Sunday, January 23, 2011

Part 27, Setup email on unix server using SMTP of Mail) to get alerts from scripts.

In ego they come, and in ego they go. In ego they are born, and in ego they die. In ego they give, and in ego they take. In ego they earn, and in ego they lose. In ego they become truthful or false. In ego they go to heaven or hell. In ego they laugh, and in ego they weep. In ego they become dirty, and in ego they are washed clean. In ego they lose social status and class. In ego they are ignorant, and in ego they are wise. They do not know the value of salvation and liberation. In ego they love Maya, and in ego they are kept in darkness by it. Living in ego, mortal beings are created. When one understands ego, then the Lord's gate is known. Without spiritual wisdom, they babble and argue.

Index to all the posts of Gurpartap Singh's Blog

Now on home servers we will apply some scripts and will like to get the alerts on our cell phone/email.
Though we are using Enterprise Manager Grid Control 11gR1 but we should have a backup ready i.e. incase the
Grid Control crashes or goes down. Well this is just a home network and not a mission critical thing but lets
setup the server so that we can get email from it.

Here are the steps

Execute following as root.

yum install postfix

Now we will setup postfix using an authorized relay host (Gmail) for RHEL/CentOS

At home the ip is dynamically assigned by the ISP provider and I am not setting up the mail server.
I will be using the mail relay from Google Account Services by using the smtp of google.

Things you need:
- OS: RHEL/CentOS (Tested CentOs 5.3 and CentOS 5.4)
- Postfix: Version : 2.3.3 Release : 2.1.el5_2
- open account in

Here we go:

After installing postfix in a host with a dynamic IP (generally home) you will need to do the following:

if you try to send the email to yahoo/hotmail account you will see the following in /var/log/maillog

postfix/pickup[6804]: 09B0634680: uid=1000 from=
postfix/cleanup[6810]: 09B0634680:message-id=<20081231154700.09b0634680@myhost.domain>
postfix/qmgr[6802]: 09B0634680: from=, size=307, nrcpt=1 (queue active)
postfix/smtp[6812]: 09B0634680: to=,[]:25, delay=1.3, delays=0.03/0.04/0.92/0.3, dsn=5.0.0, status=bounced (host[] said: 550 DY-001 Mail rejected by Windows Live Hotmail for policy reasons. We generally do not accept email from dynamic IP's as they are not typically used to deliver unauthenticated SMTP e-mail to an Internet mail server. maintains lists of dynamic and residential IP addresses. If you are not an email/network admin please contact your E-mail/Internet Service Provider for help. Email/network admins, please visit for email delivery information and support (in reply to MAIL FROM command))
postfix/smtp[6812]: 09B0634680: lost connection with[] while sending RCPT TO

As mentioned previously the tricky thing is to use a mail relay and one good candidate is the one offered by Gmail, the \
server at

Having that the Gmail connection has to be secured with TLS we have to use a CA (our own certificate will work) using
an username (email address) and a service password.

Configuring Postfix
Simply add following lines in the end in file /etc/postfix/ :

relayhost = []:587
smtp_use_tls = yes
smtp_tls_CAfile = /etc/postfix/cacert.pem
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl/passwd
smtp_sasl_security_options = noanonymous

Now Authentication:

Now create file '/etc/postfix/sasl/passwd' and add the following lines to it changing the
corresponsing placeholders with your values:


Then ensure the setup already created following file.
Execute the following commands as root:

postmap /etc/postfix/sasl/passwd

Output as:

[root@tinbox ~]# chmod 600 /etc/postfix/sasl/passwd
[root@tinbox ~]# postmap /etc/postfix/sasl/passwd

Now you'll get a new file created called '/etc/postfix/sasl/passwd.db'

CA Own certificate
In the CentOS OS you can do it by yourself with your own data information as follows:

[root@tinbox ~]# cd /etc/pki/tls/certs
[root@rac1 certs]# ls
ca-bundle.crt make-dummy-cert Makefile
[root@rac1 certs]#

Now execute the following command:

[root@tinbox certs]# make
This makefile allows you to create:
o public/private key pairs
o SSL certificate signing requests (CSRs)
o self-signed SSL test certificates
To create a key pair, run "make SOMETHING.key".
To create a CSR, run "make SOMETHING.csr".
To create a test certificate, run "make SOMETHING.crt".
To create a key and a test certificate in one file, run "make SOMETHING.pem".
To create a key for use with Apache, run "make genkey".
To create a CSR for use with Apache, run "make certreq".
To create a test certificate for use with Apache, run "make testcert".
To create a test certificate with serial number other than zero, add SERIAL=num
make server.key
make server.csr
make server.crt
make stunnel.pem
make genkey
make certreq
make testcert
make server.crt SERIAL=1
make stunnel.pem SERIAL=2
make testcert SERIAL=3

Then create yours as follows:

[root@tinbox certs]# make yourhostname.pem
umask 77 ; \
PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
/usr/bin/openssl req -utf8 -newkey rsa:1024 -keyout $PEM1 -nodes -x509 -days 365 -out $PEM2 -set_serial 0 ; \
cat $PEM1 > yourhostname.pem ; \
echo "" >> yourhostname.pem ; \
cat $PEM2 >> yourhostname.pem ; \
rm -f $PEM1 $PEM2
Generating a 1024 bit RSA private key
writing new private key to '/tmp/openssl.ZjT751'
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [GB]:Your-two-letter-code
State or Province Name (full name) [Berkshire]:someplaceovertherainbow
Locality Name (eg, city) [Newbury]:Yours
Organization Name (eg, company) [My Company Ltd]:Yours
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:yourhostname
Email Address []

Now you will get your own certificate called 'yourhostname.pem' in the '/etc/pki/tls/certs', next step is to use
the certificate by the posfix service:

[root@tinbox certs]# cat '/etc/pki/tls/certs/ yourhostname.pem' >> /etc/postfix/cacert.pem

Now, restart the postfix service:

[root@tinbox certs]# service postfix restart

That's almost everything. Last step is to set up your "From" field correct because Gmail will place the one
corresponding the account you are using.

Goto the gmail account and set your FROM identifier.

Check the setup:

Send email like:

date | mailx -s "Testing New email Address"
date | mailx -s "Testing New email Address"
date | mailx -s "Testing New email Address"
to your cell phone as SMS.

After sending an email to a well known Hotmail/Gmail account and inspect the '/var/log/maillog to realize things
are working properly:

postfix/pickup[6703]: 6AFF534680: uid=1000 from=
postfix/cleanup[6786]: 6AFF534680: message-id=<20081231154524.6aff534680@myhost>
postfix/qmgr[5935]: 6AFF534680: from=, size=310, nrcpt=1 (queue active)
postfix/smtp[6788]: 6AFF534680:to=,[]:587, delay=2.8, delays=0.04/0.02/1.2/1.6,
dsn=2.0.0, status=sent (250 2.0.0 OK 1230738538 34sm19633915ugh.10)
postfix/qmgr[5935]: 6AFF534680: removed

That's it.

The frog in the deep well knows nothing of its own country or other lands; just so, my mind, infatuated with corruption, understands nothing about this world or the next. || 1 || O Lord of all worlds: reveal to me, even for an instant, the Blessed Vision of Your Darshan. || 1 || Pause || My intellect is polluted; I cannot understand Your state, O Lord. Take pity on me, dispel my doubts, and teach me true wisdom. || 2 || Even the great Yogis cannot describe Your Glorious Virtues; they are beyond words. I am dedicated to Your loving devotional worship

No comments:

Post a Comment