Send Emails on Mac OS X with Postfix and a Gmail Relay

A quick howto setup Mac OS X and Postfix to use Gmail as a relay. Everything will need to be executed as root using sudo. If you just need to send emails try running sudo postfix start, and make sure to check your spam for emails – they will likely be flagged as they originate from a local mail server.

SASL Authentication

Connecting to the Gmail SMTP server requires both SSL and authentication. To set up authentication you will need to edit the /etc/postfix/sasl_passwd file.

sudu vi /etc/postfix/sasl_passwd

Update the contents to include the following. Note that enclosing hostnames with square brackets – [] – tells Postfix to avoid doing an MX lookup. Make sure to replace EMAIL with your email address, and PASSWORD with your Gmail password, properly escaping any colons in it.

[smtp.gmail.com]:587 [email protected]:PASSWORD

Use the postmap command to update the SASL credentials in Postfix.

sudo postmap /etc/postfix/sasl_passwd

Postfix Relay Configuration

Next we need to edit the Postfix configuration found in /etc/postfix/main.cf.

sudo vi /etc/postfix/main.cf

I was not able to route mail to the Gmail SMTP servers over IPv6, so force only IPv4 connections by searching for the inet_protocols key and updating the value.

inet_protocols = ipv4

If any of the following keys already exist in your configuration comment them out, and include the following at the bottom of the config file.

# Gmail SMTP relay
relayhost = [smtp.gmail.com]:587

# Enable SASL authentication in the Postfix SMTP client.
smtpd_sasl_auth_enable = yes
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options =
smtp_sasl_mechanism_filter = AUTH LOGIN

# Enable Transport Layer Security (TLS), i.e. SSL.
smtp_use_tls = yes
smtp_tls_security_level = encrypt
tls_random_source = dev:/dev/urandom

Restart Postfix & Test

Restart Postfix as root, then send a test email.

sudo postfix stop && sudo postfix start
date | mail -s "Test Email" [email protected]

If you don’t receive the test email, check the Postfix queue by running mailq or looking at the contents of /var/log/mail.log. Any errors that mention “SASL authentication failed” indicate that you may have entered an incorrect email/password combination, forgot to run postmap after updating the credentials, or need to Turn On Access for less secure apps in Gmail for your account.

You may also like...

12 Responses

  1. Ryan says:

    If you’ve configured 2-Factor authentication with Google, you’ll need to create an app password to bypass the 2FA. See this article for assistance https://support.google.com/accounts/answer/185833. When entering the password on the sasl_passwd file, you’ll need to supply the app password instead of your personal password. If you have already entered your personal password and are now entering the app password, dont forget to run the “sudo postmap /etc/postfix/sasl_passwd” prior to restarting postfix.

    Also, postfix on OSX Sierra is version 3.1.X which may have issues leading to log entries stating it can’t find the md5 algorithm. Upgrading to OSX High Sierra also does an upgrade to postfix 3.2.X which solves the issue.

  2. Fasil says:

    hello,
    can you help me, im getting below error. MacOS Sierra

    -Queue ID- –Size– —-Arrival Time—- -Sender/Recipient——-
    CA284E3B870 355 Thu Sep 28 00:06:37 [email protected]
    (Host or domain name not found. Name service error for name=smtp.gmail.com type=A: Host not found, try again)
    [email protected]

    — 0 Kbytes in 1 Request.

    • Justin Silver says:

      Hi Fasil,

      It sounds like you might be having DNS issues – I am able to resolve that hostname.

      > nslookup smtp.gmail.com
      Server:		4.2.2.1
      Address:	4.2.2.1#53
      
      Non-authoritative answer:
      smtp.gmail.com	canonical name = gmail-smtp-msa.l.google.com.
      Name:	gmail-smtp-msa.l.google.com
      Address: 74.125.28.108
      Name:	gmail-smtp-msa.l.google.com
      Address: 74.125.28.109
      
  3. Darrel says:

    Thanks for the tutorial. It worked for me too.

  4. Danny says:

    I can’t thank you enough for this post. I have been searching everywhere for the answer to this. Thank you again!!! 🙂

  5. J.J. Boomsma says:

    On macOS Sierra (10.12.5) it did not work. From gmail I received an “Undelivered Mail Returned to Sender” with a message:
    Action: failed
    Status: 5.5.1
    Remote-MTA: dns; smtp.gmail.com
    Diagnostic-Code: smtp; 530-5.5.1 Authentication Required. Learn more at 530
    5.5.1 https://support.google.com/mail/?p=WantAuthError i42sm247714ede.5 –
    gsmtp
    The main.cf is updated, the sass_passwd is created, The postmap /etc/postfix/sasl_passwd and the postfix has been restarted.
    What can I do more?

    • Justin Silver says:

      My first guess would be that the username or password is incorrect – just to double check the auth info goes into /etc/postfix/sasl_passwd (you have sass_passwd in your comments as well as the correct spelling). If the file is named correctly you might need to escape your password if it has any special characters (dollar sign, asterisk, etc) as they might not be interpreted correctly. Also check out the link in the error you are getting – there are a few troubleshooting steps on that page regarding two factor authentication, allowing “less secure” apps, or possibly unlocking your account.

      Good luck!

    • Mark Statkus says:

      @ J.J Boomsma – are you running MacOS Server too?

    • Plentipeppa says:

      Check over your files, I see in one instance you type sass_passwd.
      Next line you speaking about sasl_passwd.

  6. Nathan says:

    I’ve been looking EVERYWHERE for an answer to this problem. I’ve tried so many different configurations. Yours is the one that worked. Thank you so much!

  7. Emso says:

    Thanks for the tutorial. It worked!

Leave a Reply

Your email address will not be published. Required fields are marked *