How to: Use Postfix to Outbound Email as Gmail Relay on Ubuntu - 2-step verification (Update !!!)
Postfix is a mail transfer agent (MTA) a software that implements Simple Mail Transfer Protocol (SMTP).
They transport E-Mail messages from one computer to another.
MTAs talk to other MTAs, and either
- deliver mail locally
- or hand it off for delivery to an mail delivery agent (MDA)/LDA if it was destined to the local system.
Mail User Agent (MUAs) (such as mutt, thunderbird, sylpheed, evolution, kmail) hand off newly sent messages to an MTA.
There are many reasons why you would want to configure Postfix to send email using an external SMTP provider such as Gmail, Amazon SES, or any other SMTP server. One reason is to avoid getting your mail flagged as spam if your current server’s IP has been added to a spam list.
Installing Postfix
Postfix
is available to install from the built-in APT package manager.
1. First, as always, we will update the packages and then install them. We're also going to install the libsasl2-modules package as it will be needed later on.
$ sudo apt-get update && apt install postfix libsasl2-modules
ps: during the installation, you may be prompted to configure Postfix.
If it doesn't you can use the following command:
$ sudo dpkg-reconfigure postfix
2. A prompt will appear asking for your General type of mail configuration.
We're going to pick Internet Site.
3. Enter the fully qualified name of your domain, fqdn.example.com. You can choose to use your domain, or you can also choose your system's hostname.
4. Once the installation is finished, open the /etc/postfix/main.cf
file with your favorite text editor:
$ sudo nano /etc/postfix/main.cf
and make sure that the myhostname parameter is configured with your server’s FQDNmyhostname = fqdn.example.com
Configuring SMTP Usernames and Passwords
Usernames and passwords are generally stored in a file called sasl_passwd
in the /etc/postfix/
directory. In this section, you’ll add your external mail provider credentials to this file and to Postfix.
1. Open or create the /etc/postfix/sasl/sasl_passwd
file, using your favorite text editor:
sudo nano /etc/postfix/sasl/sasl_passwd
2. Add your destination (SMTP Host), username, and password (see below SMTP mail blocked by Google for security reasons):
[smtp.gmail.com]:587 your-email-address@gmail.com:password
The SMTP server address configuration smtp.gmail.com
supports message submission over port 587 ( StartTLS) and port 465 ( SSL). Whichever protocol you choose, be sure the port number is the same in /etc/postfix/sasl/sasl/sasl_passwd
and /etc/postfix/main.cf
files.
3. Create the hash db file for Postfix by running the postmap
command:
$ sudo postmap /etc/postfix/sasl/sasl_passwd
If all went well, you should have a new file named sasl_passwd.db
in the /etc/postfix/
directory.
The /etc/postfix/sasl/sasl_passwd
and the /etc/postfix/sasl/sasl_passwd.db
files created previously contain your SMTP credentials in plain text.
4. To restrict access to these files, change their permissions so that only the root user can read from or write to the file. Run the following commands to change the ownership to root and update the permissions for the two files:
$ sudo chown root:root /etc/postfix/sasl/sasl_passwd /etc/postfix/sasl/sasl_passwd.db
$ sudo chmod 0600 /etc/postfix/sasl/sasl_passwd /etc/postfix/sasl/sasl_passwd.db
Configure the Postfix Relay Server
Now, you will configure the /etc/postfix/main.cf
file to use Gmail’s SMTP server.
1. Find and modify relayhost
in /etc/postfix/main.cf
to match the following example. Be sure the port number matches what you specified in the /etc/postfix/sasl/sasl_passwd
above.
relayhost
=[smtp.gmail.com]:587
2. At the end of the file, add the following parameters to enable authentication:
Enable SASL authentication
smtp_sasl_auth_enable = yes
Disallow methods that allow anonymous authentication
smtp_sasl_security_options = noanonymous
Location of sasl_passwd
smtp_sasl_password_maps = hash:/etc/postfix/sasl/sasl_passwd
Enable STARTTLS encryption
smtp_tls_security_level = may
Location of CA certificates
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
Now it's time to restart Postfix:
$ sudo service postfix restart
SMTP mail blocked by Google for security reasons
Google has announced that as of May 30, 2022, the use of third-party applications or devices that allow signing in with only a username and password will no longer be supported. And it is effective.
See this Google support page for more information:
Less secure apps & your Google Account
This change may affect you if you are using a Google SMTP server to send and receive mail, and you currently have the "Less secure app access" option set to On in your Google account.
To ensure that you can still use the Google SMTP account to send mail, follow these steps:
- Enable 2-Step Authentication on the Google account, if it is not already enabled.
For more information on how to enable and use 2-Step Authentication with a Google account, see this Google support page: Turn on 2-Step Verification - Create an App Password. Select the app and device you want to generate the app password for.
For more information on how to create and use an app password, see this Google support page: Sign in with App Passwords
Please note: You will only see the App Password once when it is generated, so be sure to note it at the time of its creation. If you forget the App Password, you would need to revoke it and re-create it, and then update your SMTP settings. App Passwords are automatically revoked if the password on the Google account that created them is changed.
Once you have created the app password, use it on SMTP server settings.
Use your Google mail address as the account name, and the app password as the password.
Test Postfix
Send our test email from Terminal by running the following command in your terminal.
$ echo "Test Postfix as Gmail Relay" | mail -s "Postfix Gmail" your-email-address@gmail.com`
Check your Gmail, you would have received an email.
Thank you for reading and have yourself a nice day!