Skip navigation

Firstly you need postfix compiled with SASL and ssl support.

Enter this command into your shell.


ldd /usr/lib/postfix/smtp

Here is the output:

linux-gate.so.1 => (0xffffe000)
libpostfix-master.so.1 => /usr/lib/libpostfix-master.so.1 (0xb7f43000)
libpostfix-tls.so.1 => /usr/lib/libpostfix-tls.so.1 (0xb7f38000)
libpostfix-dns.so.1 => /usr/lib/libpostfix-dns.so.1 (0xb7f33000)
libpostfix-global.so.1 => /usr/lib/libpostfix-global.so.1 (0xb7f0c000)
libpostfix-util.so.1 => /usr/lib/libpostfix-util.so.1 (0xb7ee6000)
libssl.so.0.9.8 => /usr/lib/i686/cmov/libssl.so.0.9.8 (0xb7ea9000)
libcrypto.so.0.9.8 => /usr/lib/i686/cmov/libcrypto.so.0.9.8 (0xb7d7b000) libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0xb7d67000)
libdb-4.3.so => /usr/lib/libdb-4.3.so (0xb7c8a000)
libnsl.so.1 => /lib/tls/i686/cmov/libnsl.so.1 (0xb7c75000)
libresolv.so.2 => /lib/tls/i686/cmov/libresolv.so.2 (0xb7c62000)
libc.so.6 => /lib/tls/i686/cmov/libc.so.6 (0xb7b33000)
libdl.so.2 => /lib/tls/i686/cmov/libdl.so.2 (0xb7b30000)
libz.so.1 => /usr/lib/libz.so.1 (0xb7b1b000)
/lib/ld-linux.so.2 (0xb7f59000)


If you dont see libssl and libsasl, this wont work, and you’ll need to recompile with support.

Generate a CSR for this server


openssl genrsa -out itchy.key 1024
openssl req -new -key itchy.key -out itchy.csr
openssl ca -out itchy.pem -infiles itchy.csr

Now include these main.cf modifications:

relayhost = [smtp.gmail.com]:587

#auth
smtp_sasl_auth_enable=yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd

#tls
smtp_use_tls = yes
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
smtp_tls_note_starttls_offer = yes
tls_random_source = dev:/dev/urandom
smtp_tls_scert_verifydepth = 5
smtp_tls_key_file=/etc/postfix/certs/itchy.key
smtp_tls_cert_file=/etc/postfix/certs/itchy.pem
smtpd_tls_ask_ccert = yes
smtpd_tls_req_ccert =no
smtp_tls_enforce_peername = no

Create /etc/postfix/sasl_passwd file

This is the format of the sasl_passwd file.

Copy this text and edit with your account details then highlight and copy.

gmail-smtp.l.google.com user@gmail.com:password
smtp.gmail.com user@gmail.com:password

Enter these commands line by line and press enter after each line.


vim /etc/postfix/sasl_passwd
a
ctr + shift + v
esc
!wq
postmap /etc/postfix/sasl_passwd
/etc/init.d/postfix reload

That should work. Thanks to IMamba for original.

About these ads

26 Comments

  1. good tutorial, thank you.
    you might want to fix this line though:
    smtp_tks_note_starttls_offer = yes
    it should read
    smtp_tls_note_starttls_offer = yes
    instead (the typo is already there upstream)

    cheers

  2. Finally some useful information. I’ve been searching for 2 months. Tried countless other tutorials. This one finally did the trick.

    Thank You…

  3. Hi there,

    does somebody know, what to write into sasl_passwd if my password contains a SPACE?

    Thanks:

    Andrzej

  4. On my Ubuntu box, this command failed

    openssl ca -out itchy.pem -infiles itchy.csr

    because openssl is unable to find the CA private key. I think I need to create a CA first.

  5. Thanks for a well written and very helpful tutorial.

    Works well from most places but I think my workplace proxy is blocking access to googlmail on port 587.

    Has anyone found a proxy tunnel solution?

  6. i was tried to create a certificate for gmail account but it were shown error ..so could go throught error please send reply
    i have mention my email id please scrap me…
    #openssl ca -out itchy.pem -infiles itchy.csr
    Using configuration from /usr/share/ssl/openssl.cnf
    Error opening CA private key ./demoCA/private/cakey.pem
    22719:error:02001002:system library:fopen:No such file or directory:bss_file.c:356:fopen(‘./demoCA/private/cakey.pem’,’r’)
    22719:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:358:
    unable to load CA private key

  7. On my Debian machine the command:

    openssl ca -out itchy.pem -infiles itchy.csr

    failed also. Since I’m thinking the same as a previous post (create CA) and I’m new to ssl and stuff, could someone indicate me how to do this?

    Thanks in advance,

    Eric

  8. To address the problem raised by Sureshkumar, on a CentOS 5.1 system I did the following >

    yum -y install openssl-perl

    Run >
    /etc/pki/tls/misc/CA.pl -newca

    That will create the cakey.pem file in /etc/pki/CA/private

    Then edit the file /etc/pki/tls/openssl.cnf and set

    dir = /etc/pki/CA

  9. You should be able to create a new CA with the scripts included in openssl:

    $ /usr/local/ssl/misc/CA.pl -newca

    Give it the appropriate name and enter appropriate info when prompted.

  10. Tried it with Ubuntu 9.04. Works fine!

  11. It Works for me ! ( ubuntu 8.04 )
    But for generate the CA : the file ca.pl was in /usr/lib/ssl/misc/

    Thanks for this tuto :)

  12. Been working on this all day. This tutorial got me there! Whoot! Thank you!

  13. This worked really well for me. Took a bit though since Arch Linux’s CA.pl has a hardcoded CA prefix of /etc/ssl. My openssl config was looking for root CA’s in ./demoCA/. Perhaps Arch package managers will fix that at some point. Until then, I just changed the CA.pl file to use ./demoCA as the prefix when creating all the required dirs for the root CA.

    Thanks for this great walk through :)

  14. Followed instructions but got a
    530 5.7.0 Must issue a STARTTLS command first.

    I checked for the tks typo but looks like it was fixed on the faq, so I dunno postfix.cf well enough to know what might have gone wrong

  15. Where do i find postfix? I can not figure this out at all and am growing desperate.. days into trying to get mailpress to work.

    Anyone?

    Please?

  16. Thanks man. Great tutorial ;-)
    It work’s! Yeah!

  17. I keep getting the following error in my mail.log

    “smtp.gmail.com[74.125.93.109] said: 530-5.5.1 Authentication Required”

    Any help with this?

  18. I have a question, what is all the fuss about setting up a SMTP server that at the other end uses google’s SMTP to send mails?

    why not use google’s SMTP service directly, without using postfix?

    Alex

  19. for me (Centos) i had to make “ldd /usr/libexec/postfix/smtp” instead of “ldd /usr/lib/postfix/smtp” to work

  20. Thank you. Great tutorial. Worked within minutes. I just added in main.cf

    smtp_tls_CApath = /etc/ssl/certs

    In mail.log I still see a minor: Nov 12 14:27:27 voice postfix/smtp[5081]: certificate verification failed for smtp.gmail.com[209.85.227.109]:587: untrusted issuer /C=US/O=Equifax/OU=Equifax Secure Certificate Authority

  21. Thank you. Great tutorial.

  22. I just got this working on my Ubuntu 10.10 box with Postfix 2.7.1. This is all I have in the /etc/postfix/main.cf file.

    relayhost = [smtp.gmail.com]:587
    smtp_use_tls = yes
    smtp_sasl_auth_enable = yes
    smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
    smtp_sasl_security_options = noanonymous
    smtp_tls_loglevel = 1
    smtp_tls_per_site = hash:/etc/postfix/tls_per_site
    smtp_tls_CAfile = /etc/ssl/certs/Equifax_Secure_CA.pem
    smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_tls_session_cache

    % cat sasl_passwd
    [smtp.gmail.com]:587 user@gmail.com:pass

    % cat tls_per_site
    smtp.gmail.com MUST

  23. Thaks for everything !!

  24. I got this working on Ubuntu 10.10 Cheers

  25. Great article, thanks – still very useful today, despite being a few years old! :)

    I found that simply relaying from a server containing a postfix install via google can work without having to create the SSL certs at all. I created the /etc/postfix/sasl_passwd file and added this to /etc/postfix/main.cf instead: –

    relayhost = [smtp.gmail.com]:587

    #auth
    smtp_sasl_auth_enable=yes
    smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd

    #tls
    smtp_use_tls = yes
    smtp_sasl_security_options = noanonymous
    smtp_sasl_tls_security_options = noanonymous
    smtp_tls_note_starttls_offer = yes
    tls_random_source = dev:/dev/urandom
    smtp_tls_enforce_peername = no

    Very easy as creating the cert was the fiddly bit – and one that I wished to automate, as I’m adding a profile for an Amazon EC2 instances which will do this automatically when you start up a new instance (it is a pain to relay email from Amazon EC2 as it is generally not trusted).

    Once written the profile will be here: http://www.practicalclouds.com/content/guide/gmailrelay (I’ll be sure to link back here)

    Many thanks

    Dave


7 Trackbacks/Pingbacks

  1. [...] sending you can either use smtp relay with a service like gmail or google [...]

  2. By hotzeplotz · gmail smtp relay on 06 May 2008 at 4:37 am

    [...] finally sending my email through gmail’s smtp service from my roaming laptop – i found a simple ready-made configuration and just used it. (there is a typo in the configuration on that blog – i left a comment to the [...]

  3. [...] Getting Postfix to work on Ubuntu with Gmail, Gmail on Home Linux Box using Postfix and Fetchmail, Postfix Gmail SMTP Relay and finally Postfix TLS [...]

  4. [...] original directions for this came from here. I’ve only modified them for a clean build of a Fedora based server or box. They should work [...]

  5. [...] Here's another good tutorial on setting up a Gmail relay using Postfix. And here's another excellent tutorial. Then run the test again until you achieve [...]

  6. By Lokalt backupscript for Ubuntu | Techsiden on 31 May 2011 at 6:41 pm

    [...] Alt jeg har gjort er å sette opp at scriptet sender en mail til ønsket mailadresse når scriptet er ferdig med å kjøre. For at dette skal fungere må pakken mutt være installert. (aptitude install mutt) og at serveren din kan sende mail. Jeg velger å sende via Google (Gmail) sine SMTP servere. Her er en guide for å få til dette: http://bookmarks.honewatson.com/2008/04/20/postfix-gmail-smtp-relay/ [...]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: