2011.06.26

Postfix: Configuring Gmail as Relay

I recently had to re-provision a VM which I use to run a bunch of cron jobs and email me reports. I use Ubuntu as my OS, Postfix as my mail server, and Gmail for my email account.

The details to make this happen can be found in quite a few places online, but the information was a bit scattered and didn’t match my situation exactly.

Steps to Success

1. Edit /etc/postfix/main.cf

# sets gmail as relay
relayhost = [smtp.gmail.com]:587

#  use tls
smtp_use_tls=yes

# use sasl when authenticating to foreign SMTP servers
smtp_sasl_auth_enable = yes

# path to password map file
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd

# list of CAs to trust when verifying server certificate
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt

# eliminates default security options which are imcompatible with gmail
smtp_sasl_security_options =

If you need further debugging you can add these:

debug_peer_list=smtp.gmail.com
debug_peer_level=3

2. Add Gmail creds to /etc/postfix/sasl_passwd

[smtp.gmail.com]:587  username:password

3. Run sudo postmap /etc/postfix/sasl_passwd

Make sure the /etc/sasl_passwd* files are owned by the postfix user:

sudo chown postfix sasl_passwd*

4. Run /etc/init.d/postfix reload

Troubleshooting

1. No TLS

status=bounced (host smtp.gmail.com[74.125.65.109] said: 530 5.7.0 Must issue a STARTTLS command first. s9sm727762ybm.8 (in reply to MAIL FROM command))

You're missing smtp_use_tls=yes in main.cf

2. Unknown CA

certificate verification failed for smtp.gmail.com[74.125.47.109]:587: untrusted issuer /C=US/O=Equifax/OU=Equifax Secure Certificate Authority

You're missing smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt in main.cf