Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Configure postfix as relay for OS X

Configure postfix as relay for macOS Sierra – Mojave

1. Edit postfix configuration file

  1. sudo vi /etc/postfix/main.cf
  2. Ensure that the following values are set:
    mail_owner = _postfix
    setgid_group = _postdrop
    
  3. Add the following lines at the end of the file:
    # Postfix as relay
    #
    #Gmail SMTP
    relayhost=smtp.gmail.com:587
    #Hotmail SMTP
    #relayhost=smtp.live.com:587
    #Yahoo SMTP
    #relayhost=smtp.mail.yahoo.com:465
    # Enable SASL authentication in the Postfix SMTP client.
    smtp_sasl_auth_enable=yes
    smtp_sasl_password_maps=hash:/etc/postfix/sasl_passwd
    smtp_sasl_security_options=noanonymous
    smtp_sasl_mechanism_filter=plain
    # Enable Transport Layer Security (TLS), i.e. SSL.
    smtp_use_tls=yes
    smtp_tls_security_level=encrypt
    tls_random_source=dev:/dev/urandom
    

2. Create sasl_passwd file

  1. sudo sh -c 'echo "\nsmtp.gmail.com:587 your_email@gmail.com:your_password" >> /etc/postfix/sasl_passwd' Replace your_email@gmail.com and your_password with actual values.
  2. sudo postmap /etc/postfix/sasl_passwd

3. Autorun postfix on boot and restart postfix

  1. Copy the postfix master plist out of System folder.

    sudo cp /System/Library/LaunchDaemons/com.apple.postfix.master.plist /Library/LaunchDaemons/org.postfix.custom.plist
    
  2. sudo vi /Library/LaunchDaemons/org.postfix.custom.plist

  3. Change the label value from com.apple.postfix.master to org.postfix.custom

    Remove these lines to prevent exiting after 60s

      <string>-e</string>
      <string>60</string>
    

    Add these lines before </dict>

      <key>KeepAlive</key>
      <true/>
      <key>RunAtLoad</key>
      <true/>
    
  4. Relaunch the daemon.

    sudo launchctl unload /Library/LaunchDaemons/org.postfix.custom.plist
    sudo launchctl load /Library/LaunchDaemons/org.postfix.custom.plist
    
  5. Check that daemon has started.

    sudo launchctl list | grep org.postfix
    

4. Turn on less secure apps for gmail

In Gmail we must switch on the option "Access for less secure apps", otherwise we will get the error: SASL authentication failed

5. Test

  1. echo "Test sending email from Postfix" | mail -s "Test Postfix" youremail@domain.com

    Change youremail@domain.com with valid email with mailbox access for easy checking.

  2. Check mail queue and possible delivery errors with mailq.

  3. Check mail log with tail -f /var/log/mail.log.

@zeddan9
Copy link

zeddan9 commented Feb 5, 2020

I thought I encountered the same problems as @sonjh1217. There was no mail.log file in the desired folder. And not surprisingly, the test emails were not sent successfully.
image
image
However, the postfix daemon seemed to work properly

image

@loziju
Copy link
Author

loziju commented Feb 6, 2020

The original guide still works with Mojave without additional changes suggested by the comments.

https://gist.github.com/loziju/66d3f024e102704ff5222e54a4bfd50e#gistcomment-3076198 --> not required as launchctl is used.

@loziju
Copy link
Author

loziju commented Feb 6, 2020

@zeddan9 can you try running mailq? Is it empty?
If empty, your first picture seems to tell that the recipient email address does not exist.

@zeddan9
Copy link

zeddan9 commented Feb 6, 2020

@loziju Currently I can get it to work with gmail. But for office365, when typing command mailq, it displayed an error message

(SASL authentication failed: server smtp.office365.com[52.96.88.178] offered no compatible authentication mechanisms for this type of connection security)

I tried another source guide but it still failed.

@loziju
Copy link
Author

loziju commented Feb 6, 2020

@loziju
Copy link
Author

loziju commented Feb 22, 2020

The original guide still works with Mojave without additional changes suggested by the comments.

https://gist.github.com/loziju/66d3f024e102704ff5222e54a4bfd50e#gistcomment-3076198 --> not required as launchctl is used.

Sorry I stand corrected, @Mellbourn is right, the following is required. Have updated the guide.

<key>RunAtLoad</key>
<true/>

@betabot7
Copy link

betabot7 commented Apr 1, 2020

This guide worked for me on OS X Catalina.

One note, I created a new gmail account in my google domain. I had to log into that account, accept terms of service, and then enable less secure apps for this to work.

Also, even after successful receipt of test emails, /var/log/mail.log does not exist. not sure where those logs are going...

@maximilianschmid
Copy link

maximilianschmid commented Apr 13, 2020

Thx. works like a charm on MacOS Catalina.

@baandab
Copy link

baandab commented Aug 8, 2020

To see the last five minutes of the logs, use this:

log show --predicate '(process == "smtpd") || (process == "smtp") || (process == "master")' -info --last "5m"

@jec13
Copy link

jec13 commented Aug 10, 2020

Works perfectly on MacOS High Sierra 10.13.6 exactly as written. What great help. Thank you very much for posting.

@meerapatelmd
Copy link

meerapatelmd commented Aug 17, 2020

Didn't work for me! Getting a whitespace error

@baandab
Copy link

baandab commented Aug 18, 2020

Odd duck -- maybe try this (this will stream future events, so run this command in one terminal session, and then kick off a backup in another (e.g. tmutil startbackup)

sudo log stream --predicate '(com.apple.TimeMachine)' --info

@meerapatelmd
Copy link

meerapatelmd commented Aug 18, 2020

@baandab
Copy link

baandab commented Aug 18, 2020

Oh, try this:

sudo log stream --predicate 'subsystem=="com.apple.TimeMachine"' --info

@iamtodor
Copy link

iamtodor commented Aug 26, 2020

It fails with sending:

two things:

  • connect to smtp.gmail.com[2a00:1450:4010:c05::6d]:587: No route to host and then it changes to SASL authentication failed; server smtp.gmail.com[64.233.162.108] said: 534-5.7.9 Application-specific password required. Learn more at?534 5.7.9 https://support.google.com/mail/?p=InvalidSecondFactor g19sm418196ljk.125 - gsmtp, however, I setup Allow less secure apps: ON
  • tail -f /var/log/mail.log >>> tail: /var/log/mail.log: No such file or directory

Does someone face and solve it?

@dfkotz
Copy link

dfkotz commented Aug 28, 2020

Thank you, this was very helpful. It worked for me on Catalina for sending mail via iCloud (because I have/want no gmail).

Some recommendations to update the documentation:

  • Change the title of this page to include Catalina, because the sequence still seems workable on Catalina.
  • In step 2, tell readers to be careful if their password includes whitespace or special characters. They will need to rewrite the command or (better) edit the file. Indeed, I recommend you change the instructions; instead of telling them to replace the email address and password on the commandline, run that command as-is and then sudo vi /etc/postfix/sasl_passwd to edit the file after it is created. This approach also avoids dropping your cleartext password into your bash history, which is poor practice.
  • In step 5, note that I and other commenters find no file /var/log/mail.log, at least on Catalina; I think one must look in the Console for syslog messages from postfix.
  • add this tip: If you fill your mail queue with failed messages, sudo postsuper -d ALL deferred
  • another tip: the simple use of mail to send a test message may not work; I found it labeled my outbound mail as being 'from' address dfk@Kotzbook2020.local, drawing from the MacOS username and the hostname of my laptop. Such messages appear to leave my machine but are never delivered. I could not find a way to convince mail (or mailx or Mail, which on MacOS are all the same tool) to set the From address, so I used mutt and set the 'from' and 'envelope' in .muttrc as follows:
set use_from
set from="David Kotz <myusername@mac.com>"
set use_envelope_from
set envelope_from_address="David Kotz <myusername@mac.com>"

Recommendations for iCloud users:

In step 1, use the following and comment out Gmail:

# iCloud SMTP
relayhost=smtp.mail.me.com:587

For reference, see helpful information from this Apple support page.
I think I needed to generate an app-specific password here.
I'm not sure this was necessary, but I strongly recommend it because it avoids placing your normal iCloud password, in cleartext, in the /etc/postfix/sasl_passwd file. In the event that password is compromised, or laptop lost, I assume it is possible to revoke that app-specific password from an interface on apple.com.

@dfkotz
Copy link

dfkotz commented Sep 11, 2020

Furthermore, in step 5, note that load/unload are deprecated from launchctl.

I found it sufficient to

sudo launchctl bootstrap system /Library/LaunchDaemons/org.postfix.custom.plist

but if you later need to edit that plist file, you'll need to stop and restart with

sudo launchctl bootout system /Library/LaunchDaemons/org.postfix.custom.plist
sudo launchctl bootstrap system /Library/LaunchDaemons/org.postfix.custom.plist

@loziju
Copy link
Author

loziju commented Sep 12, 2020

Thanks @dfkotz for your valuable feedback! I plan to upgrade to Catalina in few weeks' time and I'll spend some time then to also update the gist to reflect your feedback.

@ddracopo
Copy link

ddracopo commented Oct 3, 2020

In my case after moving to a new Catalina Macbook Pro the same configuration would not work (although the old machine was running Catalina too but it had been upgraded many times since 2017).

/var/mail/mail.log is not written any more in recent versions of MacOS but the following command would shown online the log of what is happening while attempting to send email:

log stream --predicate '(process=="smtpd") || (process == "smtp")' --info

This revealed that in the new machine the generic.db file in /etc/postfix was missing and it had to be generated from the generic file:

postmap /etc/postfix/generic

After this, everything worked.

@Azhrei
Copy link

Azhrei commented Oct 5, 2020

This revealed that in the new machine the generic.db file in /etc/postfix was missing and it had to be generated from the generic file:

postmap /etc/postfix/generic

I have a single account that I use on my Catalina MBP, but I often create "test users" for short-term use. When I send an email using one of these test accounts, I still want the outbound message to appear to originate from my true account. I put the following at the end of the generic file:

@mymac5.local    username@my.domain.com

This tells the postfix server that email originating from any user on the local system (which has mymac5.local as the hostname) should appear to come from username@my.domain.com.

Until I made this change, I was receiving the following error from the SMTP server I am using as my relay:

to=<xxxx@some.domain>, relay=smtp.xxxx.com[74.208.5.2]:587, delay=1.1, delays=0.04/0.05/
0.94/0.08, dsn=5.0.0, status=bounced (host smtp.xxxx.com[74.208.5.2] said: 550-Requested
action not taken: mailbox unavailable 550 invalid DNS MX or A/AAAA resource record (in
reply to MAIL FROM command))

It appears that the relay server was verifying that the "from" address was actually using a valid domain name. This SMTP relay is the company that is currently hosting my web site, so they are likely just checking that a customer is using the server.

Maybe this will help out someone else. 🙂

@FaycalBESS
Copy link

FaycalBESS commented Oct 7, 2021

hi, thanks a lot for this super-tuto
it worked well until the last MacOSX update, the postfix conf file location has changed and i really stuck on this.
Any advice please.

@Azhrei
Copy link

Azhrei commented Oct 7, 2021

hi, thanks a lot for this super-tuto
it worked well until the last MacOSX update, the postfix conf file location has changed and i really stuck on this.
Any advice please.

If the only problem was that the filename changed, it would be simple to just substitute the new filename into the instructions. I'm therefore going to posit that the issue is bigger than that. If you would like to clarify exactly what the issue is (by at least referencing step and substep in the OP), perhaps I could help. I'm using Big Sur currently and haven't had any additional problems (that I know of!).

@wealthychef1
Copy link

wealthychef1 commented Dec 4, 2021

This still works well under Mac OS X Monterey in December 2021!

@Mth0158
Copy link

Mth0158 commented Feb 2, 2022

Still works in February 2022, thank you for the gist @loziju

@mariano-daniel
Copy link

mariano-daniel commented Apr 8, 2022

Thank you, this was very helpful. It worked for me on Catalina for sending mail via iCloud (because I have/want no gmail).

Some recommendations to update the documentation:

  • Change the title of this page to include Catalina, because the sequence still seems workable on Catalina.
  • In step 2, tell readers to be careful if their password includes whitespace or special characters. They will need to rewrite the command or (better) edit the file. Indeed, I recommend you change the instructions; instead of telling them to replace the email address and password on the commandline, run that command as-is and then sudo vi /etc/postfix/sasl_passwd to edit the file after it is created. This approach also avoids dropping your cleartext password into your bash history, which is poor practice.
  • In step 5, note that I and other commenters find no file /var/log/mail.log, at least on Catalina; I think one must look in the Console for syslog messages from postfix.
  • add this tip: If you fill your mail queue with failed messages, sudo postsuper -d ALL deferred
  • another tip: the simple use of mail to send a test message may not work; I found it labeled my outbound mail as being 'from' address dfk@Kotzbook2020.local, drawing from the MacOS username and the hostname of my laptop. Such messages appear to leave my machine but are never delivered. I could not find a way to convince mail (or mailx or Mail, which on MacOS are all the same tool) to set the From address, so I used mutt and set the 'from' and 'envelope' in .muttrc as follows:
set use_from
set from="David Kotz <myusername@mac.com>"
set use_envelope_from
set envelope_from_address="David Kotz <myusername@mac.com>"

Recommendations for iCloud users:

In step 1, use the following and comment out Gmail:

# iCloud SMTP
relayhost=smtp.mail.me.com:587

For reference, see helpful information from this Apple support page. I think I needed to generate an app-specific password here. I'm not sure this was necessary, but I strongly recommend it because it avoids placing your normal iCloud password, in cleartext, in the /etc/postfix/sasl_passwd file. In the event that password is compromised, or laptop lost, I assume it is possible to revoke that app-specific password from an interface on apple.com.

Thank you @dfkotz ! So there is no possible way to achieve this with mail and not having to use mutt? I would like to use Darwin's native mail program. Thanks again!

@dfkotz
Copy link

dfkotz commented Apr 8, 2022

It may be possible to use mail instead of mutt, but I was unable to do so at the time. I've not tried again since 2020. Glad you found my tips helpful!

@dfkotz
Copy link

dfkotz commented Apr 8, 2022

@loziju please consider updating the original gist with the collective wisdom shared in all the comments.

@mariano-daniel
Copy link

mariano-daniel commented Apr 8, 2022

@loziju
Copy link
Author

loziju commented Apr 10, 2022

@dfkotz I'm so sorry I haven't got the time to verify the suggested edits nor update the gist.
May I suggest that you fork it, edit it and let me know when done? Then I can just merge it to the current gist.
I'll also add acknowledgements to all of you who contributed to improving this gist!

@danielthomasdev
Copy link

danielthomasdev commented Jul 26, 2022

Google no longer allows less secure apps, unfortunately.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment