Send Emails on Mac OS X with Postfix and a Gmail Relay

A quick howto setup Mac OS X and Postfix to use Gmail as a relay. Everything will need to be executed as root using sudo. If you just need to send emails try running sudo postfix start, and make sure to check your spam for emails – they will likely be flagged as they originate from a local mail server.

SASL Authentication

Connecting to the Gmail SMTP server requires both SSL and authentication. To set up authentication you will need to edit the /etc/postfix/sasl_passwd file.

sudu vi /etc/postfix/sasl_passwd

Update the contents to include the following. Note that enclosing hostnames with square brackets – [] – tells Postfix to avoid doing an MX lookup. Make sure to replace EMAIL with your email address, and PASSWORD with your Gmail password, properly escaping any colons in it.

[smtp.gmail.com]:587 [email protected]:PASSWORD

Use the postmap command to update the SASL credentials in Postfix.

sudo postmap /etc/postfix/sasl_passwd

Postfix Relay Configuration

Next we need to edit the Postfix configuration found in /etc/postfix/main.cf.

sudo vi /etc/postfix/main.cf

I was not able to route mail to the Gmail SMTP servers over IPv6, so force only IPv4 connections by searching for the inet_protocols key and updating the value.

inet_protocols = ipv4

If any of the following keys already exist in your configuration comment them out, and include the following at the bottom of the config file.

# Gmail SMTP relay
relayhost = [smtp.gmail.com]:587

# Enable SASL authentication in the Postfix SMTP client.
smtpd_sasl_auth_enable = yes
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options =
smtp_sasl_mechanism_filter = AUTH LOGIN

# Enable Transport Layer Security (TLS), i.e. SSL.
smtp_use_tls = yes
smtp_tls_security_level = encrypt
tls_random_source = dev:/dev/urandom

Restart Postfix & Test

Restart Postfix as root, then send a test email.

sudo postfix stop && sudo postfix start
date | mail -s "Test Email" [email protected]

If you don’t receive the test email, check the Postfix queue by running mailq or looking at the contents of /var/log/mail.log. Any errors that mention “SASL authentication failed” indicate that you may have entered an incorrect email/password combination, forgot to run postmap after updating the credentials, or need to Turn On Access for less secure apps in Gmail for your account.

You may also like...

28 Responses

  1. Chris says:

    Thanks for sharing

  2. Joe says:

    “Turn On Access for less secure apps in Gmail” is not available any more. Are there any alternatives?

  3. Paul says:

    Ok it’s a year or so old, but I’d like to add to Daniel (https://www.justinsilver.com/technology/osx/send-emails-mac-os-x-postfix-gmail-relay/#comment-2683) – reply isn’t working for me!
    I got the same “the Postfix mail system is not running” error. But, if all you want to do is send email from your local machine (generated by cron or what have you) then this isn’t a problem. I’m sending mail fine from the mail command line. having Postfix not running will, from my understanding, just not let you receive mail, or other services of that nature. I’m not an expert, but I know that I’m on Catalina, and these instructions worked for me (albeit with the Not Working error) and I am now the happy recipient of cron job emails to my gmail account which is all I was needing.
    Thanks Justin for documenting your set up.

  4. Alex says:

    This actually worked for me. Thanks!

  5. Gilberto Conde says:

    Somewhere (https://apple.stackexchange.com/questions/229331/how-to-modify-a-launch-daemon-permanently-under-os-x-el-capitan) I also read that starting with El Capitan you have the SIP problem. The solution would be to put a copy of your daemon plist with a slightly different name (maybe adding local before the daemon name) in /Library/LaunchDaemons (instead of /System/Library/Lau..). Then you can make your edits. Ownership must be set to root:wheel, and permissions to 644. After disabling SIP, you should deactivate the original plist with `sudo launchctl unload -w /System/Library/LaunchDaemons/org.postfix.master.plist` and activate the new one with `sudo launchctl load /Library/LaunchDaemons/local.org.postfix.master.plist`. Don’t forget to reenable the SIP.

    Well, I did all that in Catalina, but postfix is still not sending my message. I hope I don’t have a typo in my password or something as silly as that. 😀

  6. Daniel Hinostroza says:

    Hi,
    I’ve done everything suggested in this post but I still get the message ‘the Postfix mail system is not running’. In some other page there was a recommendation to add a few parameters to /System/Library/LaunchDaemons/com.apple.postfix.master.plist namely, add:

    RunAtLoad

    KeepAlive

    before
    The problem is (I’m on MacOS Catalina) that the file is write protected and Terminal changes to /System/Library are restricted even with SIP disabled. So my question is: are these additions to com.apple.postfix.master.plist even necessary? or is the problem somewhere else?
    All the very best,
    Daniel

    • User Avatar Justin Silver says:

      Hi Daniel – I set up Postfix way back when I made this post, and fwiw it is still running on Mojave on my machine (I have not updated to Catalina). I did just check the status and there is a note about “compatibility” mode, so perhaps this needs to be disabled in newer versions of the OS? My only suggestion is to try running postconf compatibility_level=2 followed by postfix reload to disable it. Good luck!

  7. Tom Ootes says:

    Total lifesaver! Thanks man.

  8. Pavan says:

    Works perfectly !! Thanks

  9. Dick Guertin says:

    Justin, I followed your tutorial, to the letter, and got this:

    (TLS is required, but our TLS engine is unavailable)

    What do I do now?

  10. Froi says:

    Hi,

    I have followed all the instructions, but it always gave me this error every time I try to reboot the service:

    fatal: the Postfix mail system is not running

    I’m using MacOS High Sierra 10.13.4.

    Thanks.

    • User Avatar Justin Silver says:

      You probably need to change the default SMTP port. Run sudo vi /etc/postfix/master.cf and look for a line that starts with “smtp inet” near the top. Try making it look like to following to use port 587:

      smtp      inet  n       -       n       -       1       587
      

      Then run sudo postfix restart.

  11. Mike says:

    Good stuff

  12. Tried many other tutorials but this is the first that worked for me, thank you!

  13. Ryan says:

    If you’ve configured 2-Factor authentication with Google, you’ll need to create an app password to bypass the 2FA. See this article for assistance https://support.google.com/accounts/answer/185833. When entering the password on the sasl_passwd file, you’ll need to supply the app password instead of your personal password. If you have already entered your personal password and are now entering the app password, dont forget to run the “sudo postmap /etc/postfix/sasl_passwd” prior to restarting postfix.

    Also, postfix on OSX Sierra is version 3.1.X which may have issues leading to log entries stating it can’t find the md5 algorithm. Upgrading to OSX High Sierra also does an upgrade to postfix 3.2.X which solves the issue.

  14. Fasil says:

    hello,
    can you help me, im getting below error. MacOS Sierra

    -Queue ID- –Size– —-Arrival Time—- -Sender/Recipient——-
    CA284E3B870 355 Thu Sep 28 00:06:37 [email protected]
    (Host or domain name not found. Name service error for name=smtp.gmail.com type=A: Host not found, try again)
    [email protected]

    — 0 Kbytes in 1 Request.

    • User Avatar Justin Silver says:

      Hi Fasil,

      It sounds like you might be having DNS issues – I am able to resolve that hostname.

      > nslookup smtp.gmail.com
      Server:		4.2.2.1
      Address:	4.2.2.1#53
      
      Non-authoritative answer:
      smtp.gmail.com	canonical name = gmail-smtp-msa.l.google.com.
      Name:	gmail-smtp-msa.l.google.com
      Address: 74.125.28.108
      Name:	gmail-smtp-msa.l.google.com
      Address: 74.125.28.109
      
  15. Darrel says:

    Thanks for the tutorial. It worked for me too.

  16. Danny says:

    I can’t thank you enough for this post. I have been searching everywhere for the answer to this. Thank you again!!! 🙂

  17. J.J. Boomsma says:

    On macOS Sierra (10.12.5) it did not work. From gmail I received an “Undelivered Mail Returned to Sender” with a message:
    Action: failed
    Status: 5.5.1
    Remote-MTA: dns; smtp.gmail.com
    Diagnostic-Code: smtp; 530-5.5.1 Authentication Required. Learn more at 530
    5.5.1 https://support.google.com/mail/?p=WantAuthError i42sm247714ede.5 –
    gsmtp
    The main.cf is updated, the sass_passwd is created, The postmap /etc/postfix/sasl_passwd and the postfix has been restarted.
    What can I do more?

    • User Avatar Justin Silver says:

      My first guess would be that the username or password is incorrect – just to double check the auth info goes into /etc/postfix/sasl_passwd (you have sass_passwd in your comments as well as the correct spelling). If the file is named correctly you might need to escape your password if it has any special characters (dollar sign, asterisk, etc) as they might not be interpreted correctly. Also check out the link in the error you are getting – there are a few troubleshooting steps on that page regarding two factor authentication, allowing “less secure” apps, or possibly unlocking your account.

      Good luck!

    • Mark Statkus says:

      @ J.J Boomsma – are you running MacOS Server too?

    • Plentipeppa says:

      Check over your files, I see in one instance you type sass_passwd.
      Next line you speaking about sasl_passwd.

  18. Nathan says:

    I’ve been looking EVERYWHERE for an answer to this problem. I’ve tried so many different configurations. Yours is the one that worked. Thank you so much!

  19. Emso says:

    Thanks for the tutorial. It worked!

Leave a Reply

Your email address will not be published. Required fields are marked *