Postfix is a free, open-source, actively maintained, and highly secure mail transfer agent. You can configure your system with Postfix to use Gmail as a mail relay.
In order to do this follow the instruction below. Use sudo when needed or execute the commands below under “root” account.
Software installation
Debian, Ubuntu:
|
1 |
apt-get update && apt-get install postfix mailutils |
When prompted for “General type of mail configuration,” choose Internet Site.
When prompted for a “Mail name,” choose a hostname to be used in mail headers as the origin of your emails. A fully-qualified domain name is preferred, but using your machine’s simple hostname is OK. Regardless of what you enter here, your return address will appear to recipients as your Gmail address.
You may be prompted to set the “Root and postmaster mail recipient.” Enter root, or another user who should receive mail subsystem notifications.
For any other prompts, you can choose the default values.
Fedora:
|
1 |
dnf update && dnf install postfix mailx |
CentOS:
|
1 |
yum update && yum install postfix mailx cyrus-sasl cyrus-sasl-plain |
OpenSUSE:
|
1 |
zypper update && zypper install postfix mailx cyrus-sasl |
Arch Linux:
|
1 |
pacman -Sy postfix mailutils |
FreeBSD:
Compile Postfix from the ports collection to incorporate support for SASL:
|
1 2 3 4 5 |
portsnap fetch extract update cd /usr/ports/mail/postfix make config |
In the configuration dialogs, select SASL support. All other options can remain the same. Then:
|
1 |
make install clean |
Mailx can be installed from the binary package:
|
1 |
pkg install mailx |
Configure Gmail Authentication
Create or modify a password file which will be used by Postfix to establish authentication with Gmail. In the authentication information below, replace username with your Gmail username and password with your Gmail password. If you are using a custom Gmail Apps domain name, you may replace gmail.com with your Google Apps domain.
The password file will reside in the Postfix configuration directory. The file can be named whatever you like, but the recommended filename is sasl_passwd.
Debian, Ubuntu, Fedora, CentOS, OpenSUSE, Arch Linux:
Postfix configuration files reside in the directory /etc/postfix. Create or edit the password file:
vi /etc/postfix/sasl_passwd
Add the line:
|
1 |
[smtp.gmail.com]:587 youremail@gmail.com:password |
Save and close the file. Your Gmail password is stored as plaintext, so make the file accessible only by root:
# chmod 600 /etc/postfix/sasl_passwd
FreeBSD:
Postfix configuration files reside in the directory /usr/local/etc/postfix. Create or edit the password file:
|
1 |
vi /usr/local/etc/postfix/sasl_passwd |
Add the line:
|
1 |
[smtp.gmail.com]:587 youremail@gmail.com:password |
Save and close the file. Make it accessible only by root:
|
1 |
chmod 600 /usr/local/etc/postfix/sasl_passwd |
Configure Postfix to use Gmail as relay
There are six parameters which must be set in the Postfix configuration file main.cf. The parameters are:
relayhost, which specifies the mail relay host and port number. The host name will be enclosed in brackets to specify that no MX lookup is required.
smtp_use_tls, which enables (or disables) transport layer security.
smtp_sasl_auth_enable, which enables (or disables) SASL authentication.
smtp_sasl_security_options, which in the following configuration will be set to empty, to ensure that no Gmail-incompatible security options are used.
smtp_sasl_password_maps, which specifies the password file to use. This file will be compiled and hashed by postmap in a later step.
smtp_tls_CAfile, which specifies the list of certificate authorities to use when verifying server identity.
Debian, Ubuntu, Arch Linux:
Edit the main Postfix configuration file:
|
1 |
vi /etc/postfix/main.cf |
Add or modify the following values:
|
1 2 3 4 5 6 |
relayhost = [smtp.gmail.com]:587 smtp_use_tls = yes smtp_sasl_auth_enable = yes smtp_sasl_security_options = smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt |
Save and close the file.
Fedora, CentOS:
Edit the main Postfix configuration file:
|
1 |
vi /etc/postfix/main.cf |
Add or modify the following values:
|
1 2 3 4 5 6 |
relayhost = [smtp.gmail.com]:587 smtp_use_tls = yes smtp_sasl_auth_enable = yes smtp_sasl_security_options = smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_tls_CAfile = /etc/ssl/certs/ca-bundle.crt |
Save and close the file.
OpenSUSE:
Edit the main Postfix configuration file:
|
1 |
vi /etc/postfix/main.cf |
Add or modify the following values:
|
1 2 3 4 5 6 |
relayhost = [smtp.gmail.com]:587 smtp_use_tls = yes smtp_sasl_auth_enable = yes smtp_sasl_security_options = smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_tls_CAfile = /etc/ssl/ca-bundle.pem |
Save and close the file.
OpenSUSE also requires that the Postfix master process configuration file master.cf be modified. Open it for editing:
|
1 |
vi /etc/postfix/master.cf |
Locate the line which reads:
|
1 |
#tlsmgr unix - - n 1000? 1 tlsmg |
Uncomment it, so it reads:
|
1 |
tlsmgr unix - - n 1000? 1 tlsmg |
Save and close the file.
FreeBSD:
Edit the main Postfix configuration file:
|
1 |
vi /usr/local/etc/postfix/main.cf |
Add or modify the following values:
|
1 2 3 4 5 6 |
relayhost = [smtp.gmail.com]:587 smtp_use_tls = yes smtp_sasl_auth_enable = yes smtp_sasl_security_options = smtp_sasl_password_maps = hash:/usr/local/etc/postfix/sasl_passwd smtp_tls_CAfile = /etc/mail/certs/cacert.pem |
Save and close the file.
Prepare password file for Postfix use
Use postmap to compile and hash the contents of sasl_passwd. The results will be stored in your Postfix configuration directory in the file sasl_passwd.db.
Debian, Ubuntu, Fedora, CentOS, OpenSUSE, Arch Linux:
|
1 |
postmap /etc/postfix/sasl_passwd |
FreeBSD:
|
1 |
postmap /usr/local/etc/postfix/sasl_passwd |
Restart Postfix
Restart the Postfix service, putting your changes into effect.
Debian, Ubuntu, Fedora, CentOS, OpenSUSE, Arch Linux:
|
1 |
systemctl restart postfix.service |
FreeBSD:
To start the Postfix service for this session only:
service postfix onestart
To start Postfix automatically when the system initializes, open /etc/rc.conf for editing:
|
1 |
vi /etc/rc.conf |
Add the line:
|
1 |
postfix_enable=YES |
Save and close the file. You may then run:
|
1 |
service postfix start |
To start Postfix.
Enable “Less Secure Apps” In Gmail
By default, only the most secure sign-ins, such as logging in to Gmail on the web, are allowed for your Gmail account. To permit relay requests, log in to your Gmail account and turn on Allow less secure apps.
For more information, review the Google Support document “Allowing less secure apps to access your account.”
Send A Test Email
Test your new configuration by sending an email using the mail command. Run:
|
1 |
mail -s "Test subject" recipient@domain.com |
You will be presented with a blank line (or a CC: field, which you can bypass by pressing Enter). Type the body of your message, pressing Enter for new lines. When you are finished composing the email, type CTRL-D to send it. To cancel the email, press CTRL-C twice.
To send a precomposed email, use the command:
|
1 |
mail -s "Subject Here" recipient@domain.com < textfile |
Where textfile is the name of a file containing the text to be sent.
Troubleshooting Postfix
If it’s not working, check the logs for any Postfix errors:
Debian:
|
1 |
less /var/log/mail.log |
Ubuntu, Fedora, CentOS, OpenSUSE, Arch Linux:
|
1 |
journalctl |
FreeBSD:
|
1 |
less /var/log/maillog |
If you receive authentication errors from Gmail, verify that Allow Less Secure Apps is turned on in your Gmail account settings, as specified in Step 6.
Verify that the password file sasl_passwd exists, and that its contents are formatted correctly, as specified in Step 2. If you make any changes to the password file, make sure to repeat Steps 4 and 5 to hash the new password file and restart Postfix.
If you see any TLS errors, double check the configuration in main.cf as specified in Step 3. If you make any configuration changes, restart Postfix as specified in Step 5.
