Wednesday, August 24, 2011

GMail as an MTA on Debian

Our company outsourced our email system to Google Apps when it became available a few years ago, so we don't maintain an MTA (mail transfer agent) inside our network. We do like some of our servers to have the ability to send email alerts, though, so we configure them on a case-by-case basis to send email via one of our (Google Apps) hosted accounts.

O/S: Debian Squeeze
Default MTA: exim4

For Debian machines, we configure exim4 to route email through Gmail's smtp server. This way, there is minimal change from the default system configuration, and we can forward any local mail to outside accounts via the traditional .forward files.

I found directions for this configuration on the Debian Wiki, here. They were pretty straightforward, and Debian Squeeze didn't need all the steps given.

Configure exim4
# dpkg-reconfigure exim4-config
  • Choose mail sent by SMARTHOST; received via SMTP or fetchmail;
  • Accept given hostname, if desired;
  • Listen on loopback addresses (127.0.0.1, ::1);
  • Don't accept mail for any other destinations (leave blank)
  • Don't relay mail for other machines (leave blank)
  • Machine handling outgoing mail for this host (smarthost): smtp.gmail.com::587
  • Don't hide local mail name in outgoing mail
  • Don't keep number of DNS-queries minimal
  • Yes, split configuration into smaller files

Enter account credentials

# vi /etc/exim4/passwd.client

Enter the following line:
*.google.com:yourAccountName@domain.com:yourReallySecurePassword

Register the configuration update

# update-exim4.conf

Validate your account credentials

If you haven't logged in to the Google Apps email account interactively, you'll probably need to do so before the account credentials will be accepted. I was watching the log file (# tail -f /var/log/exim4/mainlog) and saw the following:

2011-08-24 15:37:21 1QwKCP-0001yy-2O plain authenticator failed H=gmail-smtp-msa.l.google.com [74.125.159.109] 535-5.7.1 Username and Password not accepted. Learn more at

Which leads to information on "Capcha Unlocking" which is solved by logging in the the account interactively.

Set up forwards

I configure our servers to forward all mail sent to local root on to a department status mailbox (which is then monitored by the tech on duty). For Linux/BSD systems, this is dead simple:

# echo "itstatus@mycompany.com" > /root/.forward

Conclusion

And that's it. If everything works, any system status messages sent to the local root will be forwarded on to your outside address, where it can be retrieved, forwarded, ignored, etc.

With a functional MTA configured, you can also integrate email notifications into shell scripts and cron jobs:

# Send SMS notification when system boots
@reboot date | mail -s "`hostname` just booted" yourphonenumber@txt.att.net

For a simple notification system on a budget, this is hard to beat.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)