Currently Being ModeratedApr 12, 2012 2:39 PM (in response to Rikakiah)
Your smtpd postfix settings relate to clients connecting TO this server, not for outgoing connections.
There are ways of setting up relay through gmail, but you have to encode and store your username and password in specific ways/places on your server. There are numerous online posts about how to do this. I found this as a starting point.
As for the _www user, that's there because it looks like it's Apache that's generating your emails (the result of a web form, maybe?). Most web form processors have the ability to define the 'from' address, so you should look at whatever system you're using to generate the messages.
Currently Being ModeratedApr 12, 2012 2:42 PM (in response to Rikakiah)
I'd encourage working this issue through campus IT and campus management; that's the best solution here. These sorts of cases can sometimes blow up, should a mail server become compromised or otherwise misused, or should centralized logging and malware scanning is required.
That written, if you have a public DNS translation and a public static IP, then you can start your own server by getting the MX and forward and reverse DNS configured correctly. That would run completely parallel to the main campus mail system, though it may still be identified by some remote mail servers as a rogue mail server if some other steps aren't performed.
If you want to use a relay, you'll need to set it up with whomever you're hosting with, and I don't know off-hand that Google allows relays. I know some other providers do.
_www is Apache. That's one of the standard accounts created on OS X and OS X Server, and not one that should be deleted. That written, it looks like you're using the web server to send the mail messages; that the mail is arriving from something associated with Apache or web services.
Currently Being ModeratedApr 16, 2012 10:29 AM (in response to MrHoffman)
If you knew our IT dept, I think you'd agree that it would be more effective to bypass them as much as possible. However, it's a moot point, as they refuse to work with me, or specifically a mac environment (I've tried over the past several years and finally have just given up dealing with them unless absolutely necessary).
I'm working with an external consultant (he's hired by the main IT dept, and they passed him off to me to work on this issue) so I'm more comfortable that it won't get set up in such a way that it will get our servers blacklisted or anything, but he's not familiar with the mac side or how to get things set up fully on this end. He is, however, much more willing to work on the issue than the IT dept. He seemed pretty confident that gmail would allow relaying, but perhaps I'll try a different one as a test. Do you know offhand which ones definitely do? Does Yahoo?
As to the _www, I had a hunch it was Apache and had no intention of outright deleting it. Was just wanting to know how to get the emails to come from a different address--I'll check with the guy who programmed the web app and see if it can be set up internally in that or something.
But back on topic...
So "smtpd_..." refers to connections TO my server and "smtp_..." refers to connections FROM my server? Because the links in your suggestions refer to just "smtp_...", but there wasn't anything like that already existing in my main.cf--it was all "smtpd_...".
Also, the passwd file is located (and populated correctly already) in etc/postfix/sasl/ and named simply passwd, instead of at etc/postfix/ and named sasl_passwd. Is this irrelevant and just specific to Snow Leopard, or should I move the passwd file down a level to /etc/postfix/ and rename it to sasl_passwd?
Currently Being ModeratedApr 16, 2012 11:02 AM (in response to Rikakiah)
Ha, well it definitely was the smtp vs smtpd (as you obviously know). It now works, but I'm getting this line in my logs now:
Apr 16 12:39:55 myserver postfix/smtp: certificate verification failed for smtp.gmail.com[22.214.171.124]:587: untrusted issuer /C=US/O=Equifax/OU=Equifax Secure Certificate Authority
It's not a big deal, as far as I'm concerned (the process still works), but what kind of certificate do I need to get/create and put where to make this go away?
Once again, thanks.