Perforce Public Knowledge Base - Configuring a Cloud Mail Server - Part I
× PRODUCTS SOLUTIONS CUSTOMERS LEARN SUPPORT
Downloads Company Partners Careers Contact Free Trials
Menu Search
Perforce
Reset Search
 

 

Article

Configuring a Cloud Mail Server - Part I

« Go Back

Information

 
Problem
How do I set up a SMTP mail server? (Assumes a Red Hat variant distribution of linux)
Solution

Scripts like the p4review.py daemon require email notifications.  Most companies have their own mail server.  But if a mail server does not exist such as in a cloud or co-location environment, a Postfix mail server can be set up using a free Google Gmail account.  Instructions are based upon Calomel.org's Postfix config "how to".

  1. Install postfix and setup the environment

    [perforce@GABRIEL perl_proj]$ yum search postfix
    Loaded plugins: fastestmirror, refresh-packagekit
    base                                                     | 3.7 kB     00:00     
    extras                                                   | 3.0 kB     00:00     
    updates                                                  | 3.5 kB     00:00     
    =============================== Matched: postfix ===============================
    postfix.x86_64 : Postfix Mail Transport Agent
    postfix-perl-scripts.x86_64 : Postfix utilities written in perl
    spamassassin.x86_64 : Spam filter for email which can be invoked from mail
                        : delivery agents
    [perforce@GABRIEL perl_proj]$ su
    Password:
    
    [root@GABRIEL perl_proj]# yum install postfix.x86_64
    Loaded plugins: fastestmirror, refresh-packagekit
    Determining fastest mirrors
     * base: centos-distro.cavecreek.net
     * extras: centos-distro.cavecreek.net
     * updates: centos.cs.wisc.edu
    base                                                     | 3.7 kB     00:00     
    extras                                                   | 3.0 kB     00:00     
    updates                                                  | 3.5 kB     00:00     
    Setting up Install Process
    Package 2:postfix-2.6.6-2.1.el6_0.x86_64 already installed and latest version
    Nothing to do
    
    
    
  2. Sign up for a free Google Gmail accountand obtain access to a  Linux server. 

  3. Install OpenSSL if it is not already nstalled. 

    [root@GABRIEL postfix]# yum install openssl.x86_64
    Loaded plugins: fastestmirror, refresh-packagekit
    Loading mirror speeds from cached hostfile
     * base: centos.corenetworks.net
     * extras: centos.corenetworks.net
     * updates: centos-distro.cavecreek.net
    Setting up Install Process
    Package openssl-1.0.0-4.el6_0.2.x86_64 already installed and latest version
    Nothing to do
    
  4. Make a temporary SSL build environment 

    [root@GABRIEL ssl]# mkdir working
    [root@GABRIEL ssl]# cd working
    [root@GABRIEL working]# mkdir newcerts private
    [root@GABRIEL working]# echo '01' > serial
    [root@GABRIEL working]# touch index.txt
    [root@GABRIEL working]# ls
    cacert.pem              example_gmail-key.pem  index.txt  private
    example_gmail-cert.pem  example_gmail-req.pem  newcerts   serial
    
  5. Go to your server's actual encryption directory and create the Certificate Authority files 
    [root@GABRIEL CA]# pwd
    /etc/pki/CA
    [root@GABRIEL CA]# openssl req -new -x509 -keyout private/cakey.pem -out cacert.pem
    Generating a 2048 bit RSA private key
    .....................................+++
    ..................................+++
    writing new private key to 'private/cakey.pem'
    Enter PEM pass phrase:
    Verifying - Enter PEM pass phrase:
    -----
    You are about to be asked to enter information that will be incorporated
    into your certificate request.
    What you are about to enter is what is called a Distinguished Name or a DN.
    There are quite a few fields but you can leave some blank
    For some fields there will be a default value,
    If you enter '.', the field will be left blank.
    -----
    Country Name (2 letter code) [XX]:US
    State or Province Name (full name) []:California
    Locality Name (eg, city) [Default City]:Alameda
    Organization Name (eg, company) [Default Company Ltd]:Foo Software
    Organizational Unit Name (eg, section) []:Tech Support
    Common Name (eg, your name or your server's hostname) []:GABRIEL
    Email Address []:perforce@pforce.com 
    
  6. Create a Public Certificate 

    [root@GABRIEL CA]# openssl req -new -nodes -subj '/CN=perforce.com/O=Foo Software/C=US/ST=California/emailAddress=perforce@perforce.com' -keyout GABRIEL-key.pem -out GABRIEL-req.pem
    Generating a 2048 bit RSA private key
    ..................+++
    ...+++
    writing new private key to 'GABRIEL-key.pem'
    ----- 
    
  7. Sign your Certificate 

    [root@GABRIEL CA]# openssl ca -out GABRIEL-cert.pem -infiles GABRIEL-req.pem
    Using configuration from /etc/pki/tls/openssl.cnf
    Enter pass phrase for /etc/pki/CA/private/cakey.pem:
    Check that the request matches the signature
    Signature ok
    Certificate Details:
            Serial Number: 1 (0x1)
            Validity
                Not Before: Oct 26 01:21:32 2011 GMT
                Not After : Oct 25 01:21:32 2012 GMT
            Subject:
                countryName               = US
                stateOrProvinceName       = California
                organizationName          = Foo Software
                commonName                = perforce.com
                emailAddress              = perforce@pforce.com
            X509v3 extensions:
                X509v3 Basic Constraints: 
                    CA:FALSE
                Netscape Comment: 
                    OpenSSL Generated Certificate
                X509v3 Subject Key Identifier: 
                    CD:AB:3F:D0:0F:73:54:DD:29:CE:F4:E1:4E:1E:9F:AC:9A:67:A9:2B
                X509v3 Authority Key Identifier: 
                    keyid:20:31:11:37:11:D6:E5:44:13:6C:F2:8F:AE:E5:87:31:7A:29:2A:54
    
    Certificate is to be certified until Oct 25 01:21:32 2012 GMT (365 days)
    Sign the certificate? [y/n]:y
    
    1 out of 1 certificate requests certified, commit? [y/n]y
    Write out database with 1 new entries
    Data Base Updated
    [root@GABRIEL CA]#
  8. Copy the Certificates into the Postfix directory and set permissions 

    [root@GABRIEL CA]# cp cacert.pem GABRIEL-key.pem GABRIEL-cert.pem /etc/postfix
    [root@GABRIEL CA]# chmod 644 /etc/postfix/cacert.pem /etc/postfix/GABRIEL-cert.pem
    [root@GABRIEL CA]# chmod 400 /etc/postfix/GABRIEL-key.pem
  9. Retrieve the Certificates for Gmail and append them to cacert.pem 

    http://stevejenkins.com/blog/2011/06/fixing-postfix-certificate-verification-failed-for-gmail-untrusted-issuer-error-message/ 

    [root@GABRIEL postfix]# vi Equifax_Secure_CA.pem
    
    [root@GABRIEL postfix]# cat Equifax_Secure_CA.pem
    -----BEGIN CERTIFICATE-----
    MIIDIDCCAomgAwIBAgIENd70zzANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEQMA4GA1UE
    ChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5
    MB4XDTk4MDgyMjE2NDE1MVoXDTE4MDgyMjE2NDE1MVowTjELMAkGA1UEBhMCVVMxEDAOBgNVBAoT
    B0VxdWlmYXgxLTArBgNVBAsTJEVxdWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eTCB
    nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwV2xWGcIYu6gmi0fCG2RFGiYCh7+2gRvE4RiIcPR
    fM6fBeC4AfBONOziipUEZKzxa1NfBbPLZ4C/QgKO/t0BCezhABRP/PvwDN1Dulsr4R+AcJkVV5MW
    8Q+XarfCaCMczE1ZMKxRHjuvK9buY0V7xdlfUNLjUA86iOe/FP3gx7kCAwEAAaOCAQkwggEFMHAG
    A1UdHwRpMGcwZaBjoGGkXzBdMQswCQYDVQQGEwJVUzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UE
    CxMkRXF1aWZheCBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMBoG
    A1UdEAQTMBGBDzIwMTgwODIyMTY0MTUxWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUSOZo+SvS
    spXXR9gjIBBPM5iQn9QwHQYDVR0OBBYEFEjmaPkr0rKV10fYIyAQTzOYkJ/UMAwGA1UdEwQFMAMB
    Af8wGgYJKoZIhvZ9B0EABA0wCxsFVjMuMGMDAgbAMA0GCSqGSIb3DQEBBQUAA4GBAFjOKer89961
    zgK5F7WF0bnj4JXMJTENAKaSbn+2kmOeUJXRmm/kEd5jhW6Y7qj/WsjTVbJmcVfewCHrPSqnI0kB
    BIZCe/zuf6IWUrVnZ9NA2zsmWLIodz2uFHdh1voqZiegDfqnc1zqcPGUIWVEX/r87yloqaKHee95
    70+sB3c4
    -----END CERTIFICATE-----
    
    [root@GABRIEL postfix]# cat Thawte_Premium_Server_CA.pem
    -----BEGIN CERTIFICATE-----
    MIIDJzCCApCgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBzjELMAkGA1UEBhMCWkExFTATBgNVBAgT
    DFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYDVQQKExRUaGF3dGUgQ29uc3Vs
    dGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UE
    AxMYVGhhd3RlIFByZW1pdW0gU2VydmVyIENBMSgwJgYJKoZIhvcNAQkBFhlwcmVtaXVtLXNlcnZl
    ckB0aGF3dGUuY29tMB4XDTk2MDgwMTAwMDAwMFoXDTIwMTIzMTIzNTk1OVowgc4xCzAJBgNVBAYT
    AlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsGA1UEChMU
    VGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2
    aXNpb24xITAfBgNVBAMTGFRoYXd0ZSBQcmVtaXVtIFNlcnZlciBDQTEoMCYGCSqGSIb3DQEJARYZ
    cHJlbWl1bS1zZXJ2ZXJAdGhhd3RlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0jY2
    aovXwlue2oFBYo847kkEVdbQ7xwblRZH7xhINTpS9CtqBo87L+pW46+GjZ4X9560ZXUCTe/LCaIh
    Udib0GfQug2SBhRz1JPLlyoAnFxODLz6FVL88kRu2hFKbgifLy3j+ao6hnO2RlNYyIkFvYMRuHM/
    qgeN9EJN50CdHDcCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQAm
    SCwWwlj66BZ0DKqqX1Q/8tfJeGBeXm43YyJ3Nn6yF8Q0ufUIhfzJATj/Tb7yFkJD57taRvvBxhEf
    8UqwKEbJw8RCfbz6q1lu1bdRiBHjpIUZa4JMpAwSremkrj/xw0llmozFyD4lt5SZu5IycQfwhl7t
    UCemDaYj+bvLpgcUQg==
    -----END CERTIFICATE-----
    
    [root@GABRIEL postfix]# cat cacert.pem
    -----BEGIN CERTIFICATE-----
    MIIEFTCCAv2gAwIBAgIJAM5lw4XRMv24MA0GCSqGSIb3DQEBBQUAMIGgMQswCQYD
    VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEQMA4GA1UEBwwHQWxhbWVkYTEa
    MBgGA1UECgwRUGVyZm9yY2UgU29mdHdhcmUxFTATBgNVBAsMDFRlY2ggU3VwcG9y
    dDEUMBIGA1UEAwwLbGludXgtcmZvbmcxITAfBgkqhkiG9w0BCQEWEnJmb25nQHBl
    cmZvcmNlLmNvbTAeFw0xMTEwMjYwMTE4MzNaFw0xMTExMjUwMTE4MzNaMIGgMQsw
    CQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEQMA4GA1UEBwwHQWxhbWVk
    YTEaMBgGA1UECgwRUGVyZm9yY2UgU29mdHdhcmUxFTATBgNVBAsMDFRlY2ggU3Vw
    cG9ydDEUMBIGA1UEAwwLbGludXgtcmZvbmcxITAfBgkqhkiG9w0BCQEWEnJmb25n
    QHBlcmZvcmNlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANIF
    5deuEwqHR7Z/8PyZJLyt/O5k0hXSVoHwN1L9P8M+/vreIyahzUPnduTLCrfMC5rG
    U8h1Bvs5bfmU3OzRZIASQ5eq8QWLrvxVDwPupN1JcZWT8pfkIsfKLVq/Yh6QLRCY
    bUINu9OquW9qcZjvuHDvcUJhZRHgkCYh3I513qdzaulnaHZZnH6kC7sTbXb2zTEq
    FsX3xwfvz1IoGwUltQFzEL/q7AKNmiEdowNQcziCxgGuSsSMIzUiEGT1HKvTTaac
    p2p6mGvEp9D1y6D/e+56uXemzKazerDAfAikgZpZ8Vskm7C2wEhClP7XneZTbrkw
    sS+BjP9jee8OADEsB+ECAwEAAaNQME4wHQYDVR0OBBYEFCAxETcR1uVEE2zyj67l
    hzF6KSpUMB8GA1UdIwQYMBaAFCAxETcR1uVEE2zyj67lhzF6KSpUMAwGA1UdEwQF
    MAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAEuyZMiBtfp443QaawFCOzggPKFrYH0P
    TOGIBU16X6LD4t72uouXkFCZ1/qe35wWdFf04XjnnzjPpJ4ky6kV8fHaUtQI57I0
    O+9qd1UWSxazgyMLiK9y2CeFTNCXkOno3Gnshro01s07TuYj2tTTHhICbyjPx/Hb
    k9ZnczcdXZByVWKpQ2aIz7iu4wGb4dnF6mXmXZgZC9KRuXlYaO+ETtYs8tNNzm3w
    ME7SzkMPf3LR/IT6HQQeY89Ii+2JqKv6ukM95KzX9z0KzWUl78VVPe3ui2/n83gt
    G8Ix7YLXU/ImH/irQbITRP7fgfheuBVLXQrmeO+EXeAlP90yqmI2W/Y=
    -----END CERTIFICATE-----
    
    [root@GABRIEL postfix]# cat Equifax_Secure_CA.pem >> /etc/postfix/cacert.pem
    [root@GABRIEL postfix]# cat Thawte_Premium_Server_CA.pem >> /etc/postfix/cacert.pem
    
    
Related Links

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255