Skip to content

Instantly share code, notes, and snippets.

@loziju
Last active August 29, 2024 03:01
Show Gist options
  • Save loziju/66d3f024e102704ff5222e54a4bfd50e to your computer and use it in GitHub Desktop.
Save loziju/66d3f024e102704ff5222e54a4bfd50e to your computer and use it in GitHub Desktop.
Configure postfix as relay for OS X

Configure postfix as relay for macOS Sierra – Sonoma

1. Edit postfix configuration file

  1. sudo vi /etc/postfix/main.cf
  2. Ensure that the following values are set:
    mail_owner = _postfix
    setgid_group = _postdrop
    
  3. Add the following lines at the end of the file:
    # Postfix as relay
    #
    #Gmail SMTP
    relayhost=smtp.gmail.com:587
    #Hotmail SMTP
    #relayhost=smtp.live.com:587
    #Yahoo SMTP
    #relayhost=smtp.mail.yahoo.com:465
    # Enable SASL authentication in the Postfix SMTP client.
    smtp_sasl_auth_enable=yes
    smtp_sasl_password_maps=hash:/etc/postfix/sasl_passwd
    smtp_sasl_security_options=noanonymous
    smtp_sasl_mechanism_filter=plain
    # Enable Transport Layer Security (TLS), i.e. SSL.
    smtp_use_tls=yes
    smtp_tls_security_level=encrypt
    tls_random_source=dev:/dev/urandom
    

2. Create sasl_passwd file

  1. sudo sh -c 'echo "\nsmtp.gmail.com:587 [email protected]:your_password" >> /etc/postfix/sasl_passwd' Replace [email protected] and your_password with actual values.
  2. sudo postmap /etc/postfix/sasl_passwd

3. Autorun postfix on boot and restart postfix

  1. Copy the postfix master plist out of System folder.

    sudo cp /System/Library/LaunchDaemons/com.apple.postfix.master.plist /Library/LaunchDaemons/org.postfix.custom.plist
    
  2. sudo vi /Library/LaunchDaemons/org.postfix.custom.plist

  3. Change the label value from com.apple.postfix.master to org.postfix.custom

    Remove these lines to prevent exiting after 60s

      <string>-e</string>
      <string>60</string>
    

    Add these lines before </dict>

      <key>KeepAlive</key>
      <true/>
      <key>RunAtLoad</key>
      <true/>
    
  4. Relaunch the daemon.

    sudo launchctl unload /Library/LaunchDaemons/org.postfix.custom.plist
    sudo launchctl load /Library/LaunchDaemons/org.postfix.custom.plist
    
  5. Check that daemon has started.

    sudo launchctl list | grep org.postfix
    

4. Turn on less secure apps for gmail

In Gmail we must switch on the option "Access for less secure apps", otherwise we will get the error: SASL authentication failed

5. Test

  1. echo "Test sending email from Postfix" | mail -s "Test Postfix" [email protected]

    Change [email protected] with valid email with mailbox access for easy checking.

  2. Check mail queue and possible delivery errors with mailq.

  3. Check mail log with tail -f /var/log/mail.log.

@iamtodor
Copy link

iamtodor commented Aug 26, 2020

It fails with sending:

two things:

  • connect to smtp.gmail.com[2a00:1450:4010:c05::6d]:587: No route to host and then it changes to SASL authentication failed; server smtp.gmail.com[64.233.162.108] said: 534-5.7.9 Application-specific password required. Learn more at?534 5.7.9 https://support.google.com/mail/?p=InvalidSecondFactor g19sm418196ljk.125 - gsmtp, however, I setup Allow less secure apps: ON
  • tail -f /var/log/mail.log >>> tail: /var/log/mail.log: No such file or directory

Does someone face and solve it?

@dfkotz
Copy link

dfkotz commented Aug 28, 2020

Thank you, this was very helpful. It worked for me on Catalina for sending mail via iCloud (because I have/want no gmail).

Some recommendations to update the documentation:

  • Change the title of this page to include Catalina, because the sequence still seems workable on Catalina.
  • In step 2, tell readers to be careful if their password includes whitespace or special characters. They will need to rewrite the command or (better) edit the file. Indeed, I recommend you change the instructions; instead of telling them to replace the email address and password on the commandline, run that command as-is and then sudo vi /etc/postfix/sasl_passwd to edit the file after it is created. This approach also avoids dropping your cleartext password into your bash history, which is poor practice.
  • In step 5, note that I and other commenters find no file /var/log/mail.log, at least on Catalina; I think one must look in the Console for syslog messages from postfix.
  • add this tip: If you fill your mail queue with failed messages, sudo postsuper -d ALL deferred
  • another tip: the simple use of mail to send a test message may not work; I found it labeled my outbound mail as being 'from' address [email protected], drawing from the MacOS username and the hostname of my laptop. Such messages appear to leave my machine but are never delivered. I could not find a way to convince mail (or mailx or Mail, which on MacOS are all the same tool) to set the From address, so I used mutt and set the 'from' and 'envelope' in .muttrc as follows:
set use_from
set from="David Kotz <[email protected]>"
set use_envelope_from
set envelope_from_address="David Kotz <[email protected]>"

Recommendations for iCloud users:

In step 1, use the following and comment out Gmail:

# iCloud SMTP
relayhost=smtp.mail.me.com:587

For reference, see helpful information from this Apple support page.
I think I needed to generate an app-specific password here.
I'm not sure this was necessary, but I strongly recommend it because it avoids placing your normal iCloud password, in cleartext, in the /etc/postfix/sasl_passwd file. In the event that password is compromised, or laptop lost, I assume it is possible to revoke that app-specific password from an interface on apple.com.

@dfkotz
Copy link

dfkotz commented Sep 11, 2020

Furthermore, in step 5, note that load/unload are deprecated from launchctl.

I found it sufficient to

sudo launchctl bootstrap system /Library/LaunchDaemons/org.postfix.custom.plist

but if you later need to edit that plist file, you'll need to stop and restart with

sudo launchctl bootout system /Library/LaunchDaemons/org.postfix.custom.plist
sudo launchctl bootstrap system /Library/LaunchDaemons/org.postfix.custom.plist

@loziju
Copy link
Author

loziju commented Sep 12, 2020

Thanks @dfkotz for your valuable feedback! I plan to upgrade to Catalina in few weeks' time and I'll spend some time then to also update the gist to reflect your feedback.

@ddracopo
Copy link

ddracopo commented Oct 3, 2020

In my case after moving to a new Catalina Macbook Pro the same configuration would not work (although the old machine was running Catalina too but it had been upgraded many times since 2017).

/var/mail/mail.log is not written any more in recent versions of MacOS but the following command would shown online the log of what is happening while attempting to send email:

log stream --predicate '(process=="smtpd") || (process == "smtp")' --info

This revealed that in the new machine the generic.db file in /etc/postfix was missing and it had to be generated from the generic file:

postmap /etc/postfix/generic

After this, everything worked.

@Azhrei
Copy link

Azhrei commented Oct 5, 2020

This revealed that in the new machine the generic.db file in /etc/postfix was missing and it had to be generated from the generic file:

postmap /etc/postfix/generic

I have a single account that I use on my Catalina MBP, but I often create "test users" for short-term use. When I send an email using one of these test accounts, I still want the outbound message to appear to originate from my true account. I put the following at the end of the generic file:

@mymac5.local    [email protected]

This tells the postfix server that email originating from any user on the local system (which has mymac5.local as the hostname) should appear to come from [email protected].

Until I made this change, I was receiving the following error from the SMTP server I am using as my relay:

to=<[email protected]>, relay=smtp.xxxx.com[74.208.5.2]:587, delay=1.1, delays=0.04/0.05/
0.94/0.08, dsn=5.0.0, status=bounced (host smtp.xxxx.com[74.208.5.2] said: 550-Requested
action not taken: mailbox unavailable 550 invalid DNS MX or A/AAAA resource record (in
reply to MAIL FROM command))

It appears that the relay server was verifying that the "from" address was actually using a valid domain name. This SMTP relay is the company that is currently hosting my web site, so they are likely just checking that a customer is using the server.

Maybe this will help out someone else. 🙂

@FaycalBESS
Copy link

hi, thanks a lot for this super-tuto
it worked well until the last MacOSX update, the postfix conf file location has changed and i really stuck on this.
Any advice please.

@Azhrei
Copy link

Azhrei commented Oct 7, 2021

hi, thanks a lot for this super-tuto
it worked well until the last MacOSX update, the postfix conf file location has changed and i really stuck on this.
Any advice please.

If the only problem was that the filename changed, it would be simple to just substitute the new filename into the instructions. I'm therefore going to posit that the issue is bigger than that. If you would like to clarify exactly what the issue is (by at least referencing step and substep in the OP), perhaps I could help. I'm using Big Sur currently and haven't had any additional problems (that I know of!).

@wealthychef1
Copy link

This still works well under Mac OS X Monterey in December 2021!

@Mth0158
Copy link

Mth0158 commented Feb 2, 2022

Still works in February 2022, thank you for the gist @loziju

@mariano-daniel
Copy link

Thank you, this was very helpful. It worked for me on Catalina for sending mail via iCloud (because I have/want no gmail).

Some recommendations to update the documentation:

  • Change the title of this page to include Catalina, because the sequence still seems workable on Catalina.
  • In step 2, tell readers to be careful if their password includes whitespace or special characters. They will need to rewrite the command or (better) edit the file. Indeed, I recommend you change the instructions; instead of telling them to replace the email address and password on the commandline, run that command as-is and then sudo vi /etc/postfix/sasl_passwd to edit the file after it is created. This approach also avoids dropping your cleartext password into your bash history, which is poor practice.
  • In step 5, note that I and other commenters find no file /var/log/mail.log, at least on Catalina; I think one must look in the Console for syslog messages from postfix.
  • add this tip: If you fill your mail queue with failed messages, sudo postsuper -d ALL deferred
  • another tip: the simple use of mail to send a test message may not work; I found it labeled my outbound mail as being 'from' address [email protected], drawing from the MacOS username and the hostname of my laptop. Such messages appear to leave my machine but are never delivered. I could not find a way to convince mail (or mailx or Mail, which on MacOS are all the same tool) to set the From address, so I used mutt and set the 'from' and 'envelope' in .muttrc as follows:
set use_from
set from="David Kotz <[email protected]>"
set use_envelope_from
set envelope_from_address="David Kotz <[email protected]>"

Recommendations for iCloud users:

In step 1, use the following and comment out Gmail:

# iCloud SMTP
relayhost=smtp.mail.me.com:587

For reference, see helpful information from this Apple support page. I think I needed to generate an app-specific password here. I'm not sure this was necessary, but I strongly recommend it because it avoids placing your normal iCloud password, in cleartext, in the /etc/postfix/sasl_passwd file. In the event that password is compromised, or laptop lost, I assume it is possible to revoke that app-specific password from an interface on apple.com.

Thank you @dfkotz ! So there is no possible way to achieve this with mail and not having to use mutt? I would like to use Darwin's native mail program. Thanks again!

@dfkotz
Copy link

dfkotz commented Apr 8, 2022

It may be possible to use mail instead of mutt, but I was unable to do so at the time. I've not tried again since 2020. Glad you found my tips helpful!

@dfkotz
Copy link

dfkotz commented Apr 8, 2022

@loziju please consider updating the original gist with the collective wisdom shared in all the comments.

@mariano-daniel
Copy link

mariano-daniel commented Apr 8, 2022 via email

@loziju
Copy link
Author

loziju commented Apr 10, 2022

@dfkotz I'm so sorry I haven't got the time to verify the suggested edits nor update the gist.
May I suggest that you fork it, edit it and let me know when done? Then I can just merge it to the current gist.
I'll also add acknowledgements to all of you who contributed to improving this gist!

@danielthomasdev
Copy link

Google no longer allows less secure apps, unfortunately.

@FaycalBESS
Copy link

Hello there
I have followed this tutorial on catalina and everything went well
know, i did the same on Monterey 12.5 and nope.... it wont
when i hit sudo launchctl unload /Library/LaunchDaemons/org.postfix.custom.plist i have an error :
Could not find specified service - Unload failed: 113: Could not find specified service
also when i hit tail -f /var/log/mail.log i got an error : tail: /var/log/mail.log: No such file or directory
Any update please ?
Thanks a lot

@dfkotz
Copy link

dfkotz commented Aug 13, 2022

Configure postfix as relay for macOS Monterey

I recently had to repeat this process on a brand-new M1 Macbook running MacOS 12.5 (Monterey).
Here is a rewrite of the full instructions, merging my tips from August and September 2020, but

  • I use iCloud so my examples focus on iCloud as the mail service.
  • I cannot test or verify Gmail instructions, so I left them unchanged.
  • I am using mutt instead of mail for sending mail, because I have not attempted mail again.

1. Edit postfix configuration file

  1. sudo vi /etc/postfix/main.cf
    Add the following lines at the end of the file:
# Postfix as relay
#
# iCloud SMTP
relayhost=smtp.mail.me.com:587
#Gmail SMTP
#relayhost=smtp.gmail.com:587
#Hotmail SMTP
#relayhost=smtp.live.com:587
#Yahoo SMTP
#relayhost=smtp.mail.yahoo.com:465
# Enable SASL authentication in the Postfix SMTP client.
smtp_sasl_auth_enable=yes
smtp_sasl_password_maps=hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options=noanonymous
smtp_sasl_mechanism_filter=plain
# Enable Transport Layer Security (TLS), i.e. SSL.
smtp_use_tls=yes
smtp_tls_security_level=encrypt
tls_random_source=dev:/dev/urandom

2. Configure mutt

I could not find a way to convince mail (or mailx or Mail, which on MacOS are all the same tool) to set the From address, so I used mutt - which I installed with Homebrew (brew install mutt). I configured mutt by creating file ~/.muttrc with the following content (with appropriate modifications to use your own name and email address):

set use_from
set from="My Name <[email protected]>"
set use_envelope_from
set envelope_from_address="My Name <[email protected]>"
set reply_to

3a. for iCloud users:

For reference, see helpful information from this Apple support page.
I also needed to generate an app-specific password here.

I strongly recommend this practice because it avoids placing your normal iCloud password, in cleartext, in the /etc/postfix/sasl_passwd file.
In the event that password is compromised, or laptop lost, it is possible to revoke the app-specific password from that same page on apple.com.

3b. for Gmail users: Turn on less secure apps (unverified)

In Gmail we must switch on the option "Access for less secure apps", otherwise we will get the error:
SASL authentication failed
(I have not verified this information is up-to-date in 2022)

4. Create sasl_passwd file

  1. sudo vi /etc/postfix/sasl_passwd
    Create this file with one of these lines, corresponding to your email provider:
    smtp.mail.me.com:587 [email protected]:your_password
    smtp.gmail.com:587 [email protected]:your_password
    smtp.live.com:587 [email protected]:your_password
    smtp.mail.yahoo.com:465 [email protected]:your_password
    Replace your_email and your_password with actual values.

    iCloud users: use the app-specific password generated in part 3a above.

  2. sudo postmap /etc/postfix/sasl_passwd
    to inform postfix of the creation or modification of the passwd file.

  3. sudo chmod 640 /etc/postfix/sasl_passwd*
    to prevent others from reading your password files.

5. Autorun postfix on boot and restart postfix

I found this step (creating org.postfix.custom) to be unnecessary.
I was able to send mail (with mutt) via postfix, either from the command-line or from scripts.
Indeed, I launch some scripts with personal launchctl plists, and they can send mail too.

However, if you do find it helpful or necessary, note that launchctl load should now be launchctl bootstrap, and launchctl unload should now be launchctl bootout.

6. Test

  1. echo "Test sending email from Postfix" | mutt -s "Test Postfix" [email protected]

    Change [email protected] with valid email with mailbox access for easy checking.

  2. Check mail queue and possible delivery errors with mailq.

    a. If you fill your mail queue with failed messages, sudo postsuper -d ALL deferred

@FaycalBESS
Copy link

Configure postfix as relay for macOS Monterey

I recently had to repeat this process on a brand-new M1 Macbook running MacOS 12.5 (Monterey). Here is a rewrite of the full instructions, merging my tips from August and September 2020, but

  • I use iCloud so my examples focus on iCloud as the mail service.
  • I cannot test or verify Gmail instructions, so I left them unchanged.
  • I am using mutt instead of mail for sending mail, because I have not attempted mail again.

1. Edit postfix configuration file

  1. sudo vi /etc/postfix/main.cf
    Add the following lines at the end of the file:
# Postfix as relay
#
# iCloud SMTP
relayhost=smtp.mail.me.com:587
#Gmail SMTP
#relayhost=smtp.gmail.com:587
#Hotmail SMTP
#relayhost=smtp.live.com:587
#Yahoo SMTP
#relayhost=smtp.mail.yahoo.com:465
# Enable SASL authentication in the Postfix SMTP client.
smtp_sasl_auth_enable=yes
smtp_sasl_password_maps=hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options=noanonymous
smtp_sasl_mechanism_filter=plain
# Enable Transport Layer Security (TLS), i.e. SSL.
smtp_use_tls=yes
smtp_tls_security_level=encrypt
tls_random_source=dev:/dev/urandom

2. Configure mutt

I could not find a way to convince mail (or mailx or Mail, which on MacOS are all the same tool) to set the From address, so I used mutt and created ~/.muttrc as follows (with appropriate modifications to use your own name and email address):

set use_from
set from="My Name <[email protected]>"
set use_envelope_from
set envelope_from_address="My Name <[email protected]>"
set reply_to

3a. for iCloud users:

For reference, see helpful information from this Apple support page. I also needed to generate an app-specific password here.

I strongly recommend this practice because it avoids placing your normal iCloud password, in cleartext, in the /etc/postfix/sasl_passwd file.
In the event that password is compromised, or laptop lost, it is possible to revoke the app-specific password from that same page on apple.com.

3b. for Gmail users: Turn on less secure apps (unverified)

In Gmail we must switch on the option "Access for less secure apps", otherwise we will get the error: SASL authentication failed (I have not verified this information is up-to-date in 2022)

4. Create sasl_passwd file

  1. sudo vi /etc/postfix/sasl_passwd
    Create this file with one of these lines, corresponding to your email provider:
    smtp.mail.me.com:587 [email protected]:your_password
    smtp.gmail.com:587 [email protected]:your_password
    smtp.live.com:587 [email protected]:your_password
    smtp.mail.yahoo.com:465 [email protected]:your_password
    Replace your_email and your_password with actual values.

    iCloud users: use the app-specific password generated in part 3a above.

  2. sudo postmap /etc/postfix/sasl_passwd
    to inform postfix of the creation or modification of the passwd file.
  3. sudo chmod 640 /etc/postfix/sasl_passwd*
    to prevent others from reading your password files.

5. Autorun postfix on boot and restart postfix

I found this step (creating org.postfix.custom) to be unnecessary. I was able to send mail (with mutt) via postfix, either from the command-line or from scripts. Indeed, I launch some scripts with personal launchctl plists, and they can send mail too.

However, if you do find it helpful or necessary, note that launchctl load should now be launchctl bootstrap, and launchctl unload should now be launchctl bootout.

6. Test

  1. echo "Test sending email from Postfix" | mutt -s "Test Postfix" [email protected]
    Change [email protected] with valid email with mailbox access for easy checking.
  2. Check mail queue and possible delivery errors with mailq.
    a. If you fill your mail queue with failed messages, sudo postsuper -d ALL deferred

Thanks a lot David, I will go thru these steps.
just please can you tell me how to configure Mutt (step 2)
are these commands to put in terminal or any lines to add to a certain file, sorry I'm really what we can call "a newbie"
thanks for your answer dear

@dfkotz
Copy link

dfkotz commented Aug 14, 2022

just please can you tell me how to configure Mutt (step 2)
are these commands to put in terminal or any lines to add to a certain file,....

Those lines are the content of the file ~/.muttrc; use any plain-text editor to create the file. I've updated my post to clarify.

@FaycalBESS
Copy link

just please can you tell me how to configure Mutt (step 2)
are these commands to put in terminal or any lines to add to a certain file,....

Those lines are the content of the file ~/.muttrc; use any plain-text editor to create the file. I've updated my post to clarify.

Thank you very much dear.
I will do it immediately and post here the result.
thank you again

@FaycalBESS
Copy link

IT WOOOORKKKS super
thanks a lot dear David

@FaycalBESS
Copy link

mutt is working via shell, but not with my php.mail() function
is there any additional settings to do or maybe in mamp pro conf or in php.ini file?
thank you for your help david

@FaycalBESS
Copy link

hello @dfkotz
I have explored many solutions and now, i think i could know more about the problem,
i have this error message
(Cannot start TLS: handshake failure)
any advice pease??

@gingerbeardman
Copy link

Thanks @dfkotz my gmail is working it in Monterey!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment