How to: Use Postfix to Outbound Email as Gmail Relay on Ubuntu - 2-step verification (Update !!!)

How to: Use Postfix to Outbound Email as Gmail Relay on Ubuntu - 2-step verification (Update !!!)
Image credit: Unknown. Please contact us if you are the owner.

Postfix is a mail transfer agent (MTA) a software that implements Simple Mail Transfer Protocol (SMTP).

They transport E-Mail messages from one computer to another.

MTAs talk to other MTAs, and either

  • deliver mail locally
  • or hand it off for delivery to an mail delivery agent (MDA)/LDA if it was destined to the local system.

Mail User Agent (MUAs) (such as mutt, thunderbird, sylpheed, evolution, kmail) hand off newly sent messages to an MTA.


There are many reasons why you would want to configure Postfix to send email using an external SMTP provider such as Gmail, Amazon SES, or any other SMTP server. One reason is to avoid getting your mail flagged as spam if your current server’s IP has been added to a spam list.

Installing Postfix

Postfix is available to install from the built-in APT package manager.

1. First, as always, we will update the packages and then install them. We're also going to install the libsasl2-modules package as it will be needed later on.

$ sudo apt-get update && apt install postfix libsasl2-modules

ps: during the installation, you may be prompted to configure Postfix.
If it doesn't you can use the following command:

$ sudo dpkg-reconfigure postfix


2. A prompt will appear asking for your General type of mail configuration.

We're going to pick Internet Site.


3. Enter the fully qualified name of your domain, fqdn.example.com. You can choose to use your domain, or you can also choose your system's hostname.

4. Once the installation is finished, open the /etc/postfix/main.cf file with your favorite text editor:

$ sudo nano /etc/postfix/main.cf

and make sure that the myhostname parameter is configured with your server’s FQDN

myhostname = fqdn.example.com

Configuring SMTP Usernames and Passwords

Usernames and passwords are generally stored in a file called sasl_passwd in the /etc/postfix/ directory. In this section, you’ll add your external mail provider credentials to this file and to Postfix.

1. Open or create the /etc/postfix/sasl/sasl_passwd file, using your favorite text editor:

sudo nano /etc/postfix/sasl/sasl_passwd

2. Add your destination (SMTP Host), username, and password (see below SMTP mail blocked by Google for security reasons):

[smtp.gmail.com]:587 your-email-address@gmail.com:password

The SMTP server address configuration smtp.gmail.com supports message submission over port 587 ( StartTLS) and port 465 ( SSL). Whichever protocol you choose, be sure the port number is the same in /etc/postfix/sasl/sasl/sasl_passwd and /etc/postfix/main.cf files.

3. Create the hash db file for Postfix by running the postmap command:

$ sudo postmap /etc/postfix/sasl/sasl_passwd

If all went well, you should have a new file named sasl_passwd.db in the /etc/postfix/ directory.

The /etc/postfix/sasl/sasl_passwd and the /etc/postfix/sasl/sasl_passwd.db files created previously contain your SMTP credentials in plain text.

4. To restrict access to these files, change their permissions so that only the root user can read from or write to the file. Run the following commands to change the ownership to root and update the permissions for the two files:

$ sudo chown root:root /etc/postfix/sasl/sasl_passwd /etc/postfix/sasl/sasl_passwd.db

$ sudo chmod 0600 /etc/postfix/sasl/sasl_passwd /etc/postfix/sasl/sasl_passwd.db


Configure the Postfix Relay Server

Now, you will configure the /etc/postfix/main.cf file to use Gmail’s SMTP server.

1. Find and modify relayhost in /etc/postfix/main.cf to match the following example. Be sure the port number matches what you specified in the /etc/postfix/sasl/sasl_passwd above.

relayhost =[smtp.gmail.com]:587

2. At the end of the file, add the following parameters to enable authentication:

Enable SASL authentication
smtp_sasl_auth_enable = yes

Disallow methods that allow anonymous authentication
smtp_sasl_security_options = noanonymous

Location of sasl_passwd
smtp_sasl_password_maps = hash:/etc/postfix/sasl/sasl_passwd

Enable STARTTLS encryption
smtp_tls_security_level = may

Location of CA certificates
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt

Now it's time to restart Postfix:

$ sudo service postfix restart

SMTP mail blocked by Google for security reasons


Google has announced that as of May 30, 2022, the use of third-party applications or devices that allow signing in with only a username and password will no longer be supported. And it is effective.
See this Google support page for more information:
Less secure apps & your Google Account

This change may affect you if you are using a Google SMTP server to send and receive mail, and you currently have the "Less secure app access" option set to On in your Google account.

To ensure that you can still use the Google SMTP account to send mail, follow these steps:

  1. Enable 2-Step Authentication on the Google account, if it is not already enabled.
    For more information on how to enable and use 2-Step Authentication with a Google account, see this Google support page: Turn on 2-Step Verification

  2. Create an App Password. Select the app and device you want to generate the app password for.
    For more information on how to create and use an app password, see this Google support page: Sign in with App Passwords


    Please note: You will only see the App Password once when it is generated, so be sure to note it at the time of its creation. If you forget the App Password, you would need to revoke it and re-create it, and then update your SMTP settings. App Passwords are automatically revoked if the password on the Google account that created them is changed.


Once you have created the app password, use it on SMTP server settings.
Use your Google mail address as the account name, and the app password as the password.


Test Postfix

Send our test email from Terminal by running the following command in your terminal.

$ echo "Test Postfix as Gmail Relay" | mail -s "Postfix Gmail" your-email-address@gmail.com` 

Check your Gmail, you would have received an email.


Thank you for reading and have yourself a nice day!

Keep Us Caffeinated  ⦿ ⦿