This is a quick and dirty method for getting Postfix (as built-in on Mac OS X v10.6) to send mail via Gmail.
My little home server is a tweaked Mac mini, but Snow Leopard is the last version of OS X that will work on it without even more hacking around (besides, it’s the best version of OS X Server, IMHO). I had a search around on the web and after combining a few different methods, came up with this to make it work.
Sort out Certificates
Google changed to using Equifax as their certificate signing authority some time ago, but Postfix doesn’t know about them. So, you need to add their certificate (and we’ll add Thawte at the same time, for good measure).
Start by creating a certificates directory:
sudo mkdir /etc/postfix/certs
Jump into it and create a file called
Equifax_Secure_CA.pem, then copy the following into it:
Then you need to create the Thawte one as well. Call it
Once that’s done, do this to make sure Postfix can find the certificates:
sudo c_rehash /etc/postfix/certs
Thanks to Steve Jenkins for his blog post regarding the certificates. Foxed me for a while.
That’s the first bit. Now the second bit.
Now we need to tell Postfix to use the certificates we just added, as well as your details for Gmail and the location of the mail server. Using your favourite editor, edit
/etc/postfix/main.cf. Have a search for relayhost and you’ll find a section called ‘INTERNET OR INTRANET’. Add the following configuration information under the commented-out relayhost entries.
relayhost = [smtp.gmail.com]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_use_tls = yes
smtp_tls_CApath = /etc/postfix/certs
Usernames and Passwords
That’s all well and good, but how does Postfix know how to log in? Well, in this case, its a password saved as clear text in a file. Yeah, I know – but in my case I’ve not dug any deeper, as this is account is for the server alone and contains nothing interesting at all. If you’re going to do it this way, I recommend the same approach.
Store the username and password in
/etc/postfix/sasl_passwd like this:
chmod 600 /etc/postfix/sasl_passwd
to add a modicum of security to the deal. At least it’s encrypted as it flies over the internet.
You then need to create the
/etc/postfix/sasl_passwd.db password database using this:
sudo postmap /etc/postfix/sasl_passwd
First of all, make sure Postfix has re-read all the changes.
sudo launchctl stop org.postfix.master
sudo launchctl start org.postfix.master
Then you should try a test email. Something like this should work:
ls -1 | mail -s "Subject" email@example.com -f firstname.lastname@example.org
That would send the output of the current directory to email@example.com. Just make sure that the address you put after the -f switch is one that’s allowed to send mail with your Gmail account, otherwise not very much will happen.
If you encounter troubles, check the logfile:
Now you should be all set to emeither from the command line!
Annoyingly, as I have just discovered, you may get the following error:
“The IP you’re using to send mail is not authorized”
This would appear to be the risk you take having a dynamic IP address as I do. The allocation of addresses by your ISP may not have permission to send mail through Gmail’s servers in this way. I don’t entirely understand it, as I can certainly send mail via Mail.app. I shall be on the lookout for a solution.