkdir /etc/postfix/ssl
# cd /etc/postfix/ssl
# openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
# chmod 600 smtpd.key
# openssl req -new -key smtpd.key -out smtpd.csr
# openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt
# openssl rsa -in smtpd.key -out smtpd.key.unencrypted
# mv -f smtpd.key.unencrypted smtpd.key
# openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650
Any help is appreciated. Thank you for taking the time to read this thread.
__________________
yqed.com (why queued) - my blog
Reply With Quote