You are hereWhat if I Want to Send Email from an Ubuntu Server Through Gmail?

What if I Want to Send Email from an Ubuntu Server Through Gmail?


By steve - Posted on 20 August 2014

I've written before about getting email to send from dumb devices through a Windows Server host to gmail (Google Apps). That works fine in a lot of small offices because there is often a Windows Server sitting around somewhere, even if just for file services.

However, there are times when you DON'T have a Windows Server around and need to send email through a Linux server.

Here's what I do when I want to send email via gmail (Google Apps) and I have an Ubuntu box available...

Incidentally, this works whether I'm working on a cloud server or in an office that has direct access to an Ubuntu server. A lot of my clients are moving everything to the cloud, so we often DON'T have a server for files (see Dropbox), but we still have to send email from certain devices like copiers or network switches and it may have to go to people outside our domain. That means we need authenticated email sending, even if the devices can't do that.

Configuring Postfix in Ubuntu

First, you need to set up your Ubuntu server to forward email:

Install the apps we need (all commands can be prefixed with sudo, if you don't have it so that root can log in with a password):

apt-get install postfix mailutils libsasl2-2 ca-certificates libsasl2-modules

For email server type, use "Internet Site" and for FQDN use something like mail.yourdomain.com

Then open your postfix config file:

nano /etc/postfix/main.cf

Add the following lines to it (you probably need to remove the existing relayhost entry):

relayhost = [smtp.gmail.com]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_CAfile = /etc/postfix/cacert.pem
smtp_use_tls = yes

Add credentials for gmail (make sure this is a working account and the captcha has already been responded to by logging in at least once). This file doesn't exist to start with, so you'll do this to create it:

nano /etc/postfix/sasl_passwd

Add this line:

[smtp.gmail.com]:587 your.user@yourdomain.com:yourpassword

Use gmail.com if it is a gmail.com address, otherwise use your domain's addres.

Set permissions so the password stays hidden, then build the data map for postfix to use it:

chmod 400 /etc/postfix/sasl_passwd
postmap /etc/postfix/sasl_passwd

Set up your certificate:

cat /etc/ssl/certs/Thawte_Premium_Server_CA.pem | sudo tee -a /etc/postfix/cacert.pem

Reload postfix:

/etc/init.d/postfix reload

Now you can send test emails (to your domain, then to a different domain) to make sure it is working.

If you are going to allow unauthenticated relaying through your host (meaning from your devices/network only, not from outsiders), then you have to do one of two things. Servers that are on your local network need to allow relaying from your LAN and servers that are in the cloud need to allow email from your LAN's static IP address.

There are too many different possible configurations to have step-by-step directions for this part, but here is some guidance:

LAN server

Open up the config file for postfix again:

nano /etc/postfix/main.cf

Change this line:
mynetworks = 127.0.0.0/8

And add your LAN's network number, something like this:
mynetworks = 127.0.0.0/8, 192.168.1.0/24

That will allow all devices with 192.168.1.x addresses to relay mail through that server. Don't forget to reload postfix:

/etc/init.d/postfix reload

Cloud server

Usually in the past, you wouldn't use a cloud server to relay mail for your internal network because your clients (Outlook or gmail web interface) handle that for you. But if you are like a growing number of my clients, you have everything in the cloud, except for your printers/copier/scanners and network devices and they need to send unauthenticated mails. Here's how you can do that, but keep in mind your situation will be unique and you'll have to get creative.

You'll need a static IP address in your office. That's a good idea, anyway, for most businesses and non-profits. Just pay the extra dollar or two a month and save your techs a lot of trouble when things need to be debugged.

First, tell postfix about your static IP. Open up the config file for postfix again:

nano /etc/postfix/main.cf

Change this line:
mynetworks = 127.0.0.0/8

And add your LAN's network number, something like this where 8.8.8.8 is really your static IP address:
mynetworks = 127.0.0.0/8 8.8.8.8/32

That will allow all devices behind your filewall to relay mail through that server. Don't forget to reload postfix:

/etc/init.d/postfix reload

There are a few more things you might need to check:

  • Does your cloud server have inbound port 25 blocked? It should. Make changes to your firewall (add it to iptables or for AWS, open port 25 for that server for your static IP address).
  • Does your LAN firewall block outbound port 25? It should. Add an exception to allow port 25 traffic to your cloud server's static IP address.
  • More and more of my clients have redudant internet connections with failover or load balancing. If you have that, you could get email going out from any of those, so be sure to add ALL their addresses to your restrictions in your firewalls and postfix configuration.
  • To speed up troubleshooting, you should be able to get postfix to respond where serverip is your cloud server's IP address. If you can't, you probably have a port blocking problem: telnet serverip 25

If this has helped you, please make a note in the comments or link to this page!

Did this help you? You can help me!


Did you find this information helpful? You can help me back by linking to this page, purchasing from my sponsors, or posting a comment!


+One me on Google:


Follow me on twitter: http://twitter.com/mojocode







Comments



Affiliation Badges