How to install and configure Postfix as a Gmail SMTP relay for ZoneMinder email filter events.

From ZoneMinder Wiki
Revision as of 08:03, 7 August 2011 by Jbmia (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search

This is a pretty rough guide at this point, but I felt compelled to put something down after spending many hours searching for a solution to obtain emails from ZM events. In the end the solution is relatively simple:

Prerequisites: Basically command line knowledge, ability to use text editors.

1. Install, configure, and test Postfix.

Postfix is a full featured mail server. That said, the scope of this guide is merely to configure it for use as an "smtp" relay for Gmail. In other words, we'll be using our gmail account credentials and their system to relay our event alert mail. I found the following guide on the internet and used it to configure and test Postfix successfully:

A. Install

(Note the following install commands are based on yum/Fedora. Alter based on your distribution

Install Postfix and cyrus-sasl with your application manager of choice. If you're compiling from source, be sure to make Postfix with the -DUSE_SASL_AUTH flag for SASL support and -DUSE_TLS for TLS support.

$ yum install postfix cyrus-sasl

Stop the sendmail service

$ /etc/init.d/sendmail stop

Remove sendmail from the startup runlevels

$ chkconfig --del sendmail

B. Configure Postfix as Gmail SMTP relay

If you're attempting to relay mail using Gmail, then it will be necessary to use TLS with Postfix. You'll have to point Postfix at your server's trusted CA root certificate bundle, but luckily "...client-side certificates are not required when relaying mail to GMail".

1. First, double-check that Postfix was configured with SSL support (ie. ldd should return at least one line starting with libssl):

$ whereis -b postfix
postfix: /usr/sbin/postfix /etc/postfix /usr/libexec/postfix

$ ldd /usr/sbin/postfix => /lib/ (0x00111000)

2. Now we need to find your server's CA root certificate bundle, which is typically distributed with openssl. The bundle file is used by Postfix to verify Gmail's SSL certificate (signed by Thawte). On my CentOS server, this file was located at /etc/pki/tls/certs/ca-bundle.crt, but may be in a different location on your box (ie. /etc/ssl/certs). Mine was in /usr/share/doc/mutt.

$ locate ca-bundle.crt

3. Edit /etc/postfix/ with the following values (edit-Postfix comes with a predefined template, I moved that to and used Nano to create a blank file for the following content. It was cleaner when it came to testing as the template comes with a bunch of text explanation for each setting. If you're blindly following a guide like this one, it just all gets in the way):

Copy/paste the following into a blank "/etc/postfix/" file using your favorite text editor (I like Nano):

relayhost =
mydomain = local.domain
myhostname = host.local.domain
myorigin = $myhostname
smtpd_sasl_path = smtpd
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_type = cyrus
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
smtp_use_tls  = yes
smtp_tls_CAfile = /path/to/your/ca-bundle.crt
smtp_sasl_tls_security_options = noanonymous

4. Copy/paste the following into a blank "/etc/postfix/sasl_passwd" file. Change username & password to your gmail username and password of course.

# The server info must exactly match the value
# for "relayhost" in /etc/postfix/ username:password

5. Generate a postfix lookup table from the previous file

$ postmap hash:/etc/postfix/sasl_passwd

5a. Make sure that the hash "took" by checking it with the following command. The response should be the user:pass that you defined for the file. Basically, we're confirming that Postfix has the ability to pull up the user:pass when it needs it and you didn't hose the command with the wrong path or file name or something:

postmap -q /etc/postfix/sasl_passwd

6. Get rid of the clear text password file (I'd really do this at the end, once it's confirmed functional, but don't forget)

$ rm /etc/postfix/sasl_passwd

C1. Restart postfix and send a test email

$ postfix reload
$ sendmail
Test relay thru Gmail

2. Go check your the email account you sent your test email to.

3. Troubleshooting

Monitor postfix mail log in a separate session with the following command

$ tail -f /var/log/maillog

If the log is displaying the following error

(Authentication failed: cannot SASL authenticate to server ...: no mechanism available)

Then set this variable in /etc/postfix/

smtp_sasl_security_options = noanonymous

If the log is displaying this error:

"553 Sorry, that domain isn't in my list of allowed rcpthosts. (in reply to RCPT TO command)"

Check your username and password in /etc/postfix/sasl_passwd. Your user name is usually your full email address. If you have to fix it, don't forget to use postmap to generate a new lookup table.

2. Configure ZoneMinder. There's not really alot to this. Many of the forum posts I checked had me altering with User & Pass Auth values and suggesting ssmtp instead of smtp and so on... I didn't have success with those methods. With Postfix installed and confirmed running, doesn't need to be modified in any way, so if you've already altered it, back those changes out or restore the backup you should have made.

I won't get into alot of detail on each field of the "email" tab in "options", but thats where you need to be.. you need to put in your to email and your from email address and your smtp server. That's the only thing specific to this guide, the smptp, server, don't put gmails there, since we've configured Postfix with all that. Just put in "localhost". That's really it. That's all there is that's specific on the ZM side to getting ZM working with Postfix. Pretty simple huh.. You can play around with email content settings later. That's out of scope for this guide, we're just trying to get something/anything on the other end of the pipe...

C. Generate an alert event if you don't have one already and create a filter that sends an email. Refer to the docs for that step.. it's basic stuff.. all you have to do is create a filter that will pick up at least one event and then tick the email box and click execute. If you click save and then tick the "run filter in background" option it'll sit there and wait for an event to occur (according to your filter properties) and automatically shoot an email out to you. Cool.

Note: This is a rough guide (no pretty formatting or anything), but it got the job done quickly and easily for me after I'd spent maybe 48 hours combined pursuing other blind allies.. Good luck. Huge thanks to a guy named Tim White at Zulius for putting together the Postfix portion of this guide.

Good Luck!