# Setting up a private MTA with relay to a public MTA



## tokind (Sep 23, 2010)

We moved to Google Apps and although I still have a mail relay arrangement with a local ISP, I really need to get my FreeBSD 8.1 server to relay through smtp.gmail.com. This requires and authenticated smtp connection.

My server not only originates messages from bugzilla, zabbix, mediawiki which are running on it, it also receives, queues, and sends messages from other servers within my private domain.

I have always used postfix for this. After many, MANY, hours of working with Cyrix SASL2 I have not been able to create a connection to the account I created at gmail for this purpose. I also tried these instructions with another server (smtpout.secureserver.net) and I am getting nowhere.

Today I found Setting up to send only, which looks promising. However, it suggests that I will disable sendmail or postfix. I want the server to be able to accept smtp connections from within my WAN only, and send them on out through gmail.

Can anyone help me to understand how to attain both of these goals? Many thanks!


----------



## plamaiziere (Sep 23, 2010)

tokind said:
			
		

> We moved to Google Apps and although I still have a mail relay arrangement with a local ISP, I really need to get my FreeBSD 8.1 server to relay through smtp.gmail.com. This requires and authenticated smtp connection.



It's easy with Postfix.

Here my setup (running a local MTA, and forwarding to another)

Postifx main.cf


```
relayhost = [smtp.xxxx.xxx]

# SASL smtp client
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/usr/local/etc/postfix/sasl_passwd
smtp_sasl_mechanism_filter = !gssapi, !external, static:all
#smtp_sasl_type = cyrus
data_directory = /var/db/postfix


sasl_passwd:
[smtp.xxxxx.xxx]     user:password
```
See also the postfix documentation :
http://www.postfix.org/SASL_README.html#client_sasl


----------



## kpa (Sep 24, 2010)

You have to rewrite the sender addresses in outgoing mails if they contain local addresses or gmail will reject them: http://www.postfix.org/ADDRESS_REWRITING_README.html#generic.


----------



## tokind (Sep 24, 2010)

I had all of this implemented but had not played with the smtp_sasl_mechanism_filter. It turns out that = !gsapi, !external would both give me an error "No suitable transport mechanism available". When I dropped those two and kept the "static:all" filter I got it to work. (I was also using a certificate. I had to drop the cert reference before this would work.)



			
				plamaiziere said:
			
		

> It's easy with Postfix.
> 
> Here my setup (running a local MTA, and forwarding to another)
> 
> ...



Thanks for the nudge in the right direction. I wrote an article for the Google Apps community, because they lacked any such article and it took a very long time for me to get this working. See Setting up a *nix intranet mail handler to relay outbound.


----------

