May 14, 2018

GMail as a SMTP relay

Sometimes, even in a lab setup, you need email notifications from your servers when things go sideways. Here's how to setup GMail to deal with it for you:

Install the software:

sudo apt install libsasl2-modules postfix

A setup wizard will start, pick internet site
Type in your fully qualified domain name (FQDN), for example: jonathonwiebe.me

Generate a Google account app password

https://myaccount.google.com/apppasswords

Edit postfix config:

sudo nano /etc/postfix/sasl/sasl_passwd

Paste the following (edit to match your email/app password):
[smtp.gmail.com]:587 [email protected]:APPPASSWORDHERE

Genereate a hashed password:
sudo postmap /etc/postfix/sasl/sasl_passwd

Secure password files

Allow root access only
sudo chown root:root /etc/postfix/sasl/sasl_passwd /etc/postfix/sasl/sasl_passwd.db && sudo chmod 0600 /etc/postfix/sasl/sasl_passwd /etc/postfix/sasl/sasl_passwd.db

Configure mail relay:

sudo nano /etc/postfix/main.cf
find the line with relayhost and edit:
relayhost = [smtp.gmail.com]:587

At the end of the file add the following:

# Enable SASL authentication
smtp_sasl_auth_enable = yes
# Disallow methods that allow anonymous authentication
smtp_sasl_security_options = noanonymous
# Location of sasl_passwd
smtp_sasl_password_maps = hash:/etc/postfix/sasl/sasl_passwd
# Enable STARTTLS encryption
smtp_tls_security_level = encrypt
# Location of CA certificates
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt

Restart mail server

sudo systemctl restart postfix

Setup root mail to external forwarder

sudo nano /etc/aliases

Edit to match your details:
postmaster: root
root: [email protected]

Update system with new aliases

sudo newaliases

Notes

  • Don't expose your mail server publicly
  • Google puts all kinds of limitations on this service
  • Google may sunset it at any time
  • All email shows the sender as your gmail account