Relaying Postfix SMTP via smtp.gmail.com

By Christer Edwards | 2008/11/11
50 Comments

If you've enjoyed this blog, please consider picking up a copy of my Ubuntu book, Instant Ubuntu. Thanks for visiting!

I’ve got a few servers in different places around the country and try to monitor them using the logwatch utility.  One problem that I’ve run into however is that a few of these servers are not able to send their logwatch emails to me, based on email restrictions by the ISPs.  I spent some time this afternoon researching what was required to have my servers authenticate to my gmail account and send me the mail that way.  This setup assumes Ubuntu 8.04 (or later) and Postfix.

Install the required packages

sudo aptitude install postfix libsasl2 ca-certificates libsasl2-modules

Configure Postfix

This tutorial will not outline how to configure your postfix server, but we’ll jump directly to the relayhost section.  You’ll want to add the following lines to your /etc/postfix/main.cf file:

relayhost = [smtp.gmail.com]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_CAfile = /etc/postfix/cacert.pem
smtp_use_tls = yes

The above lines are telling Postfix that you want to relay mail through gmail on a specific port, telling it to authenticate, and where to find the username and password.  The last three lines specify the authentication types supported, where the certificate authority file is and that it should use tls.

Define Username and Password

Next we’ll need to populate the sasl_passwd file.  Create the file /etc/postfix/sasl_passwd with the following contents:

[smtp.gmail.com]:587    [email protected]:password

This file should have restrictive permissions and then needs to be translated into a .db that Postfix will read.

sudo chmod 400 /etc/postfix/sasl_passwd
sudo postmap /etc/postfix/sasl_passwd

At this point you can restart Postfix and it should work, however it will complain about not being able to authenticate the certificate.  To take care of this issue we’ll use the ca-certificate package we installed and tell it where it can validate the certificate.

cat /etc/ssl/certs/Thawte_Premium_Server_CA.pem | sudo tee -a /etc/postfix/cacert.pem

Go ahead and reload postfix (sudo /etc/init.d/postfix reload) and you should be set.

Category: EMail Tags: gmail, postfix, relayhost, smtp.gmail.com

50 thoughts on “Relaying Postfix SMTP via smtp.gmail.com

  1. spacer lonnieolson.com/blog/

    I think you should mention that this setup is only good for a postfix server that will be serving only a single user. Gmail will save every outgoing message this way in the Sent Mail “folder” belonging to the user authenticated against in the sasl_passwd file.

    This is usually not desired by a multiuser mail relay. However, it could be a good method to archive all outgoing email in a small organization.

    Reply
  2. spacer Jay Curry

    Thank you. I’ve been looking for a solution like this for some time now.

    Reply
  3. spacer jkl

    Thanks. This post was very useful!

    Reply
  4. spacer Hobbsee

    Things like msmtp and ssmtp are much lighter tools (either of them), and can be used to do the same things. Perhaps look into those?

    I’m using msmtp to go through the fastmail smtp servers (where I have an account), with no problems.

    Reply
  5. spacer jadesro

    I tried using these instructions yesterday on a newly installed ubuntu server 8.10 but got tripped up by the very first command: “sudo aptitude install postfix libsasl2 ca-certificate” reported that libasal2 was no longer available (it suggested libasal2-2) and that there was no such thing as ca-certificate. Just me?

    Reply
  6. spacer me.yahoo.com/a/krevSKMg2

    At least on debian testing I had to do:

    sudo apt-get install ca-certificates

    As for libsasl2, I use:

    $ apt-cache policy libsasl2
    libsasl2:
    Installed: 2.1.22.dfsg1-8
    Candidate: 2.1.22.dfsg1-8
    Version table:
    *** 2.1.22.dfsg1-8 0
    500 ftp.fr.debian.org stable/main Packages
    100 /var/lib/dpkg/status

    Reply
  7. spacer kralph

    On Ubuntu 8.10 the package names have changed, as jadesro notes above. ca-certificates and libsasl2-2 are now the correct packages.

    Reply
  8. spacer santosh

    i need smtp sever address for mailsoftwere
    plz help how to use &enable my smtp server
    mail me

    Reply
  9. spacer donal whooley

    You are a genius. I’ve been struggling for 3 days to get sendmail or postfix to use SMTP but because I’m behind a residential dynamic IP address all emails get rejected with

    The IP you’re using to send mail is not authorized 550-5.7.1 to send email directly to our servers.

    Followed instructions exactly and it worked, except I already had sasl2 and ca.cerficiate installed. (Ubuntu 8.10 and postfix)

    Reply
  10. spacer go2null

    Please fix ca-certificate to ca-certificates

    Reply
  11. spacer Sureshkumar

    how can add 100 multiple users in the /etc/postfix/sasl_passwd…what is syntax
    already i was tried these syntax
    [smtp.gmail.com]:587 [email protected]:user1
    [smtp.gmail.com]:587 [email protected]:user2
    [smtp.gmail.com]:587 [email protected]:user3

    [smtp.gmail.com]:587 [email protected]:usern

    but it’s not working ………am waiting for your reply or if you please scrap my email id :[email protected]

    Reply
  12. spacer jack wooldridge

    I am a new computer user at 70 yrs old.My outgoing failed, because my “smtp” failed.
    What to do thank, JACK W.

    Reply
  13. spacer Alexe Russkin

    Thanks! Thanks! Thanks! Thanks! Thanks! Thanks! spacer

    In Mandriva 2009 have no ca-certificate.
    We must to install rootcerts:

    # urpmi rootcerts

    And add them:

    # cat /etc/pki/tls/cert.pem | tee -a /etc/postfix/cacert.pem

    Reply
  14. spacer Joe Lencioni

    I have followed your instructions, and I can’t seem to quite get things to work. I am running Ubuntu 8.10 and whenever I send an email to my email address, I get an “Undelivered Mail Returned to Sender” error email with the following error: “relay access denied (in reply to RCPT TO command)” or “Relay access denied (state 14).”

    In mail.log I see errors like this one:

    NOQUEUE: reject: RCPT from mail.domain.com[###.###.###.###]: 554 5.7.1 : Relay access denied; from= to= proto=ESMTP helo=

    Any thoughts on what I’m doing incorrectly?

    Reply
  15. spacer papukaija

    Nearly the whole article is a apt-link to libsasl.

    Reply
  16. spacer John Kerr

    Worked like a charm

    Thanks!!!

    John

    Reply
  17. spacer rupert

    Please use:
    $ sudo aptitude install postfix libsasl2-2 ca-certificates libsasl2-modules
    on Ubuntu.

    Reply
  18. spacer ubestos

    thank you for this how to! It worked excellent with little changes on Ubuntu 9.10 but the Idea is right.

    Reply
  19. spacer Anoop

    Hi,

    I would like to have a scenario where local mails (or as specified in /etc/postfix/transport file) are delivered within server and rest are delivered through relayhost. If I use transport file, “relayhost = ” is left to empty.

    So, how can I use above information togther with transport feature in order to route certain emails locally as defined in transport file and rest using relayhost with ssl authorization (gmail account).
    thanks,

    Reply
  20. spacer eric g

    i’ve tried many diffrent tutorials, this one worked like a charm!

    many thanks!

    Reply
  21. spacer Florian Löffler

    This worked great on my Ubuntu 10.04 installation. Now I can finally sent SMART and mdadm mails from my home server.
    Thx for the great writeup!

    Reply
  22. spacer John

    Gmail now uses certificate from Equifax

    Use this instead of the Thawte certs

    cat /etc/ssl/certs/Equifax_Secure_CA.pem >> /etc/postfix/cacert.pem

    Reply
  23. spacer papukaija

    Thanks John for the info about Gmail’s new certificate.

    Reply
  24. spacer Alex

    Thanks for an excellent tutorial – it worked exactly as described on my Ubuntu 10.04 installation

    Reply
  25. spacer techo

    Thanks!!! Works perfectly!

    Reply
  26. spacer trooper

    Thank you! Worked on my Ubuntu 10.10 server installation. How to change the “From” in the notifications? Email shows root as the sender.

    Thanks.

    @ techo

    Reply
  27. spacer sergey

    Hi guys

    I see a lot of people succeeded … but apparently I’m unlu