0

Postfix works for sending mail to the localhost or the local FQDN, which is the hostname. Looking to send through gmail:

nicholas@mordor:~$ 
nicholas@mordor:~$ swaks --to saunders.nicholas@gmail.com --from saunders.nicholas@gmail.com
=== Trying gmail.com:25...
*** Error connecting to gmail.com:25:
***     IO::Socket::INET6: connect: timeout
nicholas@mordor:~$ 
nicholas@mordor:~$ postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
compatibility_level = 3.6
inet_interfaces = all
inet_protocols = all
mailbox_size_limit = 0
maillog_file = /var/log/postfix.log
mydestination = $myhostname, mordor.saundersconsulting.tech, localhost
myhostname = mordor.saundersconsulting.tech
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = mordor.saundersconsulting.tech
readme_directory = no
recipient_delimiter = +
relayhost = [smtp.gmail.com]:587
smtp_tls_CApath = /etc/ssl/certs
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_security_level = may
nicholas@mordor:~$ 
nicholas@mordor:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 22.04 LTS
Release:    22.04
Codename:   jammy
nicholas@mordor:~$

Log:

Dec 16 14:56:11 mordor postfix/qmgr[1648523]: C78BE2BD4: from=<>, size=2244, nrcpt=1 (queue active)
Dec 16 14:56:11 mordor postfix/qmgr[1648523]: 639D92AC0: from=<>, size=2244, nrcpt=1 (queue active)
Dec 16 14:56:11 mordor postfix/smtp[1677087]: connect to smtp.gmail.com[2607:f8b0:400e:c03::6c]:587: Network is unreachable
Dec 16 14:56:12 mordor postfix/smtp[1677086]: C78BE2BD4: to=<saunders.nicholas@gmail.com>, relay=smtp.gmail.com[74.125.199.109]:587, delay=4501, delays=4501/0.03/0.31/0.07, dsn=5.7.0, status=bounced (host smtp.gmail.com[74.125.199.109] said: 530-5.7.0 Authentication Required. For more information, go to 530 5.7.0  https://support.google.com/mail/?p=WantAuthError jc12-20020a17090325cc00b001d363e87759sm5602905plb.51 - gsmtp (in reply to MAIL FROM command))
Dec 16 14:56:12 mordor postfix/smtp[1677087]: 639D92AC0: to=<saunders.nicholas@gmail.com>, relay=smtp.gmail.com[74.125.199.109]:587, delay=4502, delays=4501/0.03/0.31/0.07, dsn=5.7.0, status=bounced (host smtp.gmail.com[74.125.199.109] said: 530-5.7.0 Authentication Required. For more information, go to 530 5.7.0  https://support.google.com/mail/?p=WantAuthError u13-20020a170902e5cd00b001cff026df52sm16234005plf.221 - gsmtp (in reply to MAIL FROM command))
Dec 16 14:56:12 mordor postfix/qmgr[1648523]: C78BE2BD4: removed
Dec 16 14:56:12 mordor postfix/qmgr[1648523]: 639D92AC0: removed

The passworks fine for the Alpine e-mail client (was Pine) using the "apps" password, which is stored in the /etc/postfix/sasl/sasl_passwd file.

What settings need to be updated with Postfix so that it will send through Gmail? Note that Postfix is configured for a different port than 25 above.

To re-iterate, the Alpine e-mail client sends through Gmail fine, so it's not the password per se, but probably the way it's stored in the file. In the Alpine configuration files, it's an alphanumeric sequence separated with spaces.

The example is:

[smtp.gmail.com]:587 jane.doe@gmail.com:doeadeer

whereas the app password is more like "xxx yyy zzz", and which works fine from Pine. See also:

https://askubuntu.com/a/1201334/847449

Nicholas Saunders
  • 1,158
  • 1
    I don't see in the config you posted ANY parameters that say Postfix should authenticate to the relay [smtp.gmail.com]:587. So it does not. Read here how to configure authentication: http://www.postfix.org/SASL_README.html#client_sasl – raj Dec 16 '23 at 23:21
  • that's in the password file, but I'll checkout the link. thx. See the example at the bottom of the question, with link to documentation. – Nicholas Saunders Dec 16 '23 at 23:23
  • 1
    But your password file is nowhere referenced in the config. How Postfix should know that it should use it? – raj Dec 16 '23 at 23:24
  • is the password stored as plaintext? or, do you need to create a hash @raj ? – Nicholas Saunders Dec 17 '23 at 00:10
  • this looks diferent https://ubuntu.com/server/docs/mail-postfix – Nicholas Saunders Dec 17 '23 at 17:39
  • 1
    The documentation on the Postfix website should be considered authoritative. If some other document says differently, that document is most probably wrong. – raj Dec 17 '23 at 17:51
  • 1
    As for plaintext or hash, smtp_sasl_password_maps refers to a Postfix lookup table. So, usual rules applying to Postfix lookup tables apply here. If you use a hash: type table, then you need to create a hash. If you want to use another table type, plaintext may be sufficient. It's based on your decision and understanding of various table types. See the full description of the parameter here: http://www.postfix.org/postconf.5.html#smtp_sasl_password_maps – raj Dec 17 '23 at 17:57

1 Answers1

0

key steps:

 # chmod 600 /etc/postfix/sasl_passwd
 # postmap /etc/postfix/sasl_passwd
 # postmap /etc/postfix/tls_policy

https://access.redhat.com/solutions/3201002

seems to be working. The only change I made was to use ../postfix/sasl/sasl_passwd instead of the path above. Only because that directory came with postfix. At least insofar as I can recall.

see also:

https://wpaq.com/configure-postfix-smtp-relay/

Nicholas Saunders
  • 1,158