Over the weekend I decided to configure my NetBSD system to stop sending emails to the local mbox (where I never read them) and start sending emails correctly to the internet. I also wanted to do so using my gmail account. Most of my info came from here but it's a little verbose for my tastes. Basically I had to do the following:

• /etc/mk.conf



PKG_OPTIONS.postfix+= sasl
ACCEPTABLE_LICENSES+= postfix-license



• build and install pkgsrc/mail/postfix


• install (I used a binary) pkgsrc/security/cyrus-sasl


• install (I used a binary) pkgsrc/security/cy2-plain-2.1.23


• cp /usr/pkg/share/examples/rc.d/postfix /etc/rc.d/


• modify /usr/pkg/etc/postfix/main.cf



relayhost = [smtp.gmail.com]:587

#use ssl/tls
smtp_use_tls = yes
smtp_tls_policy_maps = hash:/usr/pkg/etc/postfix/tls_policy

#Now add a username and password
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/usr/pkg/etc/postfix/sasl_passwd
smtp_sasl_security_options=



• add /usr/pkg/etc/postfix/tls_policy



smtp.gmail.com         MUST



• add /usr/pkg/etc/postfix/sasl_passwd



[smtp.gmail.com]:587              username@gmail.com:password



• /usr/pkg/sbin/postmap /usr/pkg/etc/postfix/tls_policy


• /usr/pkg/sbin/postmap /usr/pkg/etc/postfix/sasl_passwd


• /etc/rc.d/postfix start

Now test with mailx someone@something.com and watch the maillog. I do get a warning about not liking the thawt cert, so I may figure out how to import it, but other tutorials all talked about needing your own CA and other insanity. I would hope the MUST in tls_policy insured that I was using SSL. I'll tcpdump and see sometime, but for now this seems to be all that's needed.

(Can we get SASL in base? I know LDAP, kerberos, and NFSv4 would appreciate it)

UPDATE!
To fix the ssl cert warning, add the following package:
mozilla-rootcerts
then
cd /etc/openssl/certs
mozilla-rootcerts extract
mozilla-rootcerts rehash

And add the following to your main.cf:
smtp_tls_CApath = /etc/openssl/certs

Labels: NetBSD