Configuring `postfix` to relay through Gmail

Problem

You have created a server somewhere and

you would like it to send you emails so you can monitor various services; or perhaps your new server has a web site you would like to be able to email users
but you do not want a full mail service and certainly not one open to the internet
also you do not have a static IP address that you could add to SPF or DKIM records to validate emails sent directly by your server

Here is one simple solution - configure postfix to relay through gmail

Pre-requistes

You need to have the following available:

your system needs to be connected to the internet
your need to resolve names and connect to remote services
you need a Gmail mail account which lets you sent SMTP messages through it from remote clients; usually this means you need to have a G Suite
a fresh install of postfix - a mail server; probably also good to have a command-line mail client such as mailx or s-nail
access to your server’s root account

If you have all the above, read on…

Most of the content below was based on this article : although badly titled (it does not use a tunnel), it details most of what you need to do. My article mostly simplifies.

Configuration

First, locate your postfix configuration folder (/etc/postfx) and edit the main configuration file; add the following content to the bottom of this file

/etc/postfix/main.cf

myhostname = emne.afccommercial.co.uk
relayhost = [smtp.gmail.com]:587
smtp_connection_cache_destinations = [smtp.gmail.com]:587
smtp_use_tls = yes
smtp_tls_security_level = encrypt
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/gmail
smtp_sasl_security_options = noanonymous
smtp_sender_dependent_authentication = yes
soft_bounce = yes
default_destination_concurrency_limit = 1

Item descriptions

An explanation of some of these items follows

myhostname: Defines the hostname of your local server; you need to make sure that this domain is quite distinct from the domain you want to send emails to or the domain used on your Gmail account. Any email sent to this domain will be considered local and will not be relayed to Gmail
relayhost: Specifies where mail should be sent for onward delivery i.e. relayed through; smtp.gmail.com is the fixed address for sending mail through gmail while 587 is the port to use with TLS
smtp_connection_cache_destinations: (optional) the same as the relayhost setting; this setting can improve performance
smtp_use_tls: tells postfix to use TLS if it is available. Gmail insists on either TLS or SSL; TLS does not require you to get an SSL certificate
smtp_sasl_password_mapss: we will create an additional file to contain our authentication details to Gmail; this defines the name of the file - use nay name you want, here we use gmail

For all the other settings, consult Postfix configuration online.

Authentication file

Now create the file gmail (as defined by smtp_sasl_password_map) and edit it to contain something like this:

/etc/postfix/gmail

sysadmin@afc.co.uk        drew@afc.co.uk:mypassword
# Login information for the default relayhost.
[smtp.gmail.com]:587      drew@afc.co.uk:mypassword

This file contains our username and password to authenticate with Gmail.

The final line specifies that the default behaviour is to relay mail through the Gmail account drew@afc with these particualar authentication details; mail will be sent from this address regardless of what you might specify as a sendfrom address when composing the mail
If you have multiple Gmail accounts that you want to use, you can explicitly define them as in the example on line 1
If you want an email to be sent from a specific address (i.e. different from the account name) then use the same format as line 1 and make sure you have created an alias for your account (do this in the settings of your Gmail account: Settings -> See all settings -> Accounts : Send mail as)
If you have 2-step verification turned on for your account, you cannot use your regular password because that would require verification using a tool such as Google Authenticator. Instead you need to generate a specific password in your Google Account Security -> Signing in to Google -> App passwords

Once you have created this file as required, and everytime it changes, you need to action it with

postmap gmail

Conclusion

Once your configuration is complete, you can restart postfix and mail generated locally should be relayed through your Gmail account.

Test using a command-line tool and troubleshoot by checking for errors either in /var/log/mail.log or journalctl -r -u postfix

Page created on Sun 25 Apr 2021 by Andy Ferguson