How to Configure Postfix as SMTP Relay for Google Apps on Ubuntu Server


2 views

When integrating a Ubuntu server with Google Apps' SMTP service, we're essentially configuring Postfix to act as a relay client. This setup differs from traditional mail server configurations because we're leveraging Google's infrastructure while maintaining domain authenticity.

First, ensure all necessary packages are installed:

sudo apt-get update
sudo apt-get install postfix mailutils libsasl2-modules sasl2-bin

During Postfix installation, select "Internet Site" and enter your domain (foobar.com in this case).

Edit the main Postfix configuration file:

sudo nano /etc/postfix/main.cf

Make these key modifications:

# Basic settings
myhostname = mail.foobar.com
mydomain = foobar.com
myorigin = $mydomain
inet_interfaces = loopback-only
mydestination = $myhostname, localhost.$mydomain, localhost

# Relay settings
relayhost = [smtp.gmail.com]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_security_level = encrypt
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt

Create the SASL password file:

sudo nano /etc/postfix/sasl_passwd

Add your Google Apps SMTP credentials (use an App Password if 2FA is enabled):

[smtp.gmail.com]:587 username@foobar.com:app-specific-password

Then secure and compile the password file:

sudo chmod 600 /etc/postfix/sasl_passwd
sudo postmap /etc/postfix/sasl_passwd

To support multiple sender addresses (forum@, shop@, etc.), configure sender canonical maps:

sudo nano /etc/postfix/sender_canonical

Add mappings like:

forum@foobar.com username@foobar.com
shop@foobar.com username@foobar.com

Compile the map and add to main.cf:

sudo postmap /etc/postfix/sender_canonical

Add to main.cf:

sender_canonical_maps = hash:/etc/postfix/sender_canonical

After restarting Postfix (sudo systemctl restart postfix), test with:

echo "Test message" | mail -s "Postfix Test" your-email@foobar.com

Check logs for errors:

tail -f /var/log/mail.log

For PHP applications, modify php.ini:

sendmail_path = /usr/sbin/sendmail -t -i

For cron jobs, ensure MAILTO is set:

MAILTO=admin@foobar.com
0 3 * * * /path/to/backup.sh

If emails fail with "Relay access denied":

1. Verify Google Apps SMTP access is enabled in Admin Console
2. Check if "Less secure apps" is enabled (if not using App Passwords)
3. Confirm firewall isn't blocking outbound port 587

When integrating a Ubuntu server with Google Apps for email delivery, we need to configure Postfix as an SMTP relay while maintaining domain authentication. Here's the technical breakdown of what we're building:

Internet → Local Applications → Postfix (Ubuntu) → Google SMTP → Recipients

First, install Postfix and required dependencies:

sudo apt-get update
sudo apt-get install postfix mailutils libsasl2-modules sasl2-bin

During installation, select "Internet Site" and enter your domain name (foobar.com in this case). Then configure the main Postfix file:

sudo nano /etc/postfix/main.cf

# Add/modify these parameters:
myhostname = mail.foobar.com
mydomain = foobar.com
myorigin = $mydomain
relayhost = [smtp.gmail.com]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_security_level = encrypt
header_size_limit = 4096000

Create the SASL password file with your Google Apps credentials:

sudo nano /etc/postfix/sasl_passwd

[smtp.gmail.com]:587 username@foobar.com:yourpassword

Then secure and compile the credentials:

sudo chmod 600 /etc/postfix/sasl_passwd
sudo postmap /etc/postfix/sasl_passwd

To support multiple sender addresses (shop@, forum@, etc.), configure address rewriting:

sudo nano /etc/postfix/sender_canonical

# Map local users to domain addresses
www-data forum@foobar.com
root admin@foobar.com
shop shop@foobar.com

Add these lines to main.cf:

sender_canonical_maps = hash:/etc/postfix/sender_canonical
smtp_generic_maps = hash:/etc/postfix/generic

After restarting Postfix (sudo systemctl restart postfix), test the configuration:

echo "Test email body" | mail -s "Test Subject" recipient@example.com -- -f "shop@foobar.com"

Check the mail logs for errors:

sudo tail -f /var/log/mail.log

For production systems, consider adding these security measures to main.cf:

smtpd_client_restrictions = permit_mynetworks,reject
smtpd_helo_restrictions = reject_invalid_hostname
smtpd_sender_restrictions = reject_unknown_sender_domain

If emails get rejected by Google's servers, check these common problems:

  1. Enable "Less Secure Apps" in Google Admin Console temporarily during setup
  2. Verify you're using App Password if 2FA is enabled
  3. Check for IP restrictions in Google Admin → Security → API controls

For more secure authentication, configure OAuth2 with Postfix:

# In main.cf:
smtp_sasl_mechanism_filter = xoauth2
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd_oauth
smtp_sasl_security_options = noanonymous,noplaintext