UPDATE: A new post is better organized for the current macOS.
You might want to use Google apps mail or Gmail for your outbound SMTP server on on your Apple Macintosh running macOS High Sierra. Postfix can be configured easily for this and then scripts and applications can send mail outside your Apple computer. There is no need to configure the server portion of SMTP (smtpd), just configure the smtp client. You do not need to create any certificates either. You can use the anonymous ciphers but you will need to validate the Google Thawte certificate presented in the TLS handshake (not required). This post will show how to do it.
First create /etc/postfix/relay_password with the server name, email account name and password as shown below. This cofiguration works with Gmail accounts as well as with Google hosted personal domain email accounts. It also works with both Google smtp servers shown below. You will most likely need to preface all these commands with "sudo" to gain the needed privileges.
smtp.googlemail.com youremail@gmail.com:yourpassword
smtp.gmail.com youremail@googlehosteddomain.com:yourpassword.db file.postmap /etc/postfix/relay_passwordpostmap -q smtp.gmail.com /etc/postfix/relay_password
You will need to retrieve the Thawte Premium Server CA from https://www.verisign.com/support/roots.html.
unzip -j roots.zip
cd /etc/postfix/certs
openssl x509 -inform der -in ThawtePremiumServerCA.cer -out
ThawtePremiumServerCA.pem
c_rehash /etc/postfix/certsNow you are ready to configure postfix. Add these lines to the bottom of /etc/postfix/main.cf
# 2018-08-09
relayhost = smtp.googlemail.com:587
#
compatibility_level = 2
# auth
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/relay_password
smtp_sasl_security_options = noanonymous
smtp_sasl_mechanism_filter = login auth
# tls
smtp_tls_security_level = may
smtp_tls_CApath = /etc/postfix/certs
smtp_tls_session_cache_database = btree:/etc/postfix/smtp_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_tls_loglevel = 1
tls_random_source = dev:/dev/urandom
Test now by using /usr/bin/mail to send an email. You can check /var/log/mail.log to see if it worked without errors. Launchd watches a directory and will startup when the test email is sent.
You may need to let postfix re-read the config files. Use launchctl to stop the process. It will automatically restart and read the config edits.
sudo launchctl stop com.apple.postfix.master. You can also restart with sudo postfix stop && sudo postfix start.
Many references were used to finally get this figured out. One of the best was imamba.
UPDATE: macOS High Sierra: Added smtp_sasl_mechanism_filter = login auth and compatibility_level = 2. Looks like /var/log/mail.log is gone. Oddly there are two launchd files for postfix now. I unloaded one with launchctl unload -w org.postfix.master.plist leaving the com.apple.postfix.master.plist
Paul - This is an extraordinary piece of work! 1) it was clear 2) It WORKED!
ReplyDeleteIs it possible have multiple google accounts and send mail to/from
a selected identity?
Thanks for solving a huge problem!
J3, I don't know of anyway to do multiple accounts. This is a system wide setup for postfix.
ReplyDeleteGlad the post was useful.
-- Paul
Paul-
ReplyDeleteThis worked beautifully for the past month and then all of a sudden it stopped sending emails from one of my gmail accounts. I have been blasting out a couple hundred messages at a time...Is it possible I have been flagged as a spammer? I am able not able to send out using the smtp server even in apple iMail. The other gmail accounts are fine. How do I resolve this or debug it?
J3, You may have to overcome the CAPTCHA lock. Take a look at this page. http://www.gmailhelp.com/recent-articles/unlocking-googles-gmail-captcha/
ReplyDeleteThis account is not a google apps account just a vanilla gmail account. There is some traffic how they
ReplyDeletelockup accounts for 24 hours....is there a similar CATCHA unlock for non google app accounts?
P.S.
By the way, do you have any experience working with
http://code.google.com/apis/documents/docs/3.0/developers_guide_protocol.html
I cant figure out how to form an authenticated get request.
You can get a feed containing a list of the currently authenticated user's documents by sending an authenticated GET request to the following URL:
https://docs.google.com/feeds/default/private/full
The result is a feed that lists the user's documents; each entry in the feed represents a document associated with the user. This feed is accessible only using an authentication token.
I do have the option of sending mail out through comcast but can not figure out a comparable script for smtp.comcast.net....any ideas?
ReplyDeleteThanks.......
J3,
ReplyDeleteI Googled "unlock gmail captcha" and got this link for gmail accounts. https://www.google.com/accounts/DisplayUnlockCaptcha
Using comcast would be very similar if they use SSL/TLS for authentication. Try it by substituting all the comcast servers and accounts in the procedure. Good luck.
wow, you are a genius! ... and saved my night ... I searched "the whole" web but couldn't find any solution which worked for me.
ReplyDeletefor somebody who has never done anything with certificates it looks quiet tough, but it's actually done in 20min ...
and it works! totally awesome. each of your commands worked perfectly ... I only had some problems between the unzipping step and to coping to the certs directory. the certs directory wasn't there so I actually created it and afterwards copied the files by gui into the directory.