Configure mailx to Relay via a Google SMTP Server

From NovaOrdis Knowledge Base
Jump to navigation Jump to search

Internal

Overview

This article describes how to configure mailx to send command-line e-mail by relay-ing it via the Google SMTP server.

Create a Dedicated User

This step is optional, but it is a good idea to use a separate "service" account to send service e-mails. The remaining of the example assumes a "service@novaordis.com" was created and it is operational.


Important If the service account was specifically created for this job, you will need to log in at least one time via the web interface (to accept terms and conditions and possibly to change the password), otherwise sending e-mails will fail with "Please log in via your web browser and then try again."

Configure GMail

It is possible to send the e-mail via Google SMTP servers using two mechanisms: GMail SMTP relay service and configuring "Google Apps SMTP settings to send mail from a printer, scanner, or app". This document describes the former. Details on how to use "Google Apps SMTP settings to send mail from a printer, scanner, or app" are available here: https://support.google.com/a/answer/176600?hl=en

Configuring GMail SMTP Relay Service

This procedure describes how to configure Google Apps GMail to accept relaying from a specific IP address or set of addresses. Note that is optional, we can solely rely on login authentication, but it is safer.


Google Apps Admin Console -> Apps -> Google Apps -> GMail -> Advanced settings -> "General Settings" tab -> SMTP relay service -> Edit:

GMailSMTPRelayService.png

Turn on all protection mechanisms available:

  • source IP address
  • SMTP authentication
  • TLS encryption

mailx Configuration

Insure Access to a Valid NSS Certificate Database

You will need to make sure mailx has access to a valid Google certificate in an NSS certificate database. Firefox usually has it in its profile directory, but it is a good idea to initialize a private certificate database. The following page explain how to do that:

Create a New NSS Certificate Database and Import Google's Certificate

This page explains how to "re-use" Firefox Mozilla certificate database:

Re-Use the Firefox NSS Certificate Database

Assuming you provision root GMail SMTP access, move the certs directory created at the previous step under ~root as follows:

mv .../certs ~root/.certs

Configure /etc/mail.rc as follows:


...

account gmail {
set smtp-use-starttls
set smtp-auth=login
set smtp=smtps://smtp.gmail.com:587
set from="root@now510"
set smtp-auth-user=your.smtp.user@gmail.com
set smtp-auth-password=your.pass
set ssl-verify=ignore
set nss-config-dir=/root/.certs
}

TODO: try a per-user mail.rc that is read restricted because it contains sensitive credentials.

Test:

echo "mailx e-mail" | mailx -v -A gmail -s "test" somebody@example.com



Deplete:

Next:

  • Clarify mail on now510: be able to send mail and test how does cron reacts to it (success or failure). Document -> [1], understand the nss business.