I will try to explain the process from the installation of Postfix to configuring it to use the Gmail server to send emails. Keep in mind that the installation process might not work from the first time depending from your OS and the dependencies in place.
Postfix is a very popular open source Mail Transfer Agent (MTA) that can be used to route and deliver email on a Linux system. A lot of people will find it more easily to use Google Apps and Gmail in order to send their emails and you can configure Postfix to send email Gmail and Google Apps.
You need to install Postfix as well as the libsasl2 which is a package that helps to manage the Simple Authentication and Security Later - SASL
Install the Software
The installation process might be different if you’re using different version of Ubuntu but in theory you should be able to install it using ap-get or from source as well.
sudo apt-get install postfix
and also install the libsasl2 package
sudo apt-get install libsasl2-modules
You will be asked what type of mail configuration you want to have for your server. For our purposes, we’re going to choose “Internet Site” because the description is the best match for our server.
Next, you will be asked for the Fully Qualified Domain Name (FQDN) for your server. This is your full domain name (like example.com). Technically, a FQDN is required to end with a dot, but Postfix does not need this. So we can just enter it like:
The software will now be configured using the settings you provided. This takes care of the installation, but we still have to configure other items that we were not prompted for during installation.
Once Postfix is installed we will need to tweak the configuration and made some changes to the default settings. One of those will be to update the FQDN in the main config file
You need to open the config -
/etc/postfix/main.cf with your favorite text editor (vi, vim, nano) and make the following changes:
myhostname = example.com
It is important to mention that if the Two-factor Authentication is enabled Gmail will refuse the connections from Postfix if you don’t configure a second authentication.
You will need to access your Google account in order to complete this.
First you’ll need to login to your email and access this link:** https://myaccount.google.com/security and click the 2-Step Verification. You need to make sure it says On/Enabled
You’ll then need to generate an App password for the Postfix server using this link: https://security.google.com/settings/security/apppasswords
Note: If 2-FA is not enabled you will see the following message “The setting you are looking for is not available for your account.” in this way you can be sure that 2-FA has not been enabled.
You’ll need to click on the Select app and then choose Other (custom name) from the dropdown menu. Enter “Postfix” and click Generate.
A password will be generated which you need to save so you can use later on.
The next step will be to add your Gmail username and the password in the Postfix server.
You will need to open the
sasl_passwd file (the file may not be existing so you can create it by just using nano, vi or vim)
You then need to enter the following line:
Note: Gmail supports sending emails through both Ports 465 and 587 so you need to choose the portocol of your choice. Make sure it’s the same in both the
/etc/postfix/sasl/sasl_passwd file and the
You’ll need to replace the firstname.lastname@example.org:password with your actual username and the password.
Once this is done we will hash the db file for the Postfix so everything can be secure:
sudo postmap /etc/postfix/sasl/sasl_passwd
In order to check that everything is okay you can see if you have the following file
sasl_passwd.db in the
The next step will be to secure the files we’ve just created by changing their ownership and file permissions:
sudo chown root:root /etc/postfix/sasl/sasl_passwd /etc/postfix/sasl/sasl_passwd.db
sudo chmod 0600 /etc/postfix/sasl/sasl_passwd /etc/postfix/sasl/sasl_passwd.db
Now we just need to configure Postfix to use the Gmail SMTP server and we’re good to go!
Open the postfix config file with a text edit and locate the relayhost line:
relayhost = [smtp.gmail.com]:587
Note: Make sure that you use the correct port
Then you can go to the bottom of the file and add the following snippet:
# Enable SASL authentication
smtp_sasl_auth_enable = yes
# Disallow methods that allow anonymous authentication
smtp_sasl_security_options = noanonymous
# Location of sasl_passwd
smtp_sasl_password_maps = hash:/etc/postfix/sasl/sasl_passwd
# Enable STARTTLS encryption
smtp_tls_security_level = encrypt
# Location of CA certificates
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
You can then save your changes and restart the Postfix service:
sudo systemctl restart postfix
service postfix restart
You can test that everything is working okay and if you’re unable to send emails you might want to check if the Less secure apps access in Gmail is turned on. You can check that using this link: https://www.google.com/settings/security/lesssecureapps
You should now be able to send your emails using Gmail’s SMTP server. It is recomended to monitor the mail activity of your server in order to make sure that everything is secure!
Hope this helps!