How to relay mail via Google account using Postfix
You have to enable TLS
in Postfix's SMTP client, since Google requires it. This is indicated by them in the message Must issue a STARTTLS command
.
In /etc/postfix/main.cf
, you want something like this:
smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
and then in /etc/postfix/tls_policy
:
[smtp.gmail.com]:587 encrypt
The left hand side in tls_policy
must appear exactly the same as your relayhost entry in main.cf
.
Remember to run postmap
on /etc/postfix/tls_policy
after creating or changing it as required.
You can find more details in Postfix's TLS documentation.
Refer these links
http://blog.bigdinosaur.org/postfix-gmail-and-you/
http://www.postfix.org/TLS_README.html#client_tls
This is the procedure I use for this:
sudo apt-get install postfix.
If it asks what sort of mail server you are installed, choose no configuration (the first option)
sudo nano /etc/postfix/main.cf
and paste this in
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
# listen on localhost only
inet_interfaces = 127.0.0.1
smtpd_banner = $myhostname ESMTP $mail_name
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
#Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
relayhost = [smtp.gmail.com]:587
smtp_use_tls = yes
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
Save the file, Now we create the file with the username and password in
sudo nano /etc/postfix/sasl_passwd
and paste in the following making the required replacements
[smtp.gmail.com]:587 [email protected]:password
Save it, and at the command prompt
sudo postmap /etc/postfix/sasl_passwd
Then
chmod 600 /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db
Finally,
sudo service postfix restart
Note that once you’ve successfully tested the email system, you can remove / obfuscate the password in sasl_passwd.
Test it with you application. If you have trouble, check /var/log/mail.log You can apt-get install mail-utils to have it install a mail program. you can then test with
echo “this is a test” | mailx -s “This is the subject” [email protected]
Finally
Run
newaliases
to make an /etc/aliases.db file. If you don’t it will log a lot of errors about it to /var/log/mail.err If you get SASL errors (postfix) Check the hostname is in /etc/hosts and /etc/hostname If postfix complains about not being able to relay for a given host / ip address (postfix) Add this to /etc/postfix/main.cf
mynetworks = 10.0.0.0/8
This will allow anyone with a 10.0.0.0 address to connect, obviously you should bolt this down as much as possible, either by restricting the network, and / or using any firewall or security policy available to you