Configure Postfix with Gmail on Ubuntu

Introduction

Postfix is used mail transfer agent that is used to send and receive emails. It is easy to install and configure on Ubuntu server.

In this tutorial, we will show you how to configure Postfix with Gmail on Ubuntu.

Prerequisites

Before you proceed, you will need the following −

• A running Ubuntu server

• A Gmail account

• A valid domain name that is configured to point to the server's IP address

Step 1: Install Postfix

In the first step install Postfix on your Ubuntu system. You can do this by running following command −

sudo apt-get install postfix

During installation, you will be prompted to select mail server configuration and there options. You should choose "Internet Site" and fill your server's domain name when ask.

Step 2: Configure Postfix

Once Postfix is installed, you need to configure it to use Gmail as a relay for all emails. Open the main Postfix configuration file by using the following command −

sudo nano /etc/postfix/main.cf

Add the following lines to the end of the file −

relayhost = [smtp.gmail.com]:587
smtp_use_tls = yes
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous

Save and exit the file.

Step 3: Create a Gmail App Password

To use Gmail as a relay server, you need to create an App Password in Gmail configuration. This password is use to authenticate Gmail's servers for relaing emails. To create an App Password, you can follow these steps −

• Log in to your Gmail account.

• Go to your Google Account settings page.

• Click on "Security".

• Under "Signing in to Google", click on "App Passwords".

• Select "Mail" as the app and "Other (Custom Name)" as the device.

• Enter a name for the password and click on "Generate".

• Make a note of the password that is generated.

Step 4: Add Gmail Credentials in Postfix

Now that you have created an App Password, you need to add it to Postfix. Create a new file called "sasl_passwd" in the /etc/postfix directory by running the following command −

sudo nano /etc/postfix/sasl_passwd

Add the following line to the file, replacing "your-email@gmail.com" with your Gmail address and "your-password" with the App Password that you generated −

 [smtp.gmail.com]:587 your-email@gmail.com:your-password

Save and exit the file.

Now, use following command to hash the sasl_passwd file −

sudo postmap /etc/postfix/sasl_passwd

Step 5: Restart Postfix

Now restart Postfix service to apply the changes by using following command −

sudo systemctl restart postfix

Step 6: Test the Configuration

To test configuration, send an email using the "mail" commans, and replace "recipient@email.com" with the email address you want to send the email to −

echo "Test email" | mail -s "Test subject" recipient@email.com

If everything is configured correctly, the email should be sent and received by the recipient.

Advanced Configuration Options

There are several additional configuration options, you can use this to fine-tune Postfix and Gmail integration. Here are some of the most useful ones −

• "smtp_tls_CAfile" − This option allows you to specify a custom Certificate Authority (CA) file to use for TLS encryption. This can be useful if you want to use a different CA than the default one included with Ubuntu.

• "smtp_tls_security_level" − This option determines the level of security that is required for TLS encryption. The possible values are "may", "encrypt", "dane", and "verify". The default value is "may", which means that TLS encryption is used if possible.

• "smtp_tls_mandatory_protocols" − This option specifies the minimum TLS protocol version that is allowed. The possible values are "TLSv1", "TLSv1.1", and "TLSv1.2". The default value is "TLSv1".

• "smtp_tls_mandatory_ciphers" − This option specifies the minimum TLS cipher that is allowed. The default value is "high".

• "smtp_tls_exclude_ciphers" − This option allows you to exclude specific TLS ciphers from the list of allowed ciphers.

• "smtp_tls_note_starttls_offer" − This option adds a note to the message headers indicating whether the server offered a STARTTLS command during the SMTP session.

You can add these options to the /etc/postfix/main.cf file, just like the relayhost and sasl_passwd options. Here is an example configuration that uses some of these options −

relayhost = [smtp.gmail.com]:587
smtp_use_tls = yes
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtp_tls_security_level = encrypt
smtp_tls_mandatory_protocols = !SSLv2,!SSLv3
smtp_tls_mandatory_ciphers = high
smtp_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, SRP, CAMELLIA128, CAMELLIA256, SEED
smtp_tls_note_starttls_offer = yes

This configuration specifies the following options −

• The relayhost is set to smtp.gmail.com:587, which is the Gmail SMTP server and port number.

• smtp_use_tls is set to "yes", which enables TLS encryption for the SMTP connection.

• smtp_sasl_auth_enable is set to "yes", which enables SASL authentication.

• smtp_sasl_password_maps is set to /etc/postfix/sasl_passwd, which contains the Gmail credentials.

• smtp_sasl_security_options is set to "noanonymous", which requires the client to identify itself using SASL authentication.

• smtp_tls_CAfile is set to /etc/ssl/certs/ca-certificates.crt, which is the default CA file for Ubuntu.

• smtp_tls_security_level is set to "encrypt", which requires the use of TLS encryption.

• smtp_tls_mandatory_protocols is set to "!SSLv2,!SSLv3", which disallows the use of SSLv2 and SSLv3.

• smtp_tls_mandatory_ciphers is set to "high", which requires the use of strong TLS ciphers.

• smtp_tls_exclude_ciphers is set to a list of weak TLS ciphers that are not allowed.

• smtp_tls_note_starttls_offer is set to "yes", which adds a note to the message headers indicating whether the server offered a STARTTLS command.

Conclusion

In this tutorial, we have shown you how to configure Postfix with Gmail on Ubuntu. This configuration allows you to send and receive emails using your Gmail account. By following these steps, you can easily set up Postfix to use Gmail as a relay on your Ubuntu server.