December 28, 2011

Configure Postfix on OS X Lion to Relay via Gmail

Today I had to test e-mail delivery of an app I was working on from home. Annoyingly, my ISP (O2) block outgoing port 25 because they don't trust their users not to run open mail relays. This meant that e-mails sent from my app were not being delivered.

So I needed to set up Postfix (the native Sendmail implementation running on OS X Lion) to relay all outgoing mails to another mail server. It turned out to be quite difficult to configure Postfix to connect to Gmail.

Gmail requires an authenticated TLS session to relay mail. But the instructions I found across the web did not seem to work, in that the Gmail CA certificates were not trusted even after adding them.

The easy solution was to simply stop Postfix from requiring a trusted CA altogether. Below are instructions to replicate my setup.

First edit the Postfix configuration file as below:

$ sudo vim /etc/postfix/main.cf

Edit the file as below:

relayhost = [smtp.gmail.com]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_sasl_mechanism_filter = plain
smtp_use_tls = yes
smtp_tls_security_level = may

The 'may' security level settings tells Postfix to ignore untrusted CAs and continue delivery.

Create a new file containing your Gmail account credentials:

$ sudo vim /etc/postfix/sasl_passwd
[smtp.gmail.com]:587 USERNAME@DOMAIN:PASSWORD

Then load the account credentials into Postfix:

sudo postmap /etc/postfix/sasl_passwd
sudo rm /etc/postfix/sasl_passwd

Then restart Postfix:

sudo launchctl unload -w /System/Library/LaunchDaemons/org.postfix.master.plist
sudo launchctl load -w /System/Library/LaunchDaemons/org.postfix.master.plist

Now you can send a test e-mail:

mail -s "Testing, Testing" steve@stevelorek.com

Type the body of your message then Ctrl-D to send the e-mail.

Check the /var/log/mail.log to see the status of your delivery.