Configure Postfix to use Gmail as a Mail Relay

If you have a gmail account, you can configure your mta to relay outgoing mail through gmail. This gives you the benefit of gmail’s robust infrastructure and reliability, and gives you a simple means of sending email from the command line.

In this tutorial, we will use postfix as our mta. postfix is ​​a free, open source, actively maintained and highly secure mail transfer agent.

In each step, we will cover specific instructions for the following operating systems:

  • debian 9
  • ubuntu 18.04 lts
  • centos 7
  • opensuse jump 15.0
  • arch linux 2019.03.01
  • freebsd 12.0

We will also install mailutils/mailx so that we can send a test email. where necessary, we will install additional sasl libraries.

all commands starting with # require root privileges.

1. install the necessary software

debian, ubuntu:

When prompted for “general type of mail settings”, choose website.

when prompted for a “mail name”, choose a hostname to use in mail headers as the source of your emails. a fully qualified domain name is preferred, but it’s fine to use the plain hostname of your machine. Regardless of what you enter here, your return address will appear to recipients as their gmail address.

You may be prompted to configure the “root and postmaster mail recipient”. enter root, or another user that should receive notifications from the mail subsystem.

for any other request, you can choose the default values.

fedora:

cents:

open use:

linux arch:

freebsd:

compile port collection postfix to add support for sasl:

In the configuration dialogs, select sasl support. all other options can remain the same. then:

See Also:  Question: Why Do Hotels Ask For Your Address? - global mcafee

mailx can be installed from the binary package:

2. configure gmail authentication

create or modify a password file that postfix will use to establish authentication with gmail. In the authentication information below, replace username with your gmail username and password with your gmail password. If you are using a custom gmail app domain name, you can replace gmail.com with your google app domain.

The password file will reside in the postfix configuration directory. the file can be named whatever you like, but the recommended filename is sasl_passwd.

debian, ubuntu, fedora, centos, openuse, arch linux:

postfix configuration files reside in the /etc/postfix directory. create or edit the password file:

add the line:

save and close the file. your gmail password is stored as plain text, so make the file accessible only by root:

freebsd:

postfix configuration files reside in the /usr/local/etc/postfix directory. create or edit the password file:

add the line:

save and close the file. make it accessible only by root:

3. set suffix

There are six parameters that need to be configured in the postfix configuration file main.cf. the parameters are:

relayhost, which specifies the mail relay host and port number. the hostname will be enclosed in square brackets to specify that an mx lookup is not required.

smtp_use_tls, which enables (or disables) transport layer security.

smtp_sasl_auth_enable, which enables (or disables) sasl authentication.

smtp_sasl_security_options, which in the following configuration will be set to empty, to ensure that security options incompatible with gmail are not used.

smtp_sasl_password_maps, which specifies the password file to use. postmap will compile and encode this file in a later step.

See Also:  Student Email - Setting up a Mobile Device | IT Services | Utah Valley University

smtp_tls_cafile, which specifies the list of certificate authorities to use when verifying the identity of the server.

debian, ubuntu, arch linux:

edit the main postfix configuration file:

add or modify the following values:

save and close the file.

fedora, centos:

edit the main postfix configuration file:

add or modify the following values:

save and close the file.

open use:

edit the main postfix configuration file:

add or modify the following values:

save and close the file.

opensuse also requires the postfix master process configuration file master.cf to be modified. open it for editing:

Locate the line that says:

uncomment it, so it reads:

save and close the file.

freebsd:

edit the main postfix configuration file:

add or modify the following values:

save and close the file.

4. process password file

use postmap to compile and encode the content of sasl_passwd. the results will be stored in your postfix configuration directory in the file sasl_passwd.db.

debian, ubuntu, fedora, centos, openuse, arch linux:

freebsd:

5. reset postfix

restart the postfix service, putting your changes into effect.

debian, ubuntu, fedora, centos, openuse, arch linux:

freebsd:

to start the postfix service for this session only:

To start postfix automatically when the system boots, open /etc/rc.conf to edit:

add the line:

save and close the file. then you can run:

to start suffix.

6. enable “less secure apps” in gmail

By default, only the most secure logins, such as logging into gmail on the web, are allowed for your gmail account. To allow relay requests, log in to your gmail account and turn on allow less secure apps.

See Also:  Migrate Exchange to Gmail and Exchange to G Suite with Attachments

for more information, see the google support document “allowing less secure apps to access your account”.

7. send a test email

Test your new configuration by sending an email using the mail command. execute:

you will be presented with a blank line (or a cc: field, which you can skip by pressing enter). type the body of your message, pressing enter for new lines. When you’re done composing your email, type ctrl-d to send it. to cancel the email, press ctrl-c twice.

To send a precomposed email, use the command:

where textfile is the name of a file containing the text to send.

troubleshooting

if it doesn’t work, check the logs for suffix errors:

debian:

ubuntu, fedora, centos, openuse, arch linux:

freebsd:

If you are receiving authentication errors from gmail, please verify that allow less secure apps is turned on in your gmail account settings, as specified in step 6.

verify that the password file sasl_passwd exists and that its contents are in the correct format, as specified in step 2. if you make any changes to the password file, be sure to repeat the steps 4 and 5 to hash the new password file and restart postfix.

if you see any tls errors, double check the configuration in main.cf as specified in step 3. if you make any changes to the configuration, restart postfix as specified in step 5.

Leave a Reply

Your email address will not be published. Required fields are marked *