Postfix Gmail SMTP Relay

Firstly you need postfix compiled with SASL and ssl support.

Enter this command into your shell.


ldd /usr/lib/postfix/smtp

Here is the output:

linux-gate.so.1 => (0xffffe000)
libpostfix-master.so.1 => /usr/lib/libpostfix-master.so.1 (0xb7f43000)
libpostfix-tls.so.1 => /usr/lib/libpostfix-tls.so.1 (0xb7f38000)
libpostfix-dns.so.1 => /usr/lib/libpostfix-dns.so.1 (0xb7f33000)
libpostfix-global.so.1 => /usr/lib/libpostfix-global.so.1 (0xb7f0c000)
libpostfix-util.so.1 => /usr/lib/libpostfix-util.so.1 (0xb7ee6000)
libssl.so.0.9.8 => /usr/lib/i686/cmov/libssl.so.0.9.8 (0xb7ea9000)
libcrypto.so.0.9.8 => /usr/lib/i686/cmov/libcrypto.so.0.9.8 (0xb7d7b000) libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0xb7d67000)
libdb-4.3.so => /usr/lib/libdb-4.3.so (0xb7c8a000)
libnsl.so.1 => /lib/tls/i686/cmov/libnsl.so.1 (0xb7c75000)
libresolv.so.2 => /lib/tls/i686/cmov/libresolv.so.2 (0xb7c62000)
libc.so.6 => /lib/tls/i686/cmov/libc.so.6 (0xb7b33000)
libdl.so.2 => /lib/tls/i686/cmov/libdl.so.2 (0xb7b30000)
libz.so.1 => /usr/lib/libz.so.1 (0xb7b1b000)
/lib/ld-linux.so.2 (0xb7f59000)


If you dont see libssl and libsasl, this wont work, and you’ll need to recompile with support.

Generate a CSR for this server


openssl genrsa -out itchy.key 1024
openssl req -new -key itchy.key -out itchy.csr
openssl ca -out itchy.pem -infiles itchy.csr

Now include these main.cf modifications:

relayhost = [smtp.gmail.com]:587

#auth
smtp_sasl_auth_enable=yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd

#tls
smtp_use_tls = yes
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
smtp_tls_note_starttls_offer = yes
tls_random_source = dev:/dev/urandom
smtp_tls_scert_verifydepth = 5
smtp_tls_key_file=/etc/postfix/certs/itchy.key
smtp_tls_cert_file=/etc/postfix/certs/itchy.pem
smtpd_tls_ask_ccert = yes
smtpd_tls_req_ccert =no
smtp_tls_enforce_peername = no

Create /etc/postfix/sasl_passwd file

This is the format of the sasl_passwd file.

Copy this text and edit with your account details then highlight and copy.

gmail-smtp.l.google.com user@gmail.com:password
smtp.gmail.com user@gmail.com:password

Enter these commands line by line and press enter after each line.


vim /etc/postfix/sasl_passwd
a
ctr + shift + v
esc
!wq
postmap /etc/postfix/sasl_passwd
/etc/init.d/postfix reload

That should work. Thanks to IMamba for original.

8 Comments

  1. good tutorial, thank you.
    you might want to fix this line though:
    smtp_tks_note_starttls_offer = yes
    it should read
    smtp_tls_note_starttls_offer = yes
    instead (the typo is already there upstream)

    cheers

  2. Finally some useful information. I’ve been searching for 2 months. Tried countless other tutorials. This one finally did the trick.

    Thank You…

  3. Hi there,

    does somebody know, what to write into sasl_passwd if my password contains a SPACE?

    Thanks:

    Andrzej

  4. On my Ubuntu box, this command failed

    openssl ca -out itchy.pem -infiles itchy.csr

    because openssl is unable to find the CA private key. I think I need to create a CA first.

  5. Thanks for a well written and very helpful tutorial.

    Works well from most places but I think my workplace proxy is blocking access to googlmail on port 587.

    Has anyone found a proxy tunnel solution?

  6. i was tried to create a certificate for gmail account but it were shown error ..so could go throught error please send reply
    i have mention my email id please scrap me…
    #openssl ca -out itchy.pem -infiles itchy.csr
    Using configuration from /usr/share/ssl/openssl.cnf
    Error opening CA private key ./demoCA/private/cakey.pem
    22719:error:02001002:system library:fopen:No such file or directory:bss_file.c:356:fopen(’./demoCA/private/cakey.pem’,'r’)
    22719:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:358:
    unable to load CA private key

  7. On my Debian machine the command:

    openssl ca -out itchy.pem -infiles itchy.csr

    failed also. Since I’m thinking the same as a previous post (create CA) and I’m new to ssl and stuff, could someone indicate me how to do this?

    Thanks in advance,

    Eric

  8. To address the problem raised by Sureshkumar, on a CentOS 5.1 system I did the following >

    yum -y install openssl-perl

    Run >
    /etc/pki/tls/misc/CA.pl -newca

    That will create the cakey.pem file in /etc/pki/CA/private

    Then edit the file /etc/pki/tls/openssl.cnf and set

    dir = /etc/pki/CA


4 Trackbacks/Pingbacks

  1. By Set Up Postfix on Ec2 Cheat sheet « Hone Watson Bookmarks on 02 May 2008 at 9:14 am

    [...] sending you can either use smtp relay with a service like gmail or google [...]

  2. By hotzeplotz · gmail smtp relay on 06 May 2008 at 4:37 am

    [...] finally sending my email through gmail’s smtp service from my roaming laptop – i found a simple ready-made configuration and just used it. (there is a typo in the configuration on that blog – i left a comment to the [...]

  4. By Felipe Alfaro Solana » Blog Archive » Have Postfix relay e-mail to GMail on 10 May 2009 at 2:37 pm

    [...] Getting Postfix to work on Ubuntu with Gmail, Gmail on Home Linux Box using Postfix and Fetchmail, Postfix Gmail SMTP Relay and finally Postfix TLS [...]

Post a Comment

*
*