Skip to content

Instantly share code, notes, and snippets.

Created August 3, 2014 18:28
  • Star 5 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save zmwangx/223b4a5a55eb46193cfb to your computer and use it in GitHub Desktop.
Postfix: relay to authenticated SMTP.
  1. Taking Gmail as an example, put the following into /etc/postfix/

     relayhost = []:587
     smtp_sasl_auth_enable = yes
     smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
     smtp_sasl_security_options = noanonymous
     smtp_sasl_mechanism_filter = plain
     smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
     smtp_use_tls = yes
     smtp_tls_security_level = encrypt

    If the ca-bundle.crt does not exist, do (on OS X)

     sudo su
     mkdir -p /etc/pki/tls/certs/
     security find-certificate -a -p /System/Library/Keychains/SystemRootCertificates.keychain \
  2. Apparently you need to provide the credentials at some point.

     sudo echo '[]:587 USERNAME@DOMAIN:PASSWORD' >>/etc/postfix/sasl_passwd
     sudo postmap /etc/postfix/sasl_passwd

    For added security, remove that sasl_passwd file after the postmap.

    Note that for two-step authentication you need to create an application-specific password.

  3. And that's it! Reload Postfix:

     sudo postfix reload

    Or the more brutal way: stop followed by start.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment