Yes, I hate google too. They do way too much to make my life harder. On the surface they are all nice and soft, but their 'free' services have a ton of bad sides to them. Let's take a look at one right now. Today I found a nasty shortcoming of gmail. All google apps users will have the same shortcoming.
So, Google has a bunch of mailservers that accept->deliver mail for gmail users. When you are want to send an email from your email client, you need to configure it to use TLS and authentication. That's great in terms of security for regular users. But what if you run a mailserver and want to send mail to some gmail user and TLS encrypt it? Turns out it is not possible. You, in fact, have to configure your mail server as if it is an email client, that is authenticate and then TLS encrypt, What's even worse is that even if your mailserver supports TLS encryption, gmail will plainly ignore it, so all mail users send out of gmail mailservers is transferred unencrypted.
here are snippets of configuration for postfix and exim to make it work, but in reality, you should really dump this google service and start using something more reliable and feature-rich.
exim(must be compiled with tls and sasl):
in routers create a new router. it will only be used when sending email to gmail users. if you are google apps user, add your target domains here.
gmailrouter:
driver = manualroute
domains = gmail.com
route_list = gmail.com smtp.gmail.com
transport = gmailtransport
in transports:
gmailtransport:
driver = smtp
hosts_try_auth = ${if exists{CONFDIR/passwd.client} { ${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$host_address}} } {} }
create a file called
passwd.client which should contain smth like that:
smtp.gmail.com:username@gmail.com:your_pwd
postfix:
in
main.cf file add:
relayhost = smtp.gmail.com
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/relay_pwd
smtp_sasl_security_options =
in your
/etc/postfix/relay_pwd you should have something like that:
smtp.gmail.com username@gmail.com:your_pwd
don't forget to run:
postmap hash:/etc/postfix/relay_pwd
This is for all of you, unfortunate sysadmins, who support companies who made a decision to use gmail or google apps. good luck.