Configure Postfix to Use Gmail SMTP on Ubuntu 18.04

8
11731

In this guide, we are going to learn how to configure Postfix to use Gmail SMTP on Ubuntu 18.04 to relay mails. To ensure reliable mail delivery, Postfix MTA can be configured to relay mails through an external SMTP server such as Gmail SMTP server.

Configure Postfix to Use Gmail SMTP on Ubuntu 18.04

Install Postfix on Ubuntu 18.04

If Postfix is not already installed on your Ubuntu 18.04 server, run the command below to install it.

apt install mailutils

During installation, you will be prompted to provide some information required to configure Postfix. The first prompts asks you to choose the type of configuration that best suits your environment. Select Internet Site to enable Postfix to sent and received mails and press Enter to proceed.

Configure Postfix to Use Gmail SMTP on Ubuntu 18.04

Set the mail name. Mail name specifies the domain part that is used in a mail ID, e.g example.com for an email ID, [email protected].

Configure Postfix to Use Gmail SMTP on Ubuntu 18.04

Press Enter to finalize the installation.

Note that you can always reconfigure Postfix by running the command below;

dpkg-reconfigure postfix

Configure Postfix to Use Gmail SMTP on Ubuntu 18.04

Now that Postfix is installed, proceed to configure it to use Gmail as a mail relay.

Open the Postfix configuration file, /etc/postfix/main.cf and configure is as follows;

vim /etc/postfix/main.cf

Set the Postfix relay server

Find the line, relayhost = and setting its value to Gmail SMTPS such that it looks like

relayhost = [smtp.gmail.com]:587

Next add the following lines to the end of the configuration file.

Enable SMTP Authentication

To enable SMTP server authentication, you need to;

  • Enable Cyrus-SASL support for authentication by setting the value of smtp_sasl_auth_enable to yes.
    smtp_sasl_auth_enable = yes
  • Configure Postfix to use the file with the SASL credentials. This can be done by defining the path to sasl_passwd as follows;
    smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
  • Set the SASL security options to disable options that allows anonymous authentication.
    smtp_sasl_security_options = noanonymous

Enable STRTTLS Encryption

Enforce STARTTLS encryption for outgoing SMTP with Postfix by adding the following line. When a non-empty value is specified, this overrides the obsolete parameters smtp_use_tls, smtp_enforce_tls, and smtp_tls_enforce_peername.

smtp_tls_security_level = encrypt

Define the path to CA certificates. The public root certificates are usually found under /etc/ssl/certs/ca-certificates.crt on Debian/Ubuntu systems.

smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt

These lines should look like this;

...
relayhost = [smtp.gmail.com]:587
...
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_security_level = encrypt
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt

Add Credentials to sasl_passwd

Since Postfix is acting a as mail client, it has to know when to provide a username and password. Therefore, create the sasl_passwd file define above, /etc/postfix/sasl_passwd and set the credentials of the mail relay server as shown below;

vim /etc/postfix/sasl_passwd
[smtp.gmail.com]:587 [email protected]:password

Replace your email ID appropriately.

Secure sasl_passwd

The credentials are set in plaintext. Hence to make it abit secured, change ownership and permission to root and read-write only respectively.

chown root:root /etc/postfix/sasl_passwd
chmod 600 /etc/postfix/sasl_passwd

Create sasl_passwd DB file

Postfix requires that the sasl_passwd file to be a database such that it can be read faster. Use postmap command to convert the file into a database, sasl_passwd.db.

postmap /etc/postfix/sasl_passwd

This will assign the same ownership and permissions to the database file as set for the sasl_passwd file above.

ls -l /etc/postfix/sasl_passwd*
-rw------- 1 root root    51 Jan  6 21:57 /etc/postfix/sasl_passwd
-rw------- 1 root root 12288 Jan  6 22:04 /etc/postfix/sasl_passwd.db

Restart Postfix

sudo systemctl restart postfix

Send a Test Mail

To verify that all is well, send the test mail as shown below;

echo "Test Postfix Gmail Relay" | mail -s "Postfix Gmail Relay" [email protected]

You can tail the logs to check what is happening. If you encounter such an error ...SASL authentication failed; server smtp.gmail.com..., you need to allow less secure apps to access your gmail account. Otherwise, you should be able to receive the test mail.

That is all it takes to configure Postfix to use Gmail SMTP on Ubuntu 18.04. We hope this was informative.

You can also check our previous article on how to configure Postfix as send-only SMTP server on Fedora 29.

8 COMMENTS

  1. Great article. Thanks for this.

    I had problem with following error…

    Aug 13 18:59:27 hostname postfix/smtp[21528]: 827ABBC09CA: SASL authentication failed; cannot authenticate to server smtp.gmail.com[74.125.24.108]: invalid parameter supplied

    It was fixed with placing this next line at the end of my file: /etc/postfix/main.cf
    smtp_sasl_mechanism_filter = plain

    Took me ages to find on Google, hope someone finds it useful.

  2. in my instantiation we don’t need an authentication for sending email as the server installed on the same network. do I sill need to setup username and password?

    Ubuntu 16
    PHP7

  3. Thanks for the clear presentation. However I have this error after sending the test message:

    postfix/smtp[2520363]: connect to gmail-smtp-in.l.google.com[74.125.195.26]:25: Connection timed out

    • Here is the root problem that appeared shortly after posting my message. Can you explain it?

      Our system has detected that 550-5.7.1 this message does not meet IPv6 sending guidelines regarding PTR 550-5.7.1 records and authentication. Please review 550-5.7.1 https://support.google.com/mail/?p=IPv6AuthError

      Here is the message at that support link:

      Fix IPv6 authorization errors
      An IPv6 authorization error could mean the PTR record for the sending server isn’t using IPv6. If you use an email service provider, confirm they’re using an IPv6 PTR record.

    • Hello Stephen, I would attribute the connection time out issue to your network connectivity issues. Please recheck and try restart of Postfix.

LEAVE A REPLY

Please enter your comment!
Please enter your name here