Skip to content

Instantly share code, notes, and snippets.

@ObjSal

ObjSal/mail_postfix_config.md

Last active October 19, 2024 20:42
Show Gist options
  • Save ObjSal/e4ada6aa42dc44ad7c71f88795fec8ff to your computer and use it in GitHub Desktop.
Save ObjSal/e4ada6aa42dc44ad7c71f88795fec8ff to your computer and use it in GitHub Desktop.
Download ZIP
Mail Postfix Configuration on macOS
Raw
mail_postfix_config.md

How to configure postfix mail for iCloud & GMail

Perfect to configure alertnotify in bitcoin.conf for bitcoind
i.e. alertnotify=echo %s | mail -a "From: Sender <[email protected]>" -s "Bitcoin Alert" [email protected]

On Linux, Raspberry Pi, Debian, Ubuntu install:

$ sudo apt-get install postfix mailutils libsasl2-modules

Includes examples on how to:

  1. send email from terminal using mail
  2. attach a single file using uuencode or sendmail
  3. attach multiple files using mutt

iCloud

Edit the postfix main config file
$ sudo vi /etc/postfix/main.cf
Add the following lines

relayhost = [smtp.mail.me.com]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_generic_maps = hash:/etc/postfix/generic
smtp_sasl_security_options = noanonymous
smtp_use_tls = yes
smtp_sasl_mechanism_filter = plain

Create/Edit sasl_passwd
Create a new App Password on https://appleid.apple.com
$ sudo vi /etc/postfix/sasl_passwd
Add the following line
[smtp.mail.me.com]:587 [email protected]:insert_app_password_here

Secure the sasl_passwd file
$ sudo chmod 400 /etc/postfix/sasl_passwd

Edit the generic maps
$ sudo vi /etc/postfix/generic
Add the following line
[email protected] [email protected]

Read the map files

$ sudo postmap /etc/postfix/sasl_passwd
$ sudo postmap /etc/postfix/generic

Restart postfix on macOS:

$ sudo launchctl stop org.postfix.master 
$ sudo launchctl start org.postfix.master

on Linux:

$ sudo systemctl reload postfix

Test
$ echo "email body" | mail -a "From: Sender <[email protected]>" -s "Email Subject" [email protected]

If, for whatever reason, it doesn't work, check the logs as follows:

$ cat /var/log/mail.log

Send files

  1. Using uuencode
# Some people call it the ancient way of sending files, but it works and it's simple
$ uuencode ~/Downloads/1228.jpeg ~/Downloads/1228.jpeg | mail -s "file attached 2" [email protected]
  1. Using sendmail
    The verbose but controlled way, can even overwrite the sender email address
$ ( printf '%s\n' \
    "Subject: AptoPunks #1228 $(date)" \
    "MIME-Version: 1.0" \
    "Content-type: image/jpeg; name=\"1228.jpeg\"" \
    "Content-Transfer-Encoding: base64" \
    ""
    base64 < ~/Downloads/1228.jpeg ) | sendmail -t [email protected]
  1. Using sendmail to send multiple files (only the body example)
Content-Type: multipart/mixed; boundary="1cleqPdUuGeYxzy/"
Content-Disposition: inline

--1cleqPdUuGeYxzy/
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

See two punks attached

--1cleqPdUuGeYxzy/
Content-Type: image/jpeg
Content-Disposition: attachment; filename="1228.jpeg"
Content-Transfer-Encoding: base64


--1cleqPdUuGeYxzy/
Content-Type: image/jpeg
Content-Disposition: attachment; filename="2478.jpeg"
Content-Transfer-Encoding: base64


--1cleqPdUuGeYxzy/--
  1. Alternatively install mutt to send attachments easily
$ brew install mutt
$ echo "See two punks attached" | mutt -s "Punk #2478 and Punk #1228" \
 -a ~/Downloads/1228.jpeg \
 -a ~/Downloads/2478.jpeg \
-- [email protected]

Gmail

Edit the postfix main config file
$ sudo vi /etc/postfix/main.cf
Add the following lines
Comment smtp_generic_maps if it's set

relayhost = [smtp.gmail.com]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_use_tls = yes
smtp_sasl_mechanism_filter = plain

Create/Edit sasl_passwd
Create a new App Password https://myaccount.google.com/apppasswords
$ sudo vi /etc/postfix/sasl_passwd
Add the following lines
[smtp.gmail.com]:587 [email protected]:insert_app_password_here

Secure the file
$ sudo chmod 400 /etc/postfix/sasl_passwd

Make sure there aren't any maps in /etc/postfix/generic
$ sudo vi /etc/postfix/generic

Read the map files
$ sudo postmap /etc/postfix/sasl_passwd

Restart postfix on macOS:

sudo launchctl stop org.postfix.master
sudo launchctl start org.postfix.master

on Linux:

$ sudo systemctl reload postfix

References

  1. https://apple.stackexchange.com/a/92205
  2. https://support.apple.com/en-us/HT202304
  3. https://apple.stackexchange.com/a/273325
  4. https://roll.urown.net/server/bitcoin/bitcoin-full-node.html
  5. https://balmer.name/howtos-linux/bitcoind/
Raw
main.cf (raspberry)
# /etc/postfix/main.cf
#
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
#
# Reference:
# - https://www.postfix.org/postconf.5.html
# - https://www.postfix.org/SASL_README.html
# Gmail SMTP Server
relayhost = [smtp.gmail.com]:587
# Enable SASL authentication
smtp_sasl_auth_enable = yes
# Client lookup tables with one username:password entry per sender, remote hostname or next-hop domain.
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
# Allow plaintext mechanism, but only over a TLS-encrypted connection
# noanonymous - Don't use mechanisms that permit anonymous authentication.
# noplaintext - Don't use mechanisms that transmit unencrypted username and password information.
smtp_sasl_security_options = noanonymous, noplaintext
smtp_sasl_tls_security_options = noanonymous
# use TLS when a remote SMTP server announces STARTTLS support, otherwise send the mail in the clear
smtp_use_tls = yes
# Client filter for the remote SMTP server's list of offered SASL mechanisms
smtp_sasl_mechanism_filter = plain
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Raspbian)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
readme_directory = no
# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
# fresh installs.
compatibility_level = 2
# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_security_level=may
smtp_tls_CApath=/etc/ssl/certs
smtp_tls_security_level=may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = raspberrypi
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination = $myhostname, raspberrypi, localhost.localdomain, , localhost
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment