Configure a Postfix Relay through Gmail on Ubuntu

Table of Contents

Introduction

Postfix is a flexible mail server that is available on most Linux distribution. Though a full feature mail server, Postfix can also be used as a simple relay host to another mail server, or smart host. This tutorial will describe how to configure Postfix as a relay through Gmail.

Simple Authentication and Security Layer (SASL) is a standard authentication framework supported by many services including Postfix.

Requirements

  • Ubuntu
  • Valid Gmail or Google App credentials

Install Packages

Make sure Postfix, the SASL authentication framework, and mail are all installed.

apt-get -y update
apt-get -y --no-install-recommends install postfix mailutils libsasl2-2 libsasl2-modules

The Postfix install will prompt for several configuration settings. Use the following values for the corresponding setting:

  • General type of mail configuration: Satellite system
  • System mail name: The preferred fully-qualified name of the mail server, e.g., mail.example.com
  • SMTP relay host (blank for none): smtp.gmail.com

Configure Postfix

Postfix will need to be configured to enable SASL authentication.

Enable SASL

Open the /etc/postfix/main.cf and add the following lines to the end of the file.

smtp_use_tls = yes
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous

Save the main.cf file and close the editor.

Create SASL Credential File

The Gmail credentials must now be added for authentication. Create a /etc/postfix/sasl/sasl_passwd file and add following line:

 smtp.gmail.com username:password

The username and password values must be replaced with valid Gmail credentials. The sasl_passwd file can now be saved and closed.

Generate Postfix Lookup Table

A Postfix lookup table must be generated from the sasl_passwd text file by running the following command.

postmap /etc/postfix/sasl/sasl_passwd

Restrict SASL File Permissions

It is advisable to restrict read and write access to the sasl_passwd files.

chown -R root:postfix /etc/postfix/sasl
chmod 750 /etc/postfix/sasl
chmod 640 /etc/postfix/sasl/sasl_passwd*

Start Postfix

Finally, start the Postfix service.

service postfix start

Test the Postfix Relay

Use the mail command to test the relay.

echo "This is a test." | mail -s "test message" user@example.net

The destination address should receive the test message.

Troubleshoot Delivery Issues

It may be necessary to perform troubleshooting if the test message is not delivered successfully.

Start Rsyslog

Start the Rsyslog service if not already running.

service rsyslog start

Note: Some container environments may not start Rsyslog by default.

Review the Maillog

The maillog can be reviewed if the test message is not successfully delivered. Open another shell and run tail while performing another delivery test.

tail -f /var/log/maillog

Enable Postfix Debugging

If there are not enough details in the maillog to determine the problem, then the debug level can be increased by adding the following lines to the `/etc/postfix/main.cf``.

debug_peer_list=smtp.gmail.com
debug_peer_level=3

The Postfix configuration must be reloaded after updating the main.cf file.

service postfix reload

Remember to remove the debug settings when testing is complete. The verbose logs can have a negative impact on server performance.