Skip to content

Instantly share code, notes, and snippets.

@zmwangx
Created August 3, 2014 18:28
Show Gist options
  • Save zmwangx/223b4a5a55eb46193cfb to your computer and use it in GitHub Desktop.
Save zmwangx/223b4a5a55eb46193cfb to your computer and use it in GitHub Desktop.
Postfix: relay to authenticated SMTP.
  1. Taking Gmail as an example, put the following into /etc/postfix/main.cf.

     relayhost = [smtp.gmail.com]:587
     smtp_sasl_auth_enable = yes
     smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
     smtp_sasl_security_options = noanonymous
     smtp_sasl_mechanism_filter = plain
     smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
     smtp_use_tls = yes
     smtp_tls_security_level = encrypt
    

    If the ca-bundle.crt does not exist, do (on OS X)

     sudo su
     mkdir -p /etc/pki/tls/certs/
     security find-certificate -a -p /System/Library/Keychains/SystemRootCertificates.keychain \
       >/etc/pki/tls/certs/ca-bundle.crt
    
  2. Apparently you need to provide the credentials at some point.

     sudo echo '[smtp.gmail.com]:587 USERNAME@DOMAIN:PASSWORD' >>/etc/postfix/sasl_passwd
     sudo postmap /etc/postfix/sasl_passwd
    

    For added security, remove that sasl_passwd file after the postmap.

    Note that for two-step authentication you need to create an application-specific password.

  3. And that's it! Reload Postfix:

     sudo postfix reload
    

    Or the more brutal way: stop followed by start.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment