Send email via Postfix

2010-12-20

I like sending brief email via the command line, because it really sucks to open a web browser just for writing 2 lines of text. On my old computer, I configured postfix to work with my gmail account. Now, I tried to replicate my config on my Airbook, but the SSL certificates used by Gmail have changed in the meantime, and although my configuration still works I end up with unwanted warnings in my /var/log/mail.log.

When I first configure postfix, I used the Thawtee certificates, available from here: http://www.verisign.com/support/roots. Basically, you should get a copy of Thawte_Premium_Server_CA.pem. Now, Gmail has changed this and you should use Equifax, Equifax_Secure_CA.pem, that can be found on http://www.geotrust.com/resources/root-certificates/.

Everything went fine by following these basic steps:

1. Create relay_password in /etc/postfix and edit as smtp.gmail.com logingmail.com:password@, then $ sudo postmap /etc/postfix/relay_password to update Postfix lookup table.
2. Add the certificates in /etc/postfix/certs, or any folder you like, then $ sudo c_rehash /etc/postfix/certs/ (i.e., rehash the certificates with Openssl).
3. Edit /etc/postfix/main.cf so that it includes the following lines:


relayhost = smtp.me.com:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/relay_password
smtp_sasl_security_options = noanonymous
smtp_tls_security_level = may
smtp_tls_CApath = /etc/postfix/certs
smtp_tls_session_cache_database = btree:/etc/postfix/smtp_scache
smtp_tls_session_cache_timeout = 3600s
smtp_tls_loglevel = 1
tls_random_source = dev:/dev/urandom

4. Then, just reload the Postfix process, with e.g. $ sudo postfix reload (a combination of start/stop works too).

Now, we can test that everything is working properly:

$ echo “Test 123” | mail -s “Test” user@domain.com

Look into /var/log/mail.log, or better use $ tail -f /var/log/mail.log in a different window while you send your email. If you see something like

… setting up TLS connection to smtp.gmail.com[209.85.227.109]:587
… Trusted TLS connection established to smtp.gmail.com[209.85.227.109]:587:\
    TLSv1 with cipher RC4-MD5 (128/128 bits)

then you succeeded.

Additional notes

You can choose a different port for the SMTP, e.g. 465.
It’s still possible to use SASL without TLS (the above steps are basically the same), but in both case the main problem is that your login informations are available in a plan text file… Also, should you want to use your MobileMe account, just replace the Gmail SMTP server by smtp.me.com.

---

Articles with the same tag(s):

El Capitan
Why I am still using Emacs
Tmux and OS X
OS X Yosemite
Some useful Mac Apps for data scientists
Collecting email usage statistics from mu
From Beamer to Deckset
Fixing some critical keyboard shortcuts in OS X terminal
A modular configuration for Emacs
Common lisp on Mavericks

---