Gmail 'Send Mail As' SMTP Setup (Ubuntu & Postfix)

Gmail used to let us send mail from non-gmail addresses using the gmail servers. For some reason, they decided to disable this feature and force us to set up our own SMTP servers for outbound mail.

This guide will cover how to set up Postfix with SASL authentication on Ubuntu and avoid the dreaded "We are having trouble authenticating with your other mail service. Please try a different port or connection option" error.

First let's install postfix and sasl and make sure postfix is running
sudo apt-get install postfix libsasl2-2 sasl2-bin libsasl2-modules
sudo service sendmail stop
sudo service postfix restart

You may want to set up postfix to receive / forward mail or whatever else you want to do with it. I usually set up a virtual configuration that simply forwards mail to my gmail account.

At this point, you should have postfix running and listening to port 25, but if you try to configure gmail to send through it, you will get some stupid error like this "We are having trouble authenticating with your other mail service. Please try a different port or connection option". This is because gmail wants some sort of secure authentication, and you have not set that up yet.

So the next step is to create an SSL certificate for SASL, which is a huge pain, but you can simply past this in line by line and type in whatever makes you happy when it asks you questions. Make sure you write down the certificate password and use the same one every time it asks.

mkdir /etc/postfix/ssl
cd /etc/postfix/ssl/
openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
chmod 600 smtpd.key
openssl req -new -key smtpd.key -out smtpd.csr
openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt
openssl rsa -in smtpd.key -out smtpd.key.unencrypted
mv -f smtpd.key.unencrypted smtpd.key
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650


Cool beans. Now you just have to configure postfix to use SASL. You can paste this all in at once. It should not ask you any questions.

sudo postconf -e 'smtpd_sasl_local_domain ='
sudo postconf -e 'smtpd_sasl_auth_enable = yes'
sudo postconf -e 'smtpd_sasl_security_options = noanonymous'
sudo postconf -e 'broken_sasl_auth_clients = yes'
sudo postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'
sudo postconf -e 'inet_interfaces = all'
sudo postconf -e 'smtp_tls_security_level = may'
sudo postconf -e 'smtpd_tls_security_level = may'
sudo postconf -e 'smtpd_tls_auth_only = no'
sudo postconf -e 'smtp_use_tls = yes'
sudo postconf -e 'smtpd_use_tls = yes'
sudo postconf -e 'smtp_tls_note_starttls_offer = yes'
sudo postconf -e 'smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key'
sudo postconf -e 'smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt'
sudo postconf -e 'smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem'
sudo postconf -e 'smtpd_tls_loglevel = 1'
sudo postconf -e 'smtpd_tls_received_header = yes'
sudo postconf -e 'smtpd_tls_session_cache_timeout = 3600s'
sudo postconf -e 'tls_random_source = dev:/dev/urandom'
sudo postconf -e 'home_mailbox = Maildir/'
sudo postconf -e 'mailbox_command ='
echo 'pwcheck_method: saslauthd' >> /etc/postfix/sasl/smtpd.conf
echo 'mech_list: plain login' >> /etc/postfix/sasl/smtpd.conf
sudo service postfix restart

Now we need to configure SASL so it starts up automatically and change some things so that postfix can communicate with it.

sudo sed -i 's/START\=no/START\=yes/g' /etc/default/saslauthd
sudo sed -i 's/\/var\/run\/saslauthd/\/var\/spool\/postfix\/var\/run\/saslauthd/g' /etc/default/saslauthd
sudo echo 'PWDIR="/var/spool/postfix/var/run/saslauthd"' >> /etc/default/saslauthd
sudo echo 'PARAMS="-m ${PWDIR}"' >> /etc/default/saslauthd
sudo echo 'PIDFILE="${PWDIR}/saslauthd.pid"' >> /etc/default/saslauthd
sudo dpkg-statoverride --force --update --add root sasl 755 /var/spool/postfix/var/run/saslauthd
sudo service saslauthd restart

Wonderful! Now you can use the 'adduser' command on your server to set up users that correspond to whatever email accounts you want to send mail as. Then you simply go into the gmail settings and use the users and passwords that you set up with adduser.

The SMTP hostname is whatever you have set up as the MX record in the DNS settings for your hostname. I usually just use the @ record, but some people really like subdomains, so more power to them. The port should be 25, and TLS should be set up and working out of the box. It is highly recommended that you use that.

That should cover the basics. It is important to note that you do not need to buy an SSL certificate like you would need to do with a webserver. Generating your own works just fine. Setting up a mail server should cost you nothing but 30 minutes of work. It should now surprise you that companies like GoDaddy charge so much money for something so simple.

I will cover receiving mail in another post, but that is straight forward as well. You can either set up postfix forwarding or use dovecot for pop or imap. Another alternative is to set up an open source mail interface on your server like RoundCube. I just find gmail's convenience worth the privacy invasion most of the time, expecially when you have 30 email addresses to listen on.

5 comments:

  1. Hi,

    this is great article, but does not work for me. I think that problém is:

    echo 'pwcheck_method: saslauthd' >> /etc/postfix/sasl/smtpd.conf
    echo 'mech_list: plain login' >> /etc/postfix/sasl/smtpd.conf

    but file 'smtpd.conf' is not used in any other config lines
    And in my maillog file are fatal errors: no SASL authentication mechanism

    Can you please explain me role of /postfix/sasl/smtpd.con file?

    BR
    Karel

    ReplyDelete
    Replies
    1. My fault. I left out some very important steps. You may want to purge postfix and sasl and retry again with my new instructions. If you have any more errors, let me know and I will try to help.

      Delete
  2. This is not going to clarify all your doubts but also make it easy for you to seek help from the reliable experts from the next time. So whenever your password gets lost or account gets blocked or hacked dial a Gmail tech support toll free number. Gmail Account

    ReplyDelete
  3. Bluehost is ultimately the best web-hosting company with plans for any hosting needs.

    ReplyDelete
  4. Technology is the combination of pros as well as cons; the case is similar with Gmail also. crear cuenta gmail

    ReplyDelete