Legido Wiki

User Tools

Site Tools

Trace: enlaces reportbug text_to_speech proxy postfix
informatica:linux:correo:postfix

This is an old revision of the document!

Table of Contents

Usar un servidor SMTP externo:

Genérico (comprobado Jazztel)

Fuente: http://www.howtoforge.com/postfix_relaying_through_another_mailserver
A veces nos rechazan los correos porque al tener IP dinámica entran en listas negras, etc…
Lo mejor es usar un servidor de correo externo SMTP, por ejemplo el que nos da nuestra conexión a internet.
Es lo que se llama relay en otro servidor:

1. Instalamos postfix y otras cosillas 

sudo aptitude update && sudo aptitude install libauthen-sasl-perl libsasl2-2 libsasl2-modules postfix

2. Teclear 'y' + 'enter'

3. Teclear 'y' + 'enter'

4. Seleccionar 'sitio de internet', seleccionar 'aceptar' y pulsar 'enter'

5. Teclear el nombre que tendrá el remitente de los correos enviados desde esa máquina, seleccionar 'aceptar' y pulsar 'enter'

6. Por si las moscas desinstalamos (si lo estuviera) exim4 

sudo aptitude purge exim4

7. Lanzamos los siguientes comandos: 

sudo postconf -e 'relayhost = smtp.servidorexterno.es'
sudo postconf -e 'smtp_sasl_auth_enable = yes'
sudo postconf -e 'smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd'
sudo postconf -e 'smtp_sasl_security_options ='
sudo echo "smtp.servidorexterno.es usuario.subdominio.jazztel.es:contrasenya" > /etc/postfix/sasl_passwd 
sudo chown root:root /etc/postfix/sasl_passwd
sudo chmod 600 /etc/postfix/sasl_passwd
sudo postmap hash:/etc/postfix/sasl_passwd
sudo postmap /etc/postfix/sasl_passwd

NOTA es importante (al menos en gmail) que se especifique el usuario en el formato 'usuario@gmail.com'

NOTA2 cada vez que se cambie la contraseña (archivo /etc/postfix/sasl_passwd) hay que: 

postmap hash:/etc/postfix/sasl_passwd
postmap /etc/postfix/sasl_passwd
/etc/init.d/postfix reload

Cuando enviemos un correo, por ejemplo desde la linea de comandos: 

echo "cuerpo del mensaje" | mail -s "asunto" cuenta@dominio.com

Podemos comprobar en el log: 

clear && cat /var/log/mail.log | tail

Salida: 

Nov 27 01:27:54 maquina postfix/pickup[4730]: 5655B3ED4: uid=0 from=<root> 
Nov 27 01:27:54 maquina postfix/cleanup[4819]: 5655B3ED4: message-id=<20081127002754.5655B3ED4@maquina> 
Nov 27 01:27:54 maquina postfix/qmgr[4731]: 5655B3ED4: from=<root@maquina>, size=316, nrcpt=1 (queue active) 
Nov 27 01:27:54 maquina postfix/smtp[4821]: 5655B3ED4: to=<cuenta@dominio.com>,relay=smtp.servidorexterno.es [62.14.3.192]:25, delay=0.45, delays=0.02/0.01/0.29/0.14, dsn=2.0.0, status=sent (250 OK id=1L5Udy-0000f3-Rx)
Nov 27 01:27:54 maquina postfix/qmgr[4731]: 5655B3ED4: removed

Gmail

NOTA IMPORTANTE Desaconsejo esta opción, pues he detectado que cada x tiempo los correos no llegan, y es porque Gmail activa kaptcha para poder iniciar sesión con esa cuenta de correo.

Funciona.

Usuario: 

nano /etc/postfix/sasl_passwd

Con la siguiente linea: 

smtp.gmail.com usuario@gmail.com:contrasenya

Hay que editar: 

nano /etc/postfix/main.cf

Y añadir/editar las siguientes lineas: 

smtp_use_tls = yes
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous

Al menos tienen que estar presente las siguientes lineas: 

smtp_use_tls = yes
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous

Respecto al procedimiento anterior, dos diferencias:

1. Se necesita instalar un paquete adicional: 

aptitude install libgnutls26

2. Detecto que cada X tiempo hay un error de autentificación. Si voy a la interfaz web, la contraseña es correcta, pero me pide un kaptcha, que al ser introducido, vuelve a dejar 'via libre' para el envío de correos desde linea de comandos.

Veamos en el log (/var/log/mail.info) dos ejemplos:

Correo no enviado por error de autentificación: 

Mar 29 06:27:51 nombre_local postfix/qmgr[458]: 0EB085531B: from=<FaxMaster@dominio_local>, size=17250, nrcpt=1 (queue active)
Mar 29 06:27:51 nombre_local postfix/smtp[3379]: setting up TLS connection to smtp.gmail.com[74.125.79.109]:587
Mar 29 06:27:51 nombre_local postfix/smtp[3379]: certificate verification failed for smtp.gmail.com[74.125.79.109]:587: untrusted issuer /C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte Premium Server CA/emailAddress=premium-server@thawte.com
Mar 29 06:27:51 nombre_local postfix/smtp[3379]: Untrusted TLS connection established to smtp.gmail.com[74.125.79.109]:587: TLSv1 with cipher RC4-MD5 (128/128 bits)
Mar 29 06:27:52 nombre_local postfix/smtp[3379]: 0EB085531B: SASL authentication failed; server smtp.gmail.com[74.125.79.109] said: 535-5.7.1 Username and Password not accepted. Learn more at                   ?535 5.7.1 http://mail.google.com/support/bin/answer.py?answer=14257 7sm3944467eyg.47
Mar 29 06:27:53 nombre_local postfix/smtp[3379]: setting up TLS connection to smtp.gmail.com[74.125.79.111]:587
Mar 29 06:27:53 nombre_local postfix/smtp[3379]: certificate verification failed for smtp.gmail.com[74.125.79.111]:587: untrusted issuer /C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte Premium Server CA/emailAddress=premium-server@thawte.com
Mar 29 06:27:53 nombre_local postfix/smtp[3379]: Untrusted TLS connection established to smtp.gmail.com[74.125.79.111]:587: TLSv1 with cipher RC4-MD5 (128/128 bits)
Mar 29 06:27:54 nombre_local postfix/smtp[3379]: 0EB085531B: to=<cuenta@dominio.com>, relay=smtp.gmail.com[74.125.79.111]:587, delay=248170, delays=248167/0.01/2.7/0, dsn=4.7.1, status=deferred (SASL authentication failed; server smtp.gmail.com[74.125.79.111] said: 535-5.7.1 Username and Password not accepted. Learn more at                   ?535 5.7.1 http://mail.google.com/support/bin/answer.py?answer=14257 10sm3981758eyd.3)

Correo enviado correctamente: 

Apr  3 09:45:02 nombre_local postfix/pickup[28227]: 41FB3550EB: uid=10 from=<FaxMaster>
Apr  3 09:45:02 nombre_local postfix/cleanup[28307]: 41FB3550EB: message-id=<20090403074502.41FB3550EB@nombre_local.localdomain>
Apr  3 09:45:02 nombre_local postfix/qmgr[458]: 41FB3550EB: from=<FaxMaster@nombre_local.localdomain>, size=1305, nrcpt=1 (queue active)
Apr  3 09:45:02 nombre_local postfix/smtp[28309]: setting up TLS connection to smtp.gmail.com[72.14.221.109]:587
Apr  3 09:45:02 nombre_local postfix/smtp[28309]: certificate verification failed for smtp.gmail.com[72.14.221.109]:587: untrusted issuer /C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte Premium Server CA/emailAddress=premium-server@thawte.com
Apr  3 09:45:02 nombre_local postfix/smtp[28309]: Untrusted TLS connection established to smtp.gmail.com[72.14.221.109]:587: TLSv1 with cipher RC4-MD5 (128/128 bits)
Apr  3 09:45:05 nombre_local postfix/smtp[28309]: 41FB3550EB: to=<cuenta@dominio.com>, relay=smtp.gmail.com[72.14.221.109]:587, delay=3.1, delays=0.05/0.01/1.5/1.6, dsn=2.0.0, status=sent (250 2.0.0 OK 1238744926 d6sm3590039fga.17)
Apr  3 09:45:05 nombre_local postfix/qmgr[458]: 41FB3550EB: removed

Hay que ir revisando este tema

Ejemplo de /etc/postfix/main.cf 

# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = peluca
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination = peluca, servidor, localhost.localdomain, localhost
relayhost = smtp.gmail.com:587

#mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.1.2
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
smtp_use_tls = yes
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous

Errores

1. *Puerto okupado*

Vemos en el log (/var/log/mail.log) lo siguiente: 

Aug 11 13:33:20 hp7700 postfix/master[30926]: fatal: bind 0.0.0.0 port 25: Address already in use

Diagnóstico: tenemos un residuo por ahí escuchando en el puerto 25. Veamos: 

lsof -i :25
COMMAND    PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
sendmail- 3644 root    4u  IPv4   9361      0t0  TCP localhost:smtp (LISTEN)

Solución:

1. Mato el proceso:

kill -9 3644

2. Reinicio postfix:

/etc/init.d/postfix restart

3. Compruebo: 

lsof -i :25
COMMAND   PID USER   FD   TYPE  DEVICE SIZE/OFF NODE NAME
master  31025 root   12u  IPv4 1401587      0t0  TCP *:smtp (LISTEN)

2. *Usuario incorrecto o kaptcha* 

Jan 18 17:22:43 cntmalaga1 postfix/pickup[29942]: 1D968455AA: uid=1000 from=<usuario>
Jan 18 17:22:43 cntmalaga1 postfix/cleanup[29952]: 1D968455AA: message-id=<20110118162243.1D968455AA@cntmalaga.dyndns.org>
Jan 18 17:22:43 cntmalaga1 postfix/qmgr[29943]: 1D968455AA: from=<usuario@cntmalaga.dyndns.org>, size=335, nrcpt=1 (queue active)
Jan 18 17:22:44 cntmalaga1 postfix/smtp[29954]: certificate verification failed for smtp.gmail.com[209.85.227.109]:25: untrusted issuer /C=US/O=Equifax/OU=Equi
fax Secure Certificate Authority
Jan 18 17:22:47 cntmalaga1 postfix/smtp[29954]: 1D968455AA: to=<javi@legido.com>, relay=smtp.gmail.com[209.85.227.109]:25, delay=4.3, delays=0.02/0.03/4.2/0, d
sn=4.7.1, status=deferred (SASL authentication failed; server smtp.gmail.com[209.85.227.109] said: 535-5.7.1 Username and Password not accepted. Learn more at 
                  ?535 5.7.1 http://mail.google.com/support/bin/answer.py?answer=14257 t11sm3077219wes.17)
Jan 18 17:24:47 cntmalaga1 postfix/smtpd[29957]: connect from mail-wy0-f180.google.com[74.125.82.180]
Jan 18 17:24:47 cntmalaga1 postfix/smtpd[29957]: NOQUEUE: reject: RCPT from mail-wy0-f180.google.com[74.125.82.180]: 554 5.7.1 <afiliados@cntmalaga.dyndns.org>
: Relay access denied; from=<raba1981@gmail.com> to=<afiliados@cntmalaga.dyndns.org> proto=ESMTP helo=<mail-wy0-f180.google.com>
Jan 18 17:24:47 cntmalaga1 postfix/smtpd[29957]: disconnect from mail-wy0-f180.google.com[74.125.82.180]

3. *No relay*

TODO 






                    
                                    


                
informatica/linux/correo/postfix.1295368668.txt.gz · Last modified: 2015/04/13 20:19 (external edit)