Skip to content

postfix_configuration

Jump to bottom
Valerio Arnaboldi edited this page Mar 23, 2018 · 1 revision

Textpressocentral login module sends out emails for user registration and lost password functionalities. To do so, it exploits Wt Mail::Client class. As explained in the documentation page of the class, SSL transport is currently not supported by Wt. This means that Textpressocentral can send emails only through SMTP servers that accept connections on port 25 - in practice, only private servers. Sending emails from a local server within an institutional network is often seen as a potential security threat and outgoing messages are blocked or delayed. To avoid this problem, the postfix instance on a local server can be configured to use a relay host, for example gmail. To configure postfix to forward emails to a gmail relay host, set /etc/postfix/main.cfg as follows:

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

readme_directory = no

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

#smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = 8dbababd7c9c.caltech.edu
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
#mydestination = $myhostname, tpc-test, 8dbababd7c9c, localhost.localdomain, localhost

relayhost = [smtp.gmail.com]:587
smtp_use_tls=yes
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous
smtp_sasl_password_maps = hash:/etc/postfix/sasl/sasl_passwd
smtp_tls_security_level = encrypt
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt

mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = localhost
inet_protocols = all

Note that some options must be set according to the properties of the host, such as myhostname.

The username and password for the SMTP connection to gmail must be set in /etc/postfix/sasl/sasl_passwd:

[smtp.gmail.com]:587 <[email protected]>:<gmail_password>

After creating or editing /etc/postfix/sasl/sasl_passwd, create a postfix hashed db with the following command:

postmap /etc/postfix/sasl/sasl_passwd

Make sure to make the password files readable only by root:

chmod 600 /etc/postfix/sasl/sasl_passwd
chmod 600 /etc/postfix/sasl/sasl_passwd.db

Restart postfix to apply changes:

service postfix restart
Clone this wiki locally