Configure Postfix to send/relay emails Gmail (smtp.gmail.com) via port 587

Question

Using Centos 5.4, with Postfix. I can do a

mail foo@gmail.com 
subject: blah
 test
.
Cc:

and the msg gets sent to gmail, but it resides in the spam folder, which is to be expected.

My goal is to be able to generate email msgs, and to have them appear in the regular Inbox! As I understand Postfix/Gmail, it's possible to configure Postfix to send/relay mail via the authenticated/valid user using port 587, which would no longer have the mail be seen as spam.

I've tried a number of parameters based on different sites/articles from the 'net, with no luck. Some of the articles, actually seem to conflict with other articles! I've also looked over the stacflow postings on this, but i'm still missing something... Also talked to a few people on IRC (Centos/Postfix) and still have questions..

So, i'm turning to Serverfault, once again!

If there's someone who's managed to accomplish this, would you mind posting your main.cf, sasl-passwd, and any other conf files that you use to get this working! If I can review your config files, I can hopefully see where I've screwed up, and figure out how to correct the issue.

Thanks for reading this, and any help/pointers you provide!

ps, If there is a stackflow posting that speaks to this that I may have missed, feel free to point it out to me!

-tom

Answer 1

While I haven't tried to relay through a provider using the submission port (587) it should be possible. To enable Postfix to relay you'll need to setup a file with the authenticated credentials to use and make some modifications to your /etc/postfix/main.cf config file.

The first is the authentication credentials. For this I simply use /etc/postfix/sasl_passwd which I add the appropriate line using the template:

smtp.provider.com    smtp_user:smtp_passwd

You'll want to be sure this file is protected so I recommend root:root ownership and 0600 permissions be set on it. You'll then want to run the following to create the hash mapped version as root.

postmap hash:/etc/postfix/sasl_passwd

With this out of the way turn your attention go the /etc/postfix/main.cf you may find some of the values already set so you will need to change them accordingly but the important details are as follows:

smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options =
smtp_tls_security_level = may

These will enable Postfix to be able to use the sasl_passwd file to authenticate when sending mail. You'll then need to tell Postfix it should use the provider to send the mail by adding the configuration

relayhost = smtp.provider.com:port

By default Postfix assumes port 25 if you don't specify and this has worked for me in the past. With your requested setup you'll need to specify 587 as the port. With that said I'm not sure if you'll need to modify the sasl_passwd entry to be smtp.provider.com:587 instead of simply smtp.provider.com as I've not tried doing this over a non-default port before so you'll have to try it for yourself.

These configuration steps alone are handling mail forwarding on several servers I maintain through a central mail server.

Updated to include fully working example

It actually turns out I'd configured my Ubuntu (Debian-based) laptop to use port 587 on my email provider (not-Gmail) as my DSL provider blocks outbound port 25 traffic. I updated to use one of my Gmail accounts to send mail out instead. The only change I needed to make

I'm obscuring the private data but otherwise pasting as-is working configuration for Postfix.

First we have /etc/postfix/main.cf:

# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
#smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
#smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
#smtpd_use_tls=yes
#smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_tls_security_level = may

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = example.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination = solitare, localhost.localdomain, , localhost
relayhost = smtp.gmail.com:587
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options =

Next we have /etc/postfix/sasl_passwd:

smtp.gmail.com:587  myusername@gmail.com:mypassword

I then ran the following SMTP session:

jbouse@solitare:~$ telnet localhost 25
Trying 127.0.0.1...
Connected to solitare.
Escape character is '^]'.
220 example.com ESMTP Postfix (Ubuntu)
helo localhost
250 example.com
mail from: jbouse@example.com
250 2.1.0 Ok
rcpt to: myotherusername@gmail.com
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
To: myotherusername@gmail.com
From: jbouse@example.com
Subject: Testing Postfix smarthost via Gmail
this is just a test
.
250 2.0.0 Ok: queued as 6269B280191
quit
221 2.0.0 Bye
Connection closed by foreign host.

Then I log into my myotherusername Gmail account and read the message:

Return-Path: <myotherusername@gmail.com>
Received: from example.com (mydslproviderhostname.net [x.x.x.229])
        by mx.google.com with ESMTPS id 6sm401663ywd.11.2010.03.04.19.19.58
        (version=TLSv1/SSLv3 cipher=RC4-MD5);
        Thu, 04 Mar 2010 19:19:58 -0800 (PST)
Sender: "Jeremy Bouse" <myotherusername@gmail.com>
Received: from localhost (solitare [127.0.0.1])
    by example.com (Postfix) with SMTP id 6269B280191
    for <myotherusername@gmail.com>; Thu,  4 Mar 2010 22:17:39 -0500 (EST)
To: myotherusername@gmail.com
From: jbouse@example.com
Subject: Testing Postfix smarthost via Gmail
Message-Id: <20100305031745.6269B280191@example.com>
Date: Thu,  4 Mar 2010 22:17:39 -0500 (EST)

this is just a test

Now having shown my 13 years as a systems administrator are not wasted I have email sending from my laptop through Gmail without having any need to generate a self-signed x.509 certificate as others would tell you. The key addition to the /etc/postfix/main.cf is the smtp_tls_security_level setting to may to tell Postfix that it is okay to issue the STARTTLS command when connecting to another MTA if it supports TLS. If you forget the smtp_tls_security_level setting you may see an entry in your /var/log/mail.log along the lines of:

Mar  4 22:10:58 solitare postfix/smtp[19873]: 20E07280191: to=<myotherusername@gmail.com>, relay=smtp.gmail.com[74.125.47.109]:587, delay=38, delays=38/0.03/0.08/0.01, dsn=5.7.0, status=bounced (host smtp.gmail.com[74.125.47.109] said: 530 5.7.0 Must issue a STARTTLS command first. 20sm399188ywh.48 (in reply to MAIL FROM command))

However with it set properly you should see something along the lines of:

Mar  4 22:20:00 solitare postfix/smtp[20313]: 6269B280191: to=<myotherusername@gmail.com>, relay=smtp.gmail.com[74.125.47.109]:587, delay=141, delays=110/29/0.36/1.9, dsn=2.0.0, status=sent (250 2.0.0 OK 1267759200 6sm401663ywd.11)