Setup Postfix as a email relay server which will authenticate with public email server for sending emails. If you want to use a Gmail as a Free SMTP server us, use this as in any of the redhat or ubuntu servers
apt-get install postfix mailutils libsasl2-2 ca-certificates libsasl2-modules
Replace the ceritficate file in the configuration
cat /etc/ssl/certs/Thawte_Premium_Server_CA.pem | sudo tee -a /etc/postfix/cacert.pem
If you do not have postfix installed before, postfix configuration wizard will ask you some questions. Just select your server as Internet Site and for FQDN use something like mail.example.com , For Centos
yum install postfix email mailx cyrus-sasl cyrus-sasl-lib cyrus-sasl-plain
[root@server ~]# vi /etc/postfix/main.cf biff = no append_dot_mydomain = no readme_directory = no myhostname = smtpout.innovautelabs.intra mydomain = innovaturelabs.intra myorigin = $mydomain alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases mydestination = localhost.localdomain, , localhost mynetworks = 192.168.1.0/24, 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all relayhost = [smtp.gmail.com]:587 smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl-passwords smtp_sasl_security_options = noanonymous smtp_tls_CAfile = /etc/ssl/certs/ca-bundle.trust.crt smtp_use_tls = yes smtp_tls_loglevel = 1 smtp_tls_security_level = encrypt smtp_sasl_mechanism_filter = login
Now create a password file which should have a valid email and password; onece hashed the password file postfix can read the data in it after that, you can delete the plaintext passwd file. Alternately, if you’d feel better keeping the file around for whatever reason, you can run chmod 600 passwd and make it only readable by its owner, which should be root
vi /etc/postfix/sasl-passwords [smtp.gmail.com]:587 firstname.lastname@example.org:password
chmod 600 /etc/postfix/sasl-passwords
Finally, reload postfix config for changes to take effect:
service postfix restart
Configure SPF and DKIM for Google Apps
It was getting failure notification from Google while sending group mails, I was using google apps email accounts and created long time back, right now google not providing free apps email service. While analyzing I was found that the below error in message source, but I have already settup SPF record and its works fine. unfortunately it stop working. it has to be get some other SPF records in my DNS.
Received-SPF: temperror (google.com: error in processing during lookup of email@example.com: DNS timeout) client-ip=22.214.171.124; Authentication-Results: mx.google.com; spf=temperror (google.com: error in processing during lookup of firstname.lastname@example.org: DNS timeout) email@example.com Received: by mail-pd0-f171.google.com with SMTP id g10so5691792pdj.16
Google, like most major email providers, actively works to combat forged email, spam, and scam email. For the most part, their defenses work. Open your Gmail spam folder to see the Google spam fighting team’s work. The vast majority of email there will be spam. Here’s how to set up SPF and DKIM records for Google Apps.
Configure SPF for Google Apps
If you use Google Apps for email, you’ll need access to your DNS provider to add an SPF record. In most cases, you simply login and create a new TXT record with the value of:
v=spf1 include:_spf.google.com ~all
Configure DKIM for Google Apps
You’ll need access to your Google Apps control panel and your DNS records to set DKIM. This is a three step process: 1. Create the DKIM key a. Login to your Google Apps Control Panel (e.g., http://www.google.com/a/yourdomain.com) b. Go to the “Advanced tools” tab, then scroll down to “Authenticate email” and click on “Set up email authentication (DKIM)”. This will open a new screen. c. Your domain name should be displayed. Click on “Generate new record”. Leave the default selector prefix as “google”. Click “Generate”. d. Leave this browser window open, and then create a new tab or browser window. 2. Create the DKIM DNS record a. Login to your DNS provider. Get to a place where you can add a TXT record. b. Create a new TXT record. The name of the TXT record should be:
This creates a domain that, fully resolved, looks like: google._domainkey.yourdomain.com. c. The value for the DNS record will be a very long string of characters, something like:
v=DKIM1; k=rsa; t=y; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCG5in7gQIDAQAB
The actual length of the string will be much longer than that above. I find it simplest to copy-and-paste the information from the Control Panel page displaying the information. Save the DNS record. 3. Start Authenticating a. Wait 24-hours for your changes to propagate, and for Google’s servers to detect the changes. b. Login to your Google Apps Control Panel (e.g., http://www.google.com/a/yourdomain.com) c. Go to the “Advanced tools” tab, then scroll down to “Authenticate email” and click on “Set up email authentication (DKIM)”. This will open a new screen. d. Click “Start authentication”. As always, check Google’s detailed instructions if your setup is more complex.
Verify that SPF and DKIM are configured
Send an email from your Gmail account to check–firstname.lastname@example.org after you’ve completed the SPF and DKIM setup. You’ll receive an email response in a few minutes. If everything is properly configured, you’ll receive a “PASS” for both the SPF and DKIM settings. This means your email is now more likely to be delivered than email lacking these records. My inbox, and everyone’s spam folders, are grateful for your efforts!