With a bit of help from an online tutorial, I've figured out how to relay outbound mail through Gmail. (Of course, that means that I'm sending mail out through a specific Gmail account, not just randomly relaying a bunch of mail through Gmail as if it were an open relaying mail server.)
There are a few different handy things you could do with this. For example, you could send notifications or alerts to your Gmail account without having to worry about the sending reputation of your alerting server, hoping that mail doesn't land in the spam folder. Or if you're running Linux at home and don't have a dedicated IP address and/or it's not easy for you to relay through somebody else's mail server, here's a way for your laptop to send email using Gmail. System alerts, crontab output, whatever, you could configure it to automatically relay it through Gmail.
I am sure that this doesn't work very well as a spam engine. Gmail has some very restrictive rate limiting in place and you're not going to be able to relay millions of email messages through this particular conduit.
From a security perspective, I feel good about this process. I'm using Google's "Two step verification" 2FA with both a security key and codes from an authenticator app. Then I set up an "app password" to place in my postfix configuration. That app password allows me to send/receive mail, but does not allow anyone to login to the Google account nor can they change any account settings. You really should be using 2FA to protect your own Gmail account (but avoid using the SMS step if at all possible).
Let's get started. I'm mostly just working from this guide. (The colors in that guide are such that it's difficult for me to read -- apologies if that's the case for you as well. Copy and paste the text out into a text editor if needed.)
Configure your Google account to use 2FA.
Configure an "app password" to put in your Postfix configuration.
Assuming your Postfix install already has SASL support, configure /etc/postfix/sasl_passwd to add this line: smtp.gmail.com:587(tab)youruserID@gmail.com:app-password-goes-here
Set your "relayhost" setting in the Postfix main.cf to point to [smtp.gmail.com]:587.
Run "postmap /etc/postfix/sasl_passwd" and "postfix reload" and test!
In my case...it just worked! And it's pretty slick. Here's a couple of things to keep in mind:
The number of messages you can send per day is pretty low. On a new account it seems to be top out before you hit 25 messages. Maybe you can send more with an account that has a long good history, I'm not sure. We'll see. But don't expect to send a ton of mail this way.
Gmail's going to rewrite the from address to be your Gmail address. The original from address will end up in the "X-Original-From" header.
Optional: You could get fancy and configure /etc/postfix/header_checks so that mail is relayed via the Gmail conduit ONLY if a particular x-header is present in the email message being sent. I tested this and it seems to work fine. One question is, can I set up multiple accounts to relay through, choosing a certain account when sending to/from certain people? I might need to test that.
Even with the message volume limitations being pretty restrictive, I'm probably going to get some good use out of this, myself. And I hope you will, too!
August 6, 2021 Update: If you run into the error "4.7.0, status=deferred (SASL authentication failed; cannot authenticate to server smtp.gmail.com: no mechanism available" when trying to send mail, maybe your system is missing necessary libsasl2-modules -- see here for more info.
With a bit of help from an online tutorial, I've figured out how to relay outbound mail through Gmail. (Of course, that means that I'm sending mail out through a specific Gmail account, not just randomly relaying a bunch of mail through Gmail as if it were an open relaying mail server.)
I am sure that this doesn't work very well as a spam engine. Gmail has some very restrictive rate limiting in place and you're not going to be able to relay millions of email messages through this particular conduit.
From a security perspective, I feel good about this process. I'm using Google's "Two step verification" 2FA with both a security key and codes from an authenticator app. Then I set up an "app password" to place in my postfix configuration. That app password allows me to send/receive mail, but does not allow anyone to login to the Google account nor can they change any account settings. You really should be using 2FA to protect your own Gmail account (but avoid using the SMS step if at all possible).
Let's get started. I'm mostly just working from this guide. (The colors in that guide are such that it's difficult for me to read -- apologies if that's the case for you as well. Copy and paste the text out into a text editor if needed.)
smtp.gmail.com:587(tab)youruserID@gmail.com:app-password-goes-here
In my case...it just worked! And it's pretty slick. Here's a couple of things to keep in mind:
Even with the message volume limitations being pretty restrictive, I'm probably going to get some good use out of this, myself. And I hope you will, too!
August 6, 2021 Update: If you run into the error "4.7.0, status=deferred (SASL authentication failed; cannot authenticate to server smtp.gmail.com: no mechanism available" when trying to send mail, maybe your system is missing necessary libsasl2-modules -- see here for more info.
Comments
Post a Comment
Comments policy: Al is always right. Kidding, mostly. Be polite, please and thank you.