Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Configure postfix as relay for OS X

Configure postfix as relay for macOS Sierra – Mojave

1. Edit postfix configuration file

  1. sudo vi /etc/postfix/main.cf
  2. Ensure that the following values are set:
    mail_owner = _postfix
    setgid_group = _postdrop
    
  3. Add the following lines at the end of the file:
    # Postfix as relay
    #
    #Gmail SMTP
    relayhost=smtp.gmail.com:587
    #Hotmail SMTP
    #relayhost=smtp.live.com:587
    #Yahoo SMTP
    #relayhost=smtp.mail.yahoo.com:465
    # Enable SASL authentication in the Postfix SMTP client.
    smtp_sasl_auth_enable=yes
    smtp_sasl_password_maps=hash:/etc/postfix/sasl_passwd
    smtp_sasl_security_options=noanonymous
    smtp_sasl_mechanism_filter=plain
    # Enable Transport Layer Security (TLS), i.e. SSL.
    smtp_use_tls=yes
    smtp_tls_security_level=encrypt
    tls_random_source=dev:/dev/urandom
    

2. Create sasl_passwd file

  1. sudo sh -c 'echo "\nsmtp.gmail.com:587 your_email@gmail.com:your_password" >> /etc/postfix/sasl_passwd' Replace your_email@gmail.com and your_password with actual values.
  2. sudo postmap /etc/postfix/sasl_passwd

3. Autorun postfix on boot and restart postfix

  1. Copy the postfix master plist out of System folder.

    sudo cp /System/Library/LaunchDaemons/com.apple.postfix.master.plist /Library/LaunchDaemons/org.postfix.custom.plist
    
  2. sudo vi /Library/LaunchDaemons/org.postfix.custom.plist

  3. Change the label value from com.apple.postfix.master to org.postfix.custom

    Remove these lines to prevent exiting after 60s

      <string>-e</string>
      <string>60</string>
    

    Add these lines before </dict>

      <key>KeepAlive</key>
      <true/>
      <key>RunAtLoad</key>
      <true/>
    
  4. Relaunch the daemon.

    sudo launchctl unload /Library/LaunchDaemons/org.postfix.custom.plist
    sudo launchctl load /Library/LaunchDaemons/org.postfix.custom.plist
    
  5. Check that daemon has started.

    sudo launchctl list | grep org.postfix
    

4. Turn on less secure apps for gmail

In Gmail we must switch on the option "Access for less secure apps", otherwise we will get the error: SASL authentication failed

5. Test

  1. echo "Test sending email from Postfix" | mail -s "Test Postfix" youremail@domain.com

    Change youremail@domain.com with valid email with mailbox access for easy checking.

  2. Check mail queue and possible delivery errors with mailq.

  3. Check mail log with tail -f /var/log/mail.log.

@rainshen49

This comment has been minimized.

Copy link

@rainshen49 rainshen49 commented May 15, 2018

This works! Great!

@aleromano89

This comment has been minimized.

Copy link

@aleromano89 aleromano89 commented Jun 6, 2018

Thanks, it works, but the part about nameserver inside resolv.conf is missing here.
I solved the issue "Name service error for name=smtp.gmail.com type=MX: Host not found, try again" by adding these line in /etc/resolv.conf:
nameserver 145.253.2.75
nameserver 193.174.32.18

@wealthychef1

This comment has been minimized.

Copy link

@wealthychef1 wealthychef1 commented Feb 11, 2019

This was very helpful.

@Mohammed8960

This comment has been minimized.

Copy link

@Mohammed8960 Mohammed8960 commented Feb 17, 2019

it works!!. Thanks

@LipYoung

This comment has been minimized.

Copy link

@LipYoung LipYoung commented Mar 26, 2019

It is working for me.

@sonjh1217

This comment has been minimized.

Copy link

@sonjh1217 sonjh1217 commented Aug 6, 2019

It doesn't work for me.. I run "sudo launchctl list | grep org.postfix" , and no result. Also there was no log after launchctl load or unload.

MacBook-Pro-3:~ [user]$ sudo launchctl unload /Library/LaunchDaemons/org.postfix.custom.plist
Password:
MacBook-Pro-3:~ [user]$ sudo launchctl load /Library/LaunchDaemons/org.postfix.custom.plist
MacBook-Pro-3:~ [user]$ sudo launchctl list | grep org.postfix
MacBook-Pro-3:~ [user]$ echo "Test sending email from Postfix" | mail -s "Test Postfix" [user]@[domain]
MacBook-Pro-3:~ [user]$ mailq
postqueue: fatal: Queue report unavailable - mail system is down
MacBook-Pro-3:~ [user]$ sudo postfix status
postfix: Postfix is running with backwards-compatible default settings
postfix: See http://www.postfix.org/COMPATIBILITY_README.html for details
postfix: To disable backwards compatibility use "postconf compatibility_level=2" and "postfix reload"
postfix/postfix-script: the Postfix mail system is running: PID: 3582

and email doesn't come.

I wanted to restart postfix but.. it never stop..

MacBook-Pro-3:~ [user]$ sudo postfix stop
postfix: Postfix is running with backwards-compatible default settings
postfix: See http://www.postfix.org/COMPATIBILITY_README.html for details
postfix: To disable backwards compatibility use "postconf compatibility_level=2" and "postfix reload"
postfix/postfix-script: stopping the Postfix mail system
MacBook-Pro-3:~ [user]$ sudo postfix status
postfix: Postfix is running with backwards-compatible default settings
postfix: See http://www.postfix.org/COMPATIBILITY_README.html for details
postfix: To disable backwards compatibility use "postconf compatibility_level=2" and "postfix reload"
/usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: log_level=debug
/usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: mail_events_log_level=debug
postfix/postfix-script: the Postfix mail system is running: PID: 2228
MacBook-Pro-3:~ [user]$ sudo postfix status
postfix: Postfix is running with backwards-compatible default settings
postfix: See http://www.postfix.org/COMPATIBILITY_README.html for details
postfix: To disable backwards compatibility use "postconf compatibility_level=2" and "postfix reload"
/usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: log_level=debug
/usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: mail_events_log_level=debug
postfix/postfix-script: the Postfix mail system is running: PID: 2228
MacBook-Pro-3:~ [user]$ sudo postfix status
postfix: Postfix is running with backwards-compatible default settings
postfix: See http://www.postfix.org/COMPATIBILITY_README.html for details
postfix: To disable backwards compatibility use "postconf compatibility_level=2" and "postfix reload"
/usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: log_level=debug
/usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: mail_events_log_level=debug
postfix/postfix-script: the Postfix mail system is running: PID: 2228
MacBook-Pro-3:~ [user]$ sudo kill -9 2228
MacBook-Pro-3:~ [user]$ sudo postfix status
postfix: Postfix is running with backwards-compatible default settings
postfix: See http://www.postfix.org/COMPATIBILITY_README.html for details
postfix: To disable backwards compatibility use "postconf compatibility_level=2" and "postfix reload"
/usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: log_level=debug
/usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: mail_events_log_level=debug
postfix/postfix-script: the Postfix mail system is running: PID: 2683

And there's no log

MacBook-Pro-3:~ [user]$ tail -f /var/log/mail.log
tail: /var/log/mail.log: No such file or directory

@sonjh1217

This comment has been minimized.

Copy link

@sonjh1217 sonjh1217 commented Aug 7, 2019

It doesn't work for me.. I run "sudo launchctl list | grep org.postfix" , and no result. Also there was no log after launchctl load or unload.

MacBook-Pro-3:~ [user]$ sudo launchctl unload /Library/LaunchDaemons/org.postfix.custom.plist
Password:
MacBook-Pro-3:~ [user]$ sudo launchctl load /Library/LaunchDaemons/org.postfix.custom.plist
MacBook-Pro-3:~ [user]$ sudo launchctl list | grep org.postfix
MacBook-Pro-3:~ [user]$ echo "Test sending email from Postfix" | mail -s "Test Postfix" [user]@[domain]
MacBook-Pro-3:~ [user]$ mailq
postqueue: fatal: Queue report unavailable - mail system is down
MacBook-Pro-3:~ [user]$ sudo postfix status
postfix: Postfix is running with backwards-compatible default settings
postfix: See http://www.postfix.org/COMPATIBILITY_README.html for details
postfix: To disable backwards compatibility use "postconf compatibility_level=2" and "postfix reload"
postfix/postfix-script: the Postfix mail system is running: PID: 3582

and email doesn't come.

I wanted to restart postfix but.. it never stop..

MacBook-Pro-3:~ [user]$ sudo postfix stop
postfix: Postfix is running with backwards-compatible default settings
postfix: See http://www.postfix.org/COMPATIBILITY_README.html for details
postfix: To disable backwards compatibility use "postconf compatibility_level=2" and "postfix reload"
postfix/postfix-script: stopping the Postfix mail system
MacBook-Pro-3:~ [user]$ sudo postfix status
postfix: Postfix is running with backwards-compatible default settings
postfix: See http://www.postfix.org/COMPATIBILITY_README.html for details
postfix: To disable backwards compatibility use "postconf compatibility_level=2" and "postfix reload"
/usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: log_level=debug
/usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: mail_events_log_level=debug
postfix/postfix-script: the Postfix mail system is running: PID: 2228
MacBook-Pro-3:~ [user]$ sudo postfix status
postfix: Postfix is running with backwards-compatible default settings
postfix: See http://www.postfix.org/COMPATIBILITY_README.html for details
postfix: To disable backwards compatibility use "postconf compatibility_level=2" and "postfix reload"
/usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: log_level=debug
/usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: mail_events_log_level=debug
postfix/postfix-script: the Postfix mail system is running: PID: 2228
MacBook-Pro-3:~ [user]$ sudo postfix status
postfix: Postfix is running with backwards-compatible default settings
postfix: See http://www.postfix.org/COMPATIBILITY_README.html for details
postfix: To disable backwards compatibility use "postconf compatibility_level=2" and "postfix reload"
/usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: log_level=debug
/usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: mail_events_log_level=debug
postfix/postfix-script: the Postfix mail system is running: PID: 2228
MacBook-Pro-3:~ [user]$ sudo kill -9 2228
MacBook-Pro-3:~ [user]$ sudo postfix status
postfix: Postfix is running with backwards-compatible default settings
postfix: See http://www.postfix.org/COMPATIBILITY_README.html for details
postfix: To disable backwards compatibility use "postconf compatibility_level=2" and "postfix reload"
/usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: log_level=debug
/usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: mail_events_log_level=debug
postfix/postfix-script: the Postfix mail system is running: PID: 2683

And there's no log

MacBook-Pro-3:~ [user]$ tail -f /var/log/mail.log
tail: /var/log/mail.log: No such file or directory

My files were broken on the day when I got my this new mac book and loaded my data from my old mac book.
MacBook-Pro-3:postfix user$ ls -l
total 472
-rw-r--r-- 1 root wheel 11942 Aug 18 2018 LICENSE
-rw-r--r-- 1 root wheel 1629 Aug 18 2018 TLS_LICENSE
-rw-r--r--@ 1 root wheel 0 Oct 17 2018 access
-rw-r--r-- 1 root wheel 21535 Aug 18 2018 accessorig
-rw-r--r--@ 1 root wheel 0 Oct 17 2018 aliases
-rw-r--r-- 1 root wheel 10086 Aug 18 2018 aliases
orig
-rw-r--r-- 1 root wheel 3547 Aug 18 2018 bounce.cf.default
-rw-r--r--@ 1 root wheel 0 Oct 17 2018 canonical
-rw-r--r-- 1 root wheel 12000 Aug 18 2018 canonicalorig
-rw-r--r-- 1 root wheel 44 Aug 18 2018 custom_header_checks
-rw-r--r-- 1 root wheel 10221 Aug 18 2018 generic
-rw-r--r--@ 1 root wheel 0 Oct 17 2018 header_checks
-rw-r--r-- 1 root wheel 23802 Aug 18 2018 header_checks
orig
-rw-r--r--@ 1 root staff 27732 Aug 7 15:28 main.cf
-rw-r--r-- 1 root wheel 511 Aug 6 17:06 main.cf.bak
-rw-r--r-- 1 root wheel 535 Aug 7 11:52 main.cf.bak2
-rw-r--r-- 1 root wheel 27308 Aug 18 2018 main.cf.orig
-rw-r--r-- 1 root wheel 26862 Aug 18 2018 main.cf.proto
-rw-r--r-- 1 root wheel 27308 Aug 18 2018 main.cforig
-rw-r--r-- 1 root wheel 4760 Aug 18 2018 makedefs.out
-rw-r--r--@ 1 root wheel 0 Oct 17 2018 master.cf
-rw-r--r-- 1 root wheel 7443 Aug 18 2018 master.cf.default
-rw-r--r-- 1 root wheel 6230 Aug 18 2018 master.cf.proto
-rw-r--r-- 1 root wheel 7443 Aug 18 2018 master.cf
orig
-rw-r--r--@ 1 root wheel 0 Oct 17 2018 postfix-files
drwxr-xr-x 2 root wheel 64 Aug 18 2018 postfix-files.d
-rw-r--r-- 1 root wheel 20330 Aug 18 2018 postfix-filesorig
-rw-r--r--@ 1 root wheel 0 Oct 17 2018 relocated
-rw-r--r-- 1 root wheel 6929 Aug 18 2018 relocated
orig
-rw------- 1 root wheel 52 Aug 6 17:06 sasl_passwd
-rw------- 1 root wheel 52 Aug 6 14:51 sasl_passwd.bak
-rw------- 1 root wheel 16384 Aug 7 15:11 sasl_passwd.db
-rw-r--r--@ 1 root wheel 0 Oct 17 2018 transport
-rw-r--r-- 1 root wheel 12666 Aug 18 2018 transportorig
-rw-r--r--@ 1 root wheel 0 Oct 17 2018 virtual
-rw-r--r-- 1 root wheel 12823 Aug 18 2018 virtual
orig

I renamed *~orig files to * and everything works fine.

@Mellbourn

This comment has been minimized.

Copy link

@Mellbourn Mellbourn commented Nov 6, 2019

I definitely had to add this also to org.postfix.custom.plist

<key>RunAtLoad</key>
<true/>
@ooloth

This comment has been minimized.

Copy link

@ooloth ooloth commented Nov 9, 2019

Thank you!

@zeddan9

This comment has been minimized.

Copy link

@zeddan9 zeddan9 commented Feb 5, 2020

I thought I encountered the same problems as @sonjh1217. There was no mail.log file in the desired folder. And not surprisingly, the test emails were not sent successfully.
image
image
However, the postfix daemon seemed to work properly

image

@loziju

This comment has been minimized.

Copy link
Owner Author

@loziju loziju commented Feb 6, 2020

The original guide still works with Mojave without additional changes suggested by the comments.

https://gist.github.com/loziju/66d3f024e102704ff5222e54a4bfd50e#gistcomment-3076198 --> not required as launchctl is used.

@loziju

This comment has been minimized.

Copy link
Owner Author

@loziju loziju commented Feb 6, 2020

@zeddan9 can you try running mailq? Is it empty?
If empty, your first picture seems to tell that the recipient email address does not exist.

@zeddan9

This comment has been minimized.

Copy link

@zeddan9 zeddan9 commented Feb 6, 2020

@loziju Currently I can get it to work with gmail. But for office365, when typing command mailq, it displayed an error message

(SASL authentication failed: server smtp.office365.com[52.96.88.178] offered no compatible authentication mechanisms for this type of connection security)

I tried another source guide but it still failed.

@loziju

This comment has been minimized.

Copy link
Owner Author

@loziju loziju commented Feb 6, 2020

@loziju

This comment has been minimized.

Copy link
Owner Author

@loziju loziju commented Feb 22, 2020

The original guide still works with Mojave without additional changes suggested by the comments.

https://gist.github.com/loziju/66d3f024e102704ff5222e54a4bfd50e#gistcomment-3076198 --> not required as launchctl is used.

Sorry I stand corrected, @Mellbourn is right, the following is required. Have updated the guide.

<key>RunAtLoad</key>
<true/>
@betabot7

This comment has been minimized.

Copy link

@betabot7 betabot7 commented Apr 1, 2020

This guide worked for me on OS X Catalina.

One note, I created a new gmail account in my google domain. I had to log into that account, accept terms of service, and then enable less secure apps for this to work.

Also, even after successful receipt of test emails, /var/log/mail.log does not exist. not sure where those logs are going...

@maximilianschmid

This comment has been minimized.

Copy link

@maximilianschmid maximilianschmid commented Apr 13, 2020

Thx. works like a charm on MacOS Catalina.

@baandab

This comment has been minimized.

Copy link

@baandab baandab commented Aug 8, 2020

To see the last five minutes of the logs, use this:

log show --predicate '(process == "smtpd") || (process == "smtp") || (process == "master")' -info --last "5m"

@jec13

This comment has been minimized.

Copy link

@jec13 jec13 commented Aug 10, 2020

Works perfectly on MacOS High Sierra 10.13.6 exactly as written. What great help. Thank you very much for posting.

@meerapatelmd

This comment has been minimized.

Copy link

@meerapatelmd meerapatelmd commented Aug 17, 2020

Didn't work for me! Getting a whitespace error

@baandab

This comment has been minimized.

Copy link

@baandab baandab commented Aug 18, 2020

Odd duck -- maybe try this (this will stream future events, so run this command in one terminal session, and then kick off a backup in another (e.g. tmutil startbackup)

sudo log stream --predicate '(com.apple.TimeMachine)' --info

@meerapatelmd

This comment has been minimized.

Copy link

@meerapatelmd meerapatelmd commented Aug 18, 2020

@baandab

This comment has been minimized.

Copy link

@baandab baandab commented Aug 18, 2020

Oh, try this:

sudo log stream --predicate 'subsystem=="com.apple.TimeMachine"' --info

@iamtodor

This comment has been minimized.

Copy link

@iamtodor iamtodor commented Aug 26, 2020

It fails with sending:

two things:

  • connect to smtp.gmail.com[2a00:1450:4010:c05::6d]:587: No route to host and then it changes to SASL authentication failed; server smtp.gmail.com[64.233.162.108] said: 534-5.7.9 Application-specific password required. Learn more at?534 5.7.9 https://support.google.com/mail/?p=InvalidSecondFactor g19sm418196ljk.125 - gsmtp, however, I setup Allow less secure apps: ON
  • tail -f /var/log/mail.log >>> tail: /var/log/mail.log: No such file or directory

Does someone face and solve it?

@dfkotz

This comment has been minimized.

Copy link

@dfkotz dfkotz commented Aug 28, 2020

Thank you, this was very helpful. It worked for me on Catalina for sending mail via iCloud (because I have/want no gmail).

Some recommendations to update the documentation:

  • Change the title of this page to include Catalina, because the sequence still seems workable on Catalina.
  • In step 2, tell readers to be careful if their password includes whitespace or special characters. They will need to rewrite the command or (better) edit the file. Indeed, I recommend you change the instructions; instead of telling them to replace the email address and password on the commandline, run that command as-is and then sudo vi /etc/postfix/sasl_passwd to edit the file after it is created. This approach also avoids dropping your cleartext password into your bash history, which is poor practice.
  • In step 5, note that I and other commenters find no file /var/log/mail.log, at least on Catalina; I think one must look in the Console for syslog messages from postfix.
  • add this tip: If you fill your mail queue with failed messages, sudo postsuper -d ALL deferred
  • another tip: the simple use of mail to send a test message may not work; I found it labeled my outbound mail as being 'from' address dfk@Kotzbook2020.local, drawing from the MacOS username and the hostname of my laptop. Such messages appear to leave my machine but are never delivered. I could not find a way to convince mail (or mailx or Mail, which on MacOS are all the same tool) to set the From address, so I used mutt and set the 'from' and 'envelope' in .muttrc as follows:
set use_from
set from="David Kotz <myusername@mac.com>"
set use_envelope_from
set envelope_from_address="David Kotz <myusername@mac.com>"

Recommendations for iCloud users:

In step 1, use the following and comment out Gmail:

# iCloud SMTP
relayhost=smtp.mail.me.com:587

For reference, see helpful information from this Apple support page.
I think I needed to generate an app-specific password here.
I'm not sure this was necessary, but I strongly recommend it because it avoids placing your normal iCloud password, in cleartext, in the /etc/postfix/sasl_passwd file. In the event that password is compromised, or laptop lost, I assume it is possible to revoke that app-specific password from an interface on apple.com.

@dfkotz

This comment has been minimized.

Copy link

@dfkotz dfkotz commented Sep 11, 2020

Furthermore, in step 5, note that load/unload are deprecated from launchctl.

I found it sufficient to

sudo launchctl bootstrap system /Library/LaunchDaemons/org.postfix.custom.plist

but if you later need to edit that plist file, you'll need to stop and restart with

sudo launchctl bootout system /Library/LaunchDaemons/org.postfix.custom.plist
sudo launchctl bootstrap system /Library/LaunchDaemons/org.postfix.custom.plist
@loziju

This comment has been minimized.

Copy link
Owner Author

@loziju loziju commented Sep 12, 2020

Thanks @dfkotz for your valuable feedback! I plan to upgrade to Catalina in few weeks' time and I'll spend some time then to also update the gist to reflect your feedback.

@ddracopo

This comment has been minimized.

Copy link

@ddracopo ddracopo commented Oct 3, 2020

In my case after moving to a new Catalina Macbook Pro the same configuration would not work (although the old machine was running Catalina too but it had been upgraded many times since 2017).

/var/mail/mail.log is not written any more in recent versions of MacOS but the following command would shown online the log of what is happening while attempting to send email:

log stream --predicate '(process=="smtpd") || (process == "smtp")' --info

This revealed that in the new machine the generic.db file in /etc/postfix was missing and it had to be generated from the generic file:

postmap /etc/postfix/generic

After this, everything worked.

@Azhrei

This comment has been minimized.

Copy link

@Azhrei Azhrei commented Oct 5, 2020

This revealed that in the new machine the generic.db file in /etc/postfix was missing and it had to be generated from the generic file:

postmap /etc/postfix/generic

I have a single account that I use on my Catalina MBP, but I often create "test users" for short-term use. When I send an email using one of these test accounts, I still want the outbound message to appear to originate from my true account. I put the following at the end of the generic file:

@mymac5.local    username@my.domain.com

This tells the postfix server that email originating from any user on the local system (which has mymac5.local as the hostname) should appear to come from username@my.domain.com.

Until I made this change, I was receiving the following error from the SMTP server I am using as my relay:

to=<xxxx@some.domain>, relay=smtp.xxxx.com[74.208.5.2]:587, delay=1.1, delays=0.04/0.05/
0.94/0.08, dsn=5.0.0, status=bounced (host smtp.xxxx.com[74.208.5.2] said: 550-Requested
action not taken: mailbox unavailable 550 invalid DNS MX or A/AAAA resource record (in
reply to MAIL FROM command))

It appears that the relay server was verifying that the "from" address was actually using a valid domain name. This SMTP relay is the company that is currently hosting my web site, so they are likely just checking that a customer is using the server.

Maybe this will help out someone else. 🙂

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment