« Arcobalenando | Main | Creare PDF da HTML..... »
martedì ago 19, 2008

Utilizzare sendmail con Google Apps

Per esigenze lavorative mi sono trovato a dover sbattere la testa su questo interessante problema.

 E' necessario configurare in modo adeguato sendmail affinchè possa connettersi correttamente ai server di google usando l'appropriata stringa.

Nello specifico la mia esigenza era legata a dover far inviare le mail da un unico account per tutti i servizi del server (fax-server, mail di root, backup ecc...).

Di seguito il mio file sendmail.mc

divert(-1)
dnl# This is the default sendmail .mc file for Slackware. To generate
dnl# the sendmail.cf file from this (perhaps after making some changes),
dnl# use the m4 files in /usr/share/sendmail/cf like this:
dnl#
dnl# cp sendmail-slackware.mc /usr/share/sendmail/cf/config.mc
dnl# cd /usr/share/sendmail/cf
dnl# sh Build config.cf
dnl#
dnl# You may then install the resulting .cf file:
dnl# cp config.cf /etc/mail/sendmail.cf
dnl#
dnl# This is where it is on my box, you're box might differ
include(`/usr/share/sendmail-cf/m4/cf.m4')dnl
VERSIONID(`Linux Home Automation FC6 Gmail')dnl
OSTYPE(`linux')dnl
dnl#
dnl# These settings help protect against people verifying email addresses
dnl# at your site in order to send you email that you probably don't want:
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
dnl# No timeout for ident:
define(`confTO_IDENT', `0')dnl
dnl# Enable the line below to use smrsh to restrict what sendmail can run:
dnl FEATURE(`smrsh',`/usr/sbin/smrsh')dnl
dnl# See the README in /usr/share/sendmail/cf for a ton of information on
dnl# how these options work:
dnl# FEATURE(masquerade_envelope)
FEATURE(`use_cw_file')dnl
FEATURE(`use_ct_file')dnl
FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl
FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl
FEATURE(`access_db', `hash -T /etc/mail/access')dnl
FEATURE(`blacklist_recipients')dnl
FEATURE(`local_procmail',`',`procmail -t -Y -a $h -d $u')dnl
FEATURE(`always_add_domain')dnl
FEATURE(`redirect')dnl
dnl# Turn this feature on if you don't always have DNS, or enjoy junk mail:
dnl# FEATURE(`accept_unresolvable_domains')dnl
EXPOSED_USER(`root')dnl
FEATURE(`authinfo',`hash /etc/mail/auth/client-info')dnl
dnl# Also accept mail for localhost.localdomain:
LOCAL_DOMAIN(`cookie.uucp')dnl
define(`SMART_HOST',`smtp.gmail.com')dnl
define(`RELAY_MAILER_ARGS', `TCP $h 587')
define(`ESMTP_MAILER_ARGS', `TCP $h 587')
dnl#
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl#
define(`CERT_DIR', `MAIL_SETTINGS_DIR`'certs')dnl
define(`confCACERT_PATH', `CERT_DIR')dnl
define(`confCACERT', `CERT_DIR/CAcert.pem')dnl
define(`confSERVER_CERT', `CERT_DIR/mycert.pem')dnl
define(`confSERVER_KEY', `CERT_DIR/mykey.pem')dnl
define(`confCLIENT_CERT', `CERT_DIR/mycert.pem')dnl
define(`confCLIENT_KEY', `CERT_DIR/mykey.pem')dnl
dnl #
dnl # masquerade not just the headers, but the envelope as well
dnl #
FEATURE(masquerade_envelope)dnl
dnl #
dnl # masquerade not just -AT-mydomainalias.com, but -AT-*.mydomainalias.com as well
dnl #
FEATURE(masquerade_entire_domain)dnl
dnl #
MASQUERADE_AS('mydomain-DOT-it') dnl               
nl #
dnl # Leave these at the end, sendmail prefers these last (for the most part)
dnl #
MAILER(local)dnl
MAILER(smtp)dnl
MAILER(procmail)dnl

Per compilare il file sendmail.mc si usa il comando m4 sendmail.mc > sendmail.cfm (se non avete installato vi consiglio di installare il comando m4 (sotto mandirva urpmi m4).

Prima di avviare il sendmail è necessario completare la procedura configurando i file mancanti:

mkdir -p /etc/mail/auth
chmod 700 /etc/mail/auth
nano /etc/mail/auth/client-info


Il file client-info contiene le seguenti impostazioni:

AuthInfo:smtp.gmail.com "U:smmsp" "I:user-AT-mydomani-DOT-it" "P:password" "M:PLAIN"
AuthInfo:smtp.gmail.com:587 "U:smmsp" "I:user@mydomain.it" "P:password" "M:PLAIN"

Dopo aver settato questi parametri possiamo compilare il file

cd /etc/mail/auth
makemap -r hash client-info.db < client-info

A questo punto dobbiamo configurare i nostri certificati ssl

cd /etc/mail/certs
openssl dsaparam 1024 -out dsa1024.pem
openssl req -x509 -nodes -days 3650 -newkey dsa:dsa1024.pem -out mycert.pem -keyout mykey.pem
ln -s mycert.pem CAcert.pem
openssl req -x509 -new -days 3650 -key /etc/mail/certs/mykey.pem -out /etc/mail/certs/mycert.pem
rm dsa1024.pem

Adesso possiamo finalmente avviare il nostro sendmail e provare un invio:

 mail -v -s "oggetto di prova" indirizzo@dominio-DOT-it

ricordandoci di terminare con il . il soggetto della mail.

A questo punto non ci resterà che configurare in modo adeguato l'alias.db per far coincidere l'utente che utilizziamo.


Buona fortuna.



Posted at 11:10AM ago 19, 2008 by Gianpaolo in Linux  |  Comments[0]

Comments:

Post a Comment:
  • HTML Syntax: Allowed