Configure Postfix to use Gmail as a Mail Relay

We all know that Gmail is popular these days, from personal usage to business heavy users. I myself use Gmail on daily basis, both for my personal email as well as at work.

My WordPress site recently got malware, and it kept creating script files as well as tried to send emails through my Postfix server, running on the same host as my blog.

Before this, I have never spent time to sit down and setup some scripts properly to monitor my host and website. Given the latest incidents I have with my host that the mail log filled up my disk space, due to endless attempts to send emails through my host and failed every time. Now I think I need to spend sometime get it setup properly so that I can monitor easily.

The first step is to setup my postfix server properly so that it can send emails to me for monitoring. This is important as I need to have a daily visual on server logs as well as cron job outputs. And I think the easiest way is to use Gmail as a Mail Relay, so that emails will go through Gmail from Postfix server on my host.

To do this, I have found a useful blog that detailed on the steps from HowtoForge website, I will put the steps here based on Ubuntu for self reference:

1. Install necessary packages:

sudo apt-get update && sudo apt-get install postfix mailutils

2. Configure Gmail Authentication

Create or modify a password file which will be used by Postfix to establish authentication with Gmail. In the authentication information below, replace username with your Gmail username and password with your Gmail password. If you are using a custom Gmail Apps domain name, you may replace gmail.com with your Google Apps domain.

The password file will reside in the Postfix configuration directory. The file can be named whatever you like, but the recommended filename is sasl_passwd.

a. Open file for edit:

vi /etc/postfix/sasl_passwd

b. Add the following line to above file:

[smtp.gmail.com]:587    username@gmail.com:password

c. And then make sure that the file is only readable by yourself:

chmod 600 /etc/postfix/sasl_passwd

3. Configure Postfix

Now, we need to configure Postfix by adding the following lines to its main configuration file. Open /etc/postfix/main.cf using your favourite editor and then add below content:

relayhost = [smtp.gmail.com]:587
smtp_use_tls = yes
smtp_sasl_auth_enable = yes
smtp_sasl_security_options =
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt

4. Process Password File

Use postmap to compile and hash the contents of sasl_passwd. The results will be stored in your Postfix configuration directory in the file sasl_passwd.db.

postmap /etc/postfix/sasl_passwd

5. Restart Postfix server, so that the configurations will take effect:

sudo systemctl restart postfix.service

6. Lastly, we need to Enable “Less Secure Apps” In Gmail

By default, only the most secure sign-ins, such as logging in to Gmail on the web, are allowed for your Gmail account. To permit relay requests, log in to your Gmail account and turn on Allow less secure apps (you will need to login first before you can turn on the setting).

For more information, please refer to “Allowing less secure apps to access your account.”

7. To confirm everything is working, run below command to test:

mail -s "Test subject" recipient@domain.com

If no emails, check log file under /var/log/mail.log to see what message reported from Postfix and fix accordingly.

Hope this can also help with anyone who lands on my blog.

Unable to send email from host machine to custom email address

I have my own personalised email address which is powered by Google Apps: ericlin at ericlin dot me. I have been receiving emails fine for many years without issues. However, since I setup my own blog server a few year ago, I had never be able to receive any email sent from my host machine via postfix.

I have tried many tests:

– email from cron job
– email from command line using “sendmail”
– email from wordpress

None of them were working. However, if I use normal gmail or ymail address, they all reached destination without issues.

The following were what was logged on my server under /var/log/syslog:

Jun 10 02:45:04 ericlin postfix/cleanup[12369]: 2601D43AC3: message-id=<0f5e23cef7e94f466eed4183e17476b0@www.ericlin.me>
Jun 10 02:45:04 ericlin postfix/qmgr[30415]: 2601D43AC3: from=<www-data@ericlin.me>, size=701, nrcpt=1 (queue active)
Jun 10 02:45:04 ericlin postfix/local[12375]: 2601D43AC3: to=<ericlin at ericlin dot me>, relay=local, delay=0.01, delays=0.01/0/0/0, dsn=2.0.0, status=sent (delivered to mailbox)
Jun 10 02:45:04 ericlin postfix/qmgr[30415]: 2601D43AC3: removed

the logs for working email was following:

Jun 10 03:09:07 ericlin postfix/cleanup[12672]: DED8843AC4: message-id=<ed4e377a0fd860e76a4853ae3063452b@www.ericlin.me>
Jun 10 03:09:07 ericlin postfix/qmgr[12614]: DED8843AC4: from=<www-data@ericlin.me>, size=5170, nrcpt=1 (queue active)
Jun 10 03:09:08 ericlin postfix/smtp[12674]: DED8843AC4: to=<someemail@gmail.com>, relay=smtp.gmail.com[74.125.29.109]:587, delay=0.74, delays=0.02/0.01/0.2/0.51, dsn=2.0.0, status=sent (250 2.0.0 OK 1465528180 18sm2559005qkd.30 - gsmtp)
Jun 10 03:09:08 ericlin postfix/qmgr[12614]: DED8843AC4: removed

You can see the differences between the two logs were the final message after status=sent, successful one was (250 2.0.0 OK 1465528180 18sm2559005qkd.30 – gsmtp), however, failed one was (delivered to mailbox)

I had been searching for a solution for a long time, but never be able to find a fix.

Today I spent another few hours trying to dig out if I can find anything, finally it is fixed.

The problem is the following line in the postfix’s configuration file /etc/postfix/main.cf, there is a line like below

mydestination = ericlin.me, ip-172-31-50-123.ec2.internal, localhost.ec2.internal, localhost

The problem is that I added my own domain (ericlin.me) to the list, which was wrong. After removing it, issue resolved!! ^_^.

I hope this can help someone with similar problems.

Enabling mcrypt for php >= 5.4 in Ubuntu 13.10

Ubuntu 13.10 (Saucy) comes with PHP 5.5.3 and does not enable mcrypt by default. I am currently working on a personal project that requires to use mcrypt to encrypt and decrypt data. So I will need to enable it manually.

To enable mcrypt is easy, simply following the steps below:

$ sudo mv /etc/php5/conf.d/mcrypt.ini /etc/php5/mods-available/
$ sudo php5enmod mcrypt
$ sudo service apache2 restart

What “php5enmod” does is simply enabling a PHP5 module by creating a symbolic link from conf.d directory to the real config file under “mods-available”.

So, after we run “php5enmod mcrypt” command, the following files will be created:

/etc/php5/apache2/20-mcrypt.ini
/etc/php5/cli/20-mcrypt.ini

which are symlinks to

/etc/php5/mods-available/mcrypt.ini

The prefix “20” is the priority of module, and the default is 20 when you run “php5enmod” command.

If you don’t need the mcrypt module for the command line, you can simply remove the symlink under /etc/php5/cli/20-mcrypt.ini.

Hope this helps.

VSFTPD: “500 OOPS: priv_sock_get_cmd”

I recently upgrade my Ubuntu server to 13.10. Mostly works fine except VSFTPD stops working. Everytime I tried to login via command line ftp client I got the following error:

ftp-error

After some googling I found out the problem: the new kernel module “seccomp”, which is used by VSFTPD since 3.0.0, is used on x86_64 kernal with Ubuntu 12.04+. 3.0.0 is quite unstable when working with seccomp (for more info about seccomp, please see wiki page). To fix the problem, simply add the following line to the /etc/vsftpd.conf file on your server:

seccomp_sandbox=NO

And then restart the vsftpd server:

sudo service vsftpd restart

Try to login again and this this it should work like a charm..

How to set the timezone on Ubuntu Server

I recently bought a new VPS from a hosting company in New York and I installed Ubuntu 13.04 on the new machine. As expected, it chose Americ/New_York as the default time zone for the new server. To change it, it is as easy as run the following command:


sudo dpkg-reconfigureĀ tzdata

And the just follow the prompts to choose your currently region and city.

If you want your cron jobs to be using the updated time zone, you will also need to restart the cron demaeon.


/etc/init.d/cron restart

And syslog


sudo service rsyslog restart

Or maybe just reboot the server to make sure everything is in synced.

Too easy…