Configure Postfix to use Gmail as a Mail Relay

We all know that Gmail is popular these days, from personal usage to business heavy users. I myself use Gmail on daily basis, both for my personal email as well as at work.

My WordPress site recently got malware, and it kept creating script files as well as tried to send emails through my Postfix server, running on the same host as my blog.

Before this, I have never spent time to sit down and setup some scripts properly to monitor my host and website. Given the latest incidents I have with my host that the mail log filled up my disk space, due to endless attempts to send emails through my host and failed every time. Now I think I need to spend sometime get it setup properly so that I can monitor easily.

The first step is to setup my postfix server properly so that it can send emails to me for monitoring. This is important as I need to have a daily visual on server logs as well as cron job outputs. And I think the easiest way is to use Gmail as a Mail Relay, so that emails will go through Gmail from Postfix server on my host.

To do this, I have found a useful blog that detailed on the steps from HowtoForge website, I will put the steps here based on Ubuntu for self reference:

1. Install necessary packages:

sudo apt-get update && sudo apt-get install postfix mailutils

2. Configure Gmail Authentication

Create or modify a password file which will be used by Postfix to establish authentication with Gmail. In the authentication information below, replace username with your Gmail username and password with your Gmail password. If you are using a custom Gmail Apps domain name, you may replace gmail.com with your Google Apps domain.

The password file will reside in the Postfix configuration directory. The file can be named whatever you like, but the recommended filename is sasl_passwd.

a. Open file for edit:

vi /etc/postfix/sasl_passwd

b. Add the following line to above file:

[smtp.gmail.com]:587    username@gmail.com:password

c. And then make sure that the file is only readable by yourself:

chmod 600 /etc/postfix/sasl_passwd

3. Configure Postfix

Now, we need to configure Postfix by adding the following lines to its main configuration file. Open /etc/postfix/main.cf using your favourite editor and then add below content:

relayhost = [smtp.gmail.com]:587
smtp_use_tls = yes
smtp_sasl_auth_enable = yes
smtp_sasl_security_options =
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt

4. Process Password File

Use postmap to compile and hash the contents of sasl_passwd. The results will be stored in your Postfix configuration directory in the file sasl_passwd.db.

postmap /etc/postfix/sasl_passwd

5. Restart Postfix server, so that the configurations will take effect:

sudo systemctl restart postfix.service

6. Lastly, we need to Enable “Less Secure Apps” In Gmail

By default, only the most secure sign-ins, such as logging in to Gmail on the web, are allowed for your Gmail account. To permit relay requests, log in to your Gmail account and turn on Allow less secure apps (you will need to login first before you can turn on the setting).

For more information, please refer to “Allowing less secure apps to access your account.”

7. To confirm everything is working, run below command to test:

mail -s "Test subject" recipient@domain.com

If no emails, check log file under /var/log/mail.log to see what message reported from Postfix and fix accordingly.

Hope this can also help with anyone who lands on my blog.