Configure postfix to use Google Apps SMTP relay in a Google Compute Engine instance

postfix google-compute-engine google-cloud-platform g-suite

Install postfix with apt-get install postfix. When asked select "satellite system" or the option with smarthost. Accept the defaults of everything else for now.

Edit your main.cf according to the following file:

/etc/postfix/main.cf

# a file which should contain the google apps domain
myorigin = /etc/mailname
# if your google apps domain is in mydestination, remove it, or postfix will attempt to deliver your mail locally
mydestination = ...., localhost

# Google Apps Relay SMTP, must use Port 587 because, 25 is blocked
relayhost = [smtp-relay.gmail.com]:587

# Force ehlo behavior
smtp_always_send_ehlo = yes
smtp_helo_name = <yourappsdomainhere>

# Enable TLS
smtp_use_tls=yes
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt

# limit smtp to loopback interface & compute engine doesn't support ipv6
inet_interfaces = loopback-only
inet_protocols = ipv4

# These lines can be used, if the result is not as expected
# debug_peer_list = smtp-relay.gmail.com
# debug_peer_level = 2

Restart postfix with service postfix restart. All should be good.

This may not be the cleanest all all solutions, but it works for me.


I have searched the internet for a few days to find the solution which you and I were looking for.

Be sure you have set the SMTP relay settings under Apps > Google Apps > Gmail > Advanced settings in your Google Apps account as follows:

Google Apps SMTP relay service settings

Be sure you have installed postfix and libsasl2-modules.

sudo apt-get update
sudo apt-get install postfix
sudo apt-get install libsasl2-modules

Postfix configuration

During the Postfix configuration set the following settings:

  • General type of mail configuration: Internet with smarthost.
  • Mail name: example.com (fully qualified domain name)
  • Relay host: [smtp.gmail.com]:587

Your /etc/postfix/main.cf file should look like this:

myhostname = yourdomain.com
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases

myorigin = /etc/mailname
mydestination = yourdomain.com

relayhost = [smtp.gmail.com]:587
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all

# Use IPv4 protocol
inet_protocols = ipv4

# enable SASL authentication 
smtp_sasl_auth_enable = yes

# disallow methods that allow anonymous authentication. 
smtp_sasl_security_options = noanonymous

# where to find sasl_passwd
smtp_sasl_password_maps = hash:/etc/postfix/sasl/passwd

# Enable STARTTLS encryption 
smtp_use_tls = yes

# where to find CA certificates
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt

Create a /etc/postfix/sasl/passwd file and add your Google Apps username and password as follows:

[smtp.gmail.com]:587 [email protected]:yourpassword

Now create the hash db file for Postfix by running the postmap command:

sudo postmap /etc/postfix/sasl/passwd

Secure your Password and Hash Database files so that only root could read and write them:

sudo chown root:root /etc/postfix/sasl/passwd /etc/postfix/sasl/passwd.db
sudo chmod 0600 /etc/postfix/sasl/passwd /etc/postfix/sasl/passwd.db

Restart Postfix by:

sudo /etc/init.d/postfix restart

If you have installed mailutils you could test sending mails by:

echo "body of your email" | mail -s "This is a Subject" -a "From: [email protected]" [email protected]

If your mail is not received, check your mail.log file for any error messages:

sudo tail -f /var/log/mail.log

I have written a more detailed article: http://dev.robbertvermeulen.com/postfix-google-apps-smtp-relay-google-compute-engine/

Related

How long does it take for DNS to update new records? Strange DNS behaviour!
Serving port 443 over http creates 400 Bad Request Error instead of redirect
Is there a way to disable IPv6 SLAAC on a per-interface basis in Debian?
apt-get update mdadm scary warnings
Apache ProxyPass ignore static files
Use Nginx to server different pages depending on IP address/subnet
Windows folder permissions, Administrators and UAC, what's the "right" way to deal with this?
GitLab Active Directory authentication: no results and no authentication
iotop and iostat disagree
Which archive/compression format?
Configuring sudo to work without password
How to COMPLETELY uninstall Visual Studio Code from Windows 10?