Fix Postfix for Gmail on Snow Leopard
This is a quick and dirty method for getting Postfix (as built-in on Mac OS X v10.6) to send mail via Gmail.
My little home server is a tweaked Mac mini, but Snow Leopard is the last version of OS X that will work on it without even more hacking around (besides, it’s the best version of OS X Server, IMHO). I had a search around on the web and after combining a few different methods, came up with this to make it work.
Sort out Certificates
Google changed to using Equifax as their certificate signing authority some time ago, but Postfix doesn’t know about them. So, you need to add their certificate (and we’ll add Thawte at the same time, for good measure).
Start by creating a certificates directory:
sudo mkdir /etc/postfix/certs
Jump into it and create a file called
Equifax_Secure_CA.pem, then copy the following into it:
-----BEGIN CERTIFICATE----- MIIDIDCCAomgAwIBAgIENd70zzANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEQMA4GA1UE ChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5 MB4XDTk4MDgyMjE2NDE1MVoXDTE4MDgyMjE2NDE1MVowTjELMAkGA1UEBhMCVVMxEDAOBgNVBAoT B0VxdWlmYXgxLTArBgNVBAsTJEVxdWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eTCB nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwV2xWGcIYu6gmi0fCG2RFGiYCh7+2gRvE4RiIcPR fM6fBeC4AfBONOziipUEZKzxa1NfBbPLZ4C/QgKO/t0BCezhABRP/PvwDN1Dulsr4R+AcJkVV5MW 8Q+XarfCaCMczE1ZMKxRHjuvK9buY0V7xdlfUNLjUA86iOe/FP3gx7kCAwEAAaOCAQkwggEFMHAG A1UdHwRpMGcwZaBjoGGkXzBdMQswCQYDVQQGEwJVUzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UE CxMkRXF1aWZheCBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMBoG A1UdEAQTMBGBDzIwMTgwODIyMTY0MTUxWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUSOZo+SvS spXXR9gjIBBPM5iQn9QwHQYDVR0OBBYEFEjmaPkr0rKV10fYIyAQTzOYkJ/UMAwGA1UdEwQFMAMB Af8wGgYJKoZIhvZ9B0EABA0wCxsFVjMuMGMDAgbAMA0GCSqGSIb3DQEBBQUAA4GBAFjOKer89961 zgK5F7WF0bnj4JXMJTENAKaSbn+2kmOeUJXRmm/kEd5jhW6Y7qj/WsjTVbJmcVfewCHrPSqnI0kB BIZCe/zuf6IWUrVnZ9NA2zsmWLIodz2uFHdh1voqZiegDfqnc1zqcPGUIWVEX/r87yloqaKHee95 70+sB3c4 -----END CERTIFICATE-----
Then you need to create the Thawte one as well. Call it
-----BEGIN CERTIFICATE----- MIIDJzCCApCgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBzjELMAkGA1UEBhMCWkExFTATBgNVBAgT DFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYDVQQKExRUaGF3dGUgQ29uc3Vs dGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UE AxMYVGhhd3RlIFByZW1pdW0gU2VydmVyIENBMSgwJgYJKoZIhvcNAQkBFhlwcmVtaXVtLXNlcnZl ckB0aGF3dGUuY29tMB4XDTk2MDgwMTAwMDAwMFoXDTIwMTIzMTIzNTk1OVowgc4xCzAJBgNVBAYT AlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsGA1UEChMU VGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2 aXNpb24xITAfBgNVBAMTGFRoYXd0ZSBQcmVtaXVtIFNlcnZlciBDQTEoMCYGCSqGSIb3DQEJARYZ cHJlbWl1bS1zZXJ2ZXJAdGhhd3RlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0jY2 aovXwlue2oFBYo847kkEVdbQ7xwblRZH7xhINTpS9CtqBo87L+pW46+GjZ4X9560ZXUCTe/LCaIh Udib0GfQug2SBhRz1JPLlyoAnFxODLz6FVL88kRu2hFKbgifLy3j+ao6hnO2RlNYyIkFvYMRuHM/ qgeN9EJN50CdHDcCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQAm SCwWwlj66BZ0DKqqX1Q/8tfJeGBeXm43YyJ3Nn6yF8Q0ufUIhfzJATj/Tb7yFkJD57taRvvBxhEf 8UqwKEbJw8RCfbz6q1lu1bdRiBHjpIUZa4JMpAwSremkrj/xw0llmozFyD4lt5SZu5IycQfwhl7t UCemDaYj+bvLpgcUQg== -----END CERTIFICATE-----
Once that’s done, do this to make sure Postfix can find the certificates:
sudo c_rehash /etc/postfix/certs
Thanks to Steve Jenkins for his blog post regarding the certificates. Foxed me for a while.
That’s the first bit. Now the second bit.
Now we need to tell Postfix to use the certificates we just added, as well as your details for Gmail and the location of the mail server. Using your favourite editor, edit
/etc/postfix/main.cf. Have a search for relayhost and you’ll find a section called ‘INTERNET OR INTRANET’. Add the following configuration information under the commented-out relayhost entries.
relayhost = [smtp.gmail.com]:587 smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_sasl_security_options = noanonymous smtp_use_tls = yes smtp_tls_CApath = /etc/postfix/certs
Usernames and Passwords
That’s all well and good, but how does Postfix know how to log in? Well, in this case, its a password saved as clear text in a file. Yeah, I know – but in my case I’ve not dug any deeper, as this is account is for the server alone and contains nothing interesting at all. If you’re going to do it this way, I recommend the same approach.
Store the username and password in
/etc/postfix/sasl_passwd like this:
chmod 600 /etc/postfix/sasl_passwd
to add a modicum of security to the deal. At least it’s encrypted as it flies over the internet.
You then need to create the
/etc/postfix/sasl_passwd.db password database using this:
sudo postmap /etc/postfix/sasl_passwd
First of all, make sure Postfix has re-read all the changes.
sudo launchctl stop org.postfix.master sudo launchctl start org.postfix.master
Then you should try a test email. Something like this should work:
ls -1 | mail -s "Subject" email@example.com -f firstname.lastname@example.org
That would send the output of the current directory to email@example.com. Just make sure that the address you put after the -f switch is one that’s allowed to send mail with your Gmail account, otherwise not very much will happen.
If you encounter troubles, check the logfile:
Now you should be all set to emeither from the command line!
Annoyingly, as I have just discovered, you may get the following error:
“The IP you’re using to send mail is not authorized”
This would appear to be the risk you take having a dynamic IP address as I do. The allocation of addresses by your ISP may not have permission to send mail through Gmail’s servers in this way. I don’t entirely understand it, as I can certainly send mail via Mail.app. I shall be on the lookout for a solution.