Postfix Google Apps / Gmail SMTP Relay

April 30, 2009 by: Allen Sanford

For this to work you will need both SASL and SSL support compiled into postfix. Thank goodness Ubuntu by default does this for me. If you are not so luck them you will need to compile SASL and SSL support into your postfix install. To find out you can run the following command and the output should be similar to that below making note wether sasl and ssl are in the list (really for this that is all that is needed).

 ldd /usr/lib/postfix/smtp

You should see something similar to the following:

linux-gate.so.1 =>  (0xb7f62000)
libpostfix-master.so.1 => /usr/lib/libpostfix-master.so.1 (0xb7f54000)
libpostfix-tls.so.1 => /usr/lib/libpostfix-tls.so.1 (0xb7f45000)
libpostfix-dns.so.1 => /usr/lib/libpostfix-dns.so.1 (0xb7f3f000)
libpostfix-global.so.1 => /usr/lib/libpostfix-global.so.1 (0xb7f0e000)
libpostfix-util.so.1 => /usr/lib/libpostfix-util.so.1 (0xb7ee1000)
libssl.so.0.9.8 => /lib/i686/cmov/libssl.so.0.9.8 (0xb7e9b000)
libcrypto.so.0.9.8 => /lib/i686/cmov/libcrypto.so.0.9.8 (0xb7d4f000)
libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0xb7d37000)
libdb-4.7.so => /usr/lib/libdb-4.7.so (0xb7be2000)
libnsl.so.1 => /lib/libnsl.so.1 (0xb7bcb000)
libresolv.so.2 => /lib/libresolv.so.2 (0xb7bb6000)
libc.so.6 => /lib/libc.so.6 (0xb7a6f000)
libdl.so.2 => /lib/libdl.so.2 (0xb7a6b000)
libz.so.1 => /lib/libz.so.1 (0xb7a54000)
libpthread.so.0 => /lib/libpthread.so.0 (0xb7a3c000)
/lib/ld-linux.so.2 (0xb7f63000)

If you dont see libssl and libsasl STOP, you’ll need to recompile with support before you continue, if you are lucky and do see them in your installation then we are good to go and you can proceed.


Generate a Self Signed Key for this server

First you are going to need an openssl key, even if it is a self signed key, so here is how you slef sign a key. BTY this is the short version if you need a deep explanation go here

mkdir /etc/postfix/certs
cd /etc/postfiix/certs
openssl genrsa -out server.key 1024
openssl req -new -key server.key -out server.csr
openssl req -newkey rsa:1024 -x509 -nodes -infiles server.csr -signkey server.key -keyout server.pem -days 365


Modify main.cf

 cd /etc/postfix/
 vim main.cf

And now add the following lines:

    relayhost = [smtp.gmail.com]:587
    #auth
    smtp_sasl_auth_enable=yes
    smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
    #tls
    smtp_use_tls = yes
    smtp_sasl_security_options = noanonymous
    smtp_sasl_tls_security_options = noanonymous
    smtp_tls_note_starttls_offer = yes
    tls_random_source = dev:/dev/urandom
    smtp_tls_scert_verifydepth = 5
    smtp_tls_key_file=/etc/postfix/certs/server.key
    smtp_tls_cert_file=/etc/postfix/certs/server.pem
    smtpd_tls_ask_ccert = yes
    smtpd_tls_req_ccert =no
    smtp_tls_enforce_peername = no

 

Create a sasl_passwd file

     vim /etc/postfix/sasl_passwd

Copy the following text and place it in your /etc/postfix/sasl_passwd.

    gmail-smtp.l.google.com username@domain:password
    smtp.gmail.com username@domain:password

Don’t forget to postmap the new sasl_passwd file and then reload postfix and you show be good to go!

 postmap /etc/postfix/sasl_passwd
 /etc/init.d/postfix reload


Leave a Reply