Table of Contents

Postfix

Notes on Postfix configuration and other silly tricks.

Configuring Postfix with Gmail as an SMTP relay

I currently run my external mail on a Google Apps account. As a simple solution to allow me to send mail from several Linux systems, I have configured Postfix to use a specially configured Gmail account as a pseudo mail relay.

To do this you really only need to make a few configuration changes to the default Postfix main.cf file that ships with the Debian package.

# See /usr/share/postfix/main.cf.dist for a commented, more complete version

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
delay_warning_time = 4h
readme_directory = no
myhostname = localhost
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = $myhostname
mydestination = localhost, localhost.localdomain, localhost
relayhost = [smtp.gmail.com]:587
mynetworks = 127.0.0.0/8
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = loopback-only
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl/gmail-passwdmap
smtp_sasl_security_options = noanonymous
smtp_tls_CAfile =  /etc/postfix/gmail-cacerts.pem
smtp_use_tls = yes
smtp_tls_loglevel=1
smtp_tls_security_level=encrypt
compatibility_level=2

Google CA certs

You can retrieve the current Google CA certs from this page: https://support.google.com/a/answer/6180220?hl=en

Store these certs as /etc/postfix/gmail-cacerts.pem.

Gmail app password

You will also need to generate an app password to use with the account in Gmail.

https://support.google.com/accounts/answer/185833?hl=en

You can then configure this username and password in /etc/postfix/sasl/gmail-passwdmap accordingly:

[smtp.gmail.com]:587	my-smtp-relay@example.com:abcdefghijklmnop

Where my-smtp-relay@example.com is the Gmail account you will use and abcdefghijklmnop is your app password. You will also need to use postmap(1) to create the Postfix binary map table for this file when you create or modify this file:

postmap  /etc/postfix/sasl/gmail-passwdmap