I’ve got a few servers in different places around the country and try to monitor them using the logwatch utility.  One problem that I’ve run into however is that a few of these servers are not able to send their logwatch emails to me, based on email restrictions by the ISPs.  I spent some time this afternoon researching what was required to have my servers authenticate to my gmail account and send me the mail that way.  This setup assumes Ubuntu 8.04 (or later) and Postfix.

Install the required packages

sudo aptitude install postfix libsasl2 ca-certificate

Configure Postfix

This tutorial will not outline how to configure your postfix server, but we’ll jump directly to the relayhost section.  You’ll want to add the following lines to your /etc/postfix/main.cf file:

relayhost = [smtp.gmail.com]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_CAfile = /etc/postfix/cacert.pem
smtp_use_tls = yes

The above lines are telling Postfix that you want to relay mail through gmail on a specific port, telling it to authenticate, and where to find the username and password.  The last three lines specify the authentication types supported, where the certificate authority file is and that it should use tls.

Define Username and Password

Next we’ll need to populate the sasl_passwd file.  Create the file /etc/postfix/sasl_passwd with the following contents:

[smtp.gmail.com]:587    user.name@gmail.com:password

This file should have restrictive permissions and then needs to be translated into a .db that Postfix will read.

sudo chmod 400 /etc/postfix/sasl_passwd
sudo postmap /etc/postfix/sasl_passwd

At this point you can restart Postfix and it should work, however it will complain about not being able to authenticate the certificate.  To take care of this issue we’ll use the ca-certificate package we installed and tell it where it can validate the certificate.

cat /etc/ssl/certs/Thawte_Premium_Server_CA.pem | sudo tee -a /etc/postfix/cacert.pem

Go ahead and reload postfix (sudo /etc/init.d/postfix reload) and you should be set.

If this site has been useful, please consider participating in the Fundraiser.

Other Points of Interest

Comments

7 Responses to “Relaying Postfix SMTP via smtp.gmail.com”

  1. lonnieolson.com/blog/ on November 11th, 2008 11:35 am

    I think you should mention that this setup is only good for a postfix server that will be serving only a single user. Gmail will save every outgoing message this way in the Sent Mail “folder” belonging to the user authenticated against in the sasl_passwd file.

    This is usually not desired by a multiuser mail relay. However, it could be a good method to archive all outgoing email in a small organization.

  2. Jay Curry on November 11th, 2008 11:54 am

    Thank you. I’ve been looking for a solution like this for some time now.

  3. jkl on November 11th, 2008 12:40 pm

    Thanks. This post was very useful!

  4. Hobbsee on November 12th, 2008 1:00 am

    Things like msmtp and ssmtp are much lighter tools (either of them), and can be used to do the same things. Perhaps look into those?

    I’m using msmtp to go through the fastmail smtp servers (where I have an account), with no problems.

  5. jadesro on November 26th, 2008 9:35 am

    I tried using these instructions yesterday on a newly installed ubuntu server 8.10 but got tripped up by the very first command: “sudo aptitude install postfix libsasl2 ca-certificate” reported that libasal2 was no longer available (it suggested libasal2-2) and that there was no such thing as ca-certificate. Just me?

  6. me.yahoo.com/a/krevSKMg2 on November 26th, 2008 1:59 pm

    At least on debian testing I had to do:

    sudo apt-get install ca-certificates

    As for libsasl2, I use:

    $ apt-cache policy libsasl2
    libsasl2:
    Installed: 2.1.22.dfsg1-8
    Candidate: 2.1.22.dfsg1-8
    Version table:
    *** 2.1.22.dfsg1-8 0
    500 http://ftp.fr.debian.org stable/main Packages
    100 /var/lib/dpkg/status

  7. kralph on December 6th, 2008 11:00 pm

    On Ubuntu 8.10 the package names have changed, as jadesro notes above. ca-certificates and libsasl2-2 are now the correct packages.

Leave a Comment




    Subscribe to the RSS feed!


    subscribe to the ubuntu tutorials RSS feed

    Ubuntu Tutorials Fundraiser


    Please Donate to
    Server Improvement

    Target amount: USD1,000.00
    Total Donations: USD328.00
    Amount Needed: USD672.00

    Thank you for your support!

    Click to Donate

    Polls



  • Blogroll

  • Ads by Google