mirror of
https://github.com/simple-login/app.git
synced 2024-11-16 17:08:30 +01:00
200 lines
5.2 KiB
Markdown
200 lines
5.2 KiB
Markdown
# Using Gmail as SMTP relay to send email from SimpleLogin
|
|
|
|
###### port 25 blocked by ISP...?
|
|
|
|
> you can use postfix with a Gmail SMTP relay... So Postfix will send on port 587.
|
|
|
|
## How to:
|
|
|
|
- create a Gmail account
|
|
- set MFA
|
|
- create an app password
|
|
|
|
- update firewall's rules for port 587
|
|
|
|
- update Postfix conf:
|
|
|
|
=> nano /etc/postfix/master.cf
|
|
```
|
|
...
|
|
# ==========================================================================
|
|
# service type private unpriv chroot wakeup maxproc command + args
|
|
# (yes) (yes) (no) (never) (100)
|
|
# ==========================================================================
|
|
smtp inet n - y - - smtpd
|
|
#smtp inet n - y - 1 postscreen
|
|
#smtpd pass - - y - - smtpd
|
|
#dnsblog unix - - y - 0 dnsblog
|
|
#tlsproxy unix - - y - 0 tlsproxy
|
|
submission inet n - y - - smtpd
|
|
-o syslog_name=postfix/submission
|
|
-o smtpd_tls_security_level=encrypt
|
|
-o smtpd_sasl_auth_enable=yes
|
|
-o smtpd_tls_auth_only=yes
|
|
# -o smtpd_reject_unlisted_recipient=no
|
|
# -o smtpd_client_restrictions=$mua_client_restrictions
|
|
# -o smtpd_helo_restrictions=$mua_helo_restrictions
|
|
...
|
|
```
|
|
=> nano /etc/postfix/sasl_passwd
|
|
```
|
|
[smtp.gmail.com]:587 email_created@gmail.com:app_password_created
|
|
```
|
|
=> postmap /etc/postfix/sasl_passwd
|
|
|
|
=> chmod 600 /etc/postfix/sasl_passwd
|
|
|
|
=> nano /etc/postfix/main.cf
|
|
```
|
|
# POSTFIX config file, adapted for SimpleLogin
|
|
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
|
|
biff = no
|
|
|
|
# appending .domain is the MUA's job.
|
|
append_dot_mydomain = no
|
|
|
|
# Uncomment the next line to generate "delayed mail" warnings
|
|
#delay_warning_time = 4h
|
|
|
|
readme_directory = no
|
|
|
|
# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
|
|
# fresh installs.
|
|
compatibility_level = 2
|
|
|
|
# TLS parameters
|
|
smtpd_tls_cert_file=/etc/letsencrypt/live/app.mydomain.com/fullchain.pem
|
|
smtpd_tls_key_file=/etc/letsencrypt/live/app.mydomain.com/privkey.pem
|
|
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
|
|
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
|
|
smtp_tls_security_level = may
|
|
smtpd_tls_security_level = may
|
|
|
|
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
|
|
# information on enabling SSL in the smtp client.
|
|
|
|
alias_maps = hash:/etc/aliases
|
|
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 10.0.0.0/24
|
|
|
|
# Set your domain here
|
|
mydestination = localhost.localdomain, localhost
|
|
myhostname = app.mydomain.com
|
|
mydomain = mydomain.com
|
|
myorigin = /etc/mailname
|
|
relay_domains = pgsql:/etc/postfix/pgsql-relay-domains.cf
|
|
transport_maps = pgsql:/etc/postfix/pgsql-transport-maps.cf
|
|
|
|
# HELO restrictions
|
|
smtpd_delay_reject = yes
|
|
smtpd_helo_required = yes
|
|
smtpd_helo_restrictions =
|
|
permit_mynetworks,
|
|
reject_non_fqdn_helo_hostname,
|
|
reject_invalid_helo_hostname,
|
|
permit
|
|
|
|
# Sender restrictions:
|
|
smtpd_sender_restrictions =
|
|
permit_mynetworks,
|
|
reject_non_fqdn_sender,
|
|
reject_unknown_sender_domain,
|
|
permit
|
|
|
|
# Recipient restrictions:
|
|
smtpd_recipient_restrictions =
|
|
reject_unauth_pipelining,
|
|
reject_non_fqdn_recipient,
|
|
reject_unknown_recipient_domain,
|
|
permit_mynetworks,
|
|
reject_unauth_destination,
|
|
reject_rbl_client zen.spamhaus.org,
|
|
reject_rbl_client bl.spamcop.net,
|
|
permit
|
|
|
|
# Enfore SPF
|
|
body_checks = pcre:/etc/postfix/body_checks.pcre
|
|
smtpd_client_restrictions = pcre:/etc/postfix/client_headers.pcre
|
|
|
|
# Postfix conf
|
|
mailbox_size_limit = 10000000000
|
|
recipient_delimiter = -
|
|
inet_interfaces = all
|
|
inet_protocols = ipv4
|
|
|
|
# Relay Gmail
|
|
smtp_sasl_auth_enable = yes
|
|
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
|
|
smtp_sasl_security_options = noanonymous
|
|
smtp_sasl_tls_security_options = noanonymous
|
|
header_size_limit = 4096000
|
|
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
|
|
relayhost = [smtp.gmail.com]:587
|
|
```
|
|
>cat /etc/hosts
|
|
>
|
|
>127.0.0.1 localhost.localdomain localhost
|
|
|
|
- restart Postfix:
|
|
|
|
=> systemctl reload postfix
|
|
|
|
=> service postfix restart
|
|
|
|
- update SimpleLogin conf:
|
|
|
|
=> nano /simplelogin.env
|
|
```
|
|
# WebApp URL
|
|
URL=http://app.mydomain.com
|
|
|
|
# domain used to create alias
|
|
EMAIL_DOMAIN=mydomaine.com
|
|
|
|
# transactional email is sent from this email address
|
|
SUPPORT_EMAIL=support@mydomain.com
|
|
|
|
# custom domain needs to point to these MX servers
|
|
EMAIL_SERVERS_WITH_PRIORITY=[(10, "app.mydomain.com.")]
|
|
|
|
# By default, new aliases must end with ".{random_word}". This is to avoid a person taking all "nice" aliases.
|
|
# this option doesn't make sense in self-hosted. Set this variable to disable this option.
|
|
DISABLE_ALIAS_SUFFIX=1
|
|
|
|
# the DKIM private key used to compute DKIM-Signature
|
|
DKIM_PRIVATE_KEY_PATH=/dkim.key
|
|
|
|
# DB Connection
|
|
DB_URI=postgresql://mysqluser:mysqlpassword@sl-db:5432/simplelogin
|
|
|
|
FLASK_SECRET=SomeThing_Secret
|
|
|
|
GNUPGHOME=/sl/pgp
|
|
|
|
LOCAL_FILE_UPLOAD=1
|
|
|
|
# Postfix 587 TLS
|
|
POSTFIX_PORT=587
|
|
|
|
POSTFIX_SUBMISSION_TLS=true
|
|
|
|
# Enforce SPF
|
|
ENFORCE_SPF=true
|
|
|
|
```
|
|
- restart SL-Mail:
|
|
|
|
=> docker restart sl-email
|
|
|
|
=> reboot
|
|
|
|
> for debug:
|
|
>
|
|
> view system logs => tail -f /var/log/syslog
|
|
>
|
|
> view postfix logs => tail -f /var/log/mail.log
|
|
>
|
|
> view postfix queue => mailq
|
|
>
|
|
> delete postfix queue => postsuper -d ALL
|
|
|
|
;-)
|