When I set up my Amahi Home Server a few years ago, one of the things that I wanted to do was be able to send the logs and other emails that normally go to the root account to my gmail account. This way, I could quickly scan the information without having to actively log into the server. My options were to either register my own domain name and go through the steps to set up MX records and servers, or to relay it through another gmail account. I chose the second, since I already have the accounts, and registering and hosting the domain costs money (plus I’m already given a .yourhda.com domain with Amahi).
When I started to set up the relay, it took a while. I ended up finding quite a few sites on the Internet with different methods of configuring the relay (most of which didn’t work right). When I reinstalled my Amahi Server this past weekend (upgrading it to their latest version), I forgot to save the postfix configurations, so I had to redo them. Thankfully it was a simple matter this time. I’ve only done this on Fedora 14/19, but I’m pretty sure the steps will be similar, if not the same, for an Ubuntu based distribution. All of these steps are being done as the root (superuser) account. If you’re using your administrator account, you’ll have to precede each command with sudo.
Creating your Relay
If you haven’t done so already, you need to install postfix first.
yum install postfix
Next you need to open the /etc/postfix/main.cf file in your favorite editor (I use nano, but you can use whatever you prefer).
At the bottom, add the following lines:
# sets gmail as relay relayhost = [smtp.gmail.com]:587 # use tls smtp_use_tls=yes # use sasl when authenticating to foreign SMTP servers smtp_sasl_auth_enable = yes # path to password map file smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd # list of CAs to trust when verifying server certificate smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt # eliminates default security options which are imcompatible with gmail smtp_sasl_security_options =
Next you’ll have to edit (or create) the sasl_passwd file that’s used in the postfix configuration above
The format of this file is this:
After creating this file, you need to run the postmap command to create the hash of the password file and then make sure that postfix owns the files (as they are created by root originally).
chown postfix /etc/postfix/sasl_passwd*
Finally reload postfix using this command:
Testing your configurations
If everything worked correctly, you should be able to test your mail setup by sending an email from the command line. There are multiple methods for this, but I’ll show you two of them here.
The first method uses the mail command. (you should be able to do this as either root or a regular user) firstname.lastname@example.org should be replaced with your intended recipient’s email address.
mail -s “Subject: Test email from linux server” email@example.com
The editor will open up, so you can type a message in the body. You’ll use CTRL+D to exit this editor.
Next, if you want to CC anyone, you can add their email addresses, and/or press CTRL+D to exit this portion.
The email should send. Check your inbox (and spam folders) to see if it’s arrived. If not, you can check /var/log/maillog (or in /var/log/mail) to find out what’s wrong.
The second method uses the echo command to send everything to the mail command for you.
echo “Enter the body part of the email” | mail -s “Subject: Test email from linux server” firstname.lastname@example.org
If you want to CC someone else into the email, the format of the command is
echo “Enter the body part of the email” | mail -s “Subject: Test email from linux server” email@example.com -c firstname.lastname@example.org
Forwarding the root emails to your relay
Now this is all pointless unless you make sure that all emails destined for the root mailbox get forwarded to your external account. You could do this a number of ways (such as configuring each application that might send an email to your root to send them to the external account also), but the two easiest ways are to create a .forward file, or create an alias.
Creating a .forward file:
Add the email address that you want to forward the emails to and save the file.
Note that this will bypass the root mailbox altogether. If you want root to continue to receive the emails, you have to add root to the file with the following format
Editing the aliases file and adding the root alias
Then add the following entry (replacing email@example.com with your external email address)
Finally run the newaliases command to make sure you’re using the updated version of /etc/aliases.
With that, you should be set up. Now anytime an application sends a message to root, you’ll receive it on your external email account as well. Please note that you’ll still need to log in and clean out the root mail account occasionally, as the messages are still being sent there.
Troubleshooting and Updates for Fedora 19
If you run into any issues with postfix, you need to check /var/log/maillog for problems. The easiest way to do this is with cat /var/log/maillog | tail and then attempt to resend your email that you used to test the configuration.
If you run into any issues, such as gmail rejecting your email with something similar to “530 5.7.0 Must issue a STARTTLS command first.” (and you have the smtp_use_starttls=yes command in your main.cf) file, you need to do the following things:
In main.cf, add the following line
smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
then create a tls_policy file in /etc/postfix that has the following line
Then run postmap /etc/postfix/tls_policy to create the hash of the file.
If you run into a warning or error similar to “warning: TLS library problem: 25188:error:02001002:system library:fopen:No such file or directory:bss_file.c:169:fopen(‘/etc/ssl/certs/ca-certificates.crt’,'r’):”, you need to change that line in main.cf to ca-bundle.crt. This is because Fedora 19 doesn’t have the ca-certificates.crt file anymore. It uses ca-bundle.crt instead. Something to note here is that after you fix the certificate issue, the email will send. So if you’re testing your configuration, you’ll end up with multiple test emails.