Using Gmail with Postfix as an SMTP relay

Many times in the past I’ve configured Linux server (in this case, specifically Ubuntu LTS Servers ) where I need to recieve automated emails such as CRON logs etc. to an external email account but don’t want or need the hassle of configuring a fully blown SMTP server with SPF records, DKIM signing etc. etc. so in this very quick tutorial I’ll demonstrate how you can use a standard Google Mail (GMail) account to relay all server emails through, this will ensure that emails are safely delivered without being picked up as SPAM etc. by many third-party mail server providers.

Beware however that ALL emails sent from the server regardless of setting any ‘from address’ or ‘from name’ will appear to come from your actual GMail address and name (Google forces this!) so I’d recommend using this for servers where you are the sole recipient of any emails such as automated administration emails, if you intend to send emails from a web application server to many public users I’d recommend either setting up a Postfix to send direct (and therefore ensuring that all DNS entries are configured correctly) or use a dedicated SMTP relay service like SendGrid or DNSExit’s Mail Relay Outbound Service.

Anyway, lets get a move on…

So technically we will be installing and configuring Postfix as a ‘smarthost’, so first of all lets install Postfix on the server like so:-

apt-get install postfix

Next, the deb-installer will prompt you for your desired Postfix configuration settings, these are the settings that you should use:-

  • Type of mail server: Satellite System
  • Mail name: example.org (the name you want for your outbound mail)
  • SMTP relay host: smtp.gmail.com
  • Postmaster: (You can leave this blank if you wish, this server will not be configured to receive emails)
  • Other destinations: (I’ve left this blank!)
  • Synchronous Queues: (Your choice, I left this as default, this won’t affect the relaying of emails)
  • Network blocks to allow relay: (Leave as default unless you want to allow all machines in your LAN etc to relay through this relay server, make sure you know what you are doing here though!)
  • Mailbox size: (Your choice, this is for incoming email only and therefore is not really important, I just left it as default!)
  • Local address: (I left it as default ‘+’)
  • Listen address: (Again, this is your choice, the default will do if you don’t want to segregate your network cards and access from other internal sub-domains, I therefore just left this as default also!)

Fantastic, we are now nearly there! We now just need to make some changes tho the main Postfix configuration file located in /etc/postfix/main.cf and add some extra configuration options to enable TLS and the Gmail account password required to send emails via. Gmail.

So now, edit the file using Vi or Nano for example, like so:-

nano /etc/postfix/main.cf

…and now add the following lines to the bottom of this file:-

smtp_use_tls=yes
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous

Now we create the username/password authentication file, using Vi or Nano, create a new file here: /etc/postfix/sasl_passwd, the contents should be as follows:-

smtp.gmail.com some.user@gmail.com:PASSWORD

You obviously need to replace the above example with your own email address and ‘PASSWORD’ should be replaced with your current Gmail password.

For best practice it is advisable that you change the ownership of the credentials files that you’ve just created and set restrictive permissions so that others with access to the server can not view the Gmail account credentials, lets do this now like so:

chmod 640 /etc/postfix/sasl_passwd*
chown postfix:postfix /etc/postfix/sasl_passwd*

Now we need to rebuild the hash, execute the following command:-

postmap /etc/postfix/sasl_passwd

Now finally, for the changes to take effect lets now restart Postfix so that emails can start being relayed:-

service postfix restart

That is it! – Emails should now route through your Gmail account when the server attempts to send external emails!

As a side note, by default CRON jobs will attempt to email the local users mailbox, you can therefore forward local emails for users to an external email address using Aliases, see one of my other posts on how to configure this.

You can also add a ‘MAILADDR=your_external_mail_address@example.com’ setting to the top of any CRON file to force automated CRON output emails to send directly to an external acccount instead of the local account of whom the CRON job is executed under. For more infomation about MAILADDR setting, see this post over at *NIXCraft.

 

FacebookTwitterGoogle+Share