I like sending brief email via the command line, because it really sucks to open a web browser just for writing 2 lines of text. On my old computer, I configured postfix to work with my gmail account. Now, I tried to replicate my config on my Airbook, but the SSL certificates used by Gmail have changed in the meantime, and although my configuration still works I end up with unwanted warnings in my
When I first configure postfix, I used the Thawtee certificates, available from here: http://www.verisign.com/support/roots . Basically, you should get a copy of
Thawte_Premium_Server_CA.pem. Now, Gmail has changed this and you should use Equifax,
Equifax_Secure_CA.pem, that can be found on http://www.geotrust.com/resources/root-certificates/.
Everything went fine by following these basic steps:
/etc/postfixand edit as
smtp.gmail.com firstname.lastname@example.org:password, then
$ sudo postmap /etc/postfix/relay_passwordto update Postfix lookup table.
- Add the certificates in
/etc/postfix/certs, or any folder you like, then
$ sudo c_rehash /etc/postfix/certs/(i.e., rehash the certificates with Openssl).
/etc/postfix/main.cfso that it includes the following lines:
relayhost = smtp.me.com:587 smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/relay_password smtp_sasl_security_options = noanonymous # tls smtp_tls_security_level = may smtp_tls_CApath = /etc/postfix/certs smtp_tls_session_cache_database = btree:/etc/postfix/smtp_scache smtp_tls_session_cache_timeout = 3600s smtp_tls_loglevel = 1 tls_random_source = dev:/dev/urandom
Then, just reload the Postfix process, with e.g.
$ sudo postfix reload(a combination of
Now, we can test that everything is working properly:
$ echo "Test 123" | mail -s "Test" user`domain.com
/var/log/mail.log, or better use
$ tail -f /var/log/mail.log in a different window while you send your email. If you see something like
Dec 15 16:44:30 aliquote postfix/smtp: setting up TLS connection to smtp.gmail.com[188.8.131.52]:587 Dec 15 16:44:30 aliquote postfix/smtp: Trusted TLS connection established to smtp.gmail.com[184.108.40.206]:587: TLSv1 with cipher RC4-MD5 (128/128 bits)
then you succeeded.
You can choose a different port for the SMTP, e.g. 465. It’s still possible to use SASL without TLS (the above steps are basically the same), but in both case the main problem is that your login informations are available in a plan text file… Also, should you want to use your MobileMe account, just replace the Gmail SMTP server by