Easy Email-relay setup with Debian and Postfix using your Gmail account

When your homelab suddenly becomes critical, isn’t it nice to get notifications if something happens? Indeed, and it’s nice to have an SMTP-host in your network that can relay all email without tinkering with your Google account every single time you need to configure email in your apps and services.

Starting with a Debian 11 LXC (from the templates in Proxmox) you only need to make a few steps to have Postfix working

First you need the sasl2-libs

# apt install libsasl2-modules

Add the following to /etc/postfix/main.cf

relayhost = [smtp.gmail.com]:587
smtp_sasl_auth_enable = yes
smtp_tls_CAfile = /etc/postfix/cacert.pem
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_use_tls = yes
inet_interfaces = all

Regarding inet_interfaces it may be set to «loopback-only» by default, thus not accepting incoming traffic on port 25. If you have multiple ports/IPs and want different config for these – check Postfix documentation.

Add the Verisign Certificate Authority to Postfix’s CA file:

# tee -a will append contents to file if file already exists
cat /etc/ssl/certs/VeriSign_Universal_Root_Certification_Authority.pem | tee -a /etc/postfix/cacert.pem

Next you need to generate a Gmail App Password for use with the sasl_password file. Go to App Passwords on your Google Security Tab and create one. Select “Other (Custom name)” and copy the 16 characters.

Then edit /etc/postfix/sasl_password and add the following info

[smtp.gmail.com]:587    USERNAME@gmail.com:APP_PASSWORD

Replace USERNAME with your gmail username and APP_PASSWORD with the 16 characters you just copied (remove any spaces!)

Set the correct permissions on the file

chmod 400 /etc/postfix/sasl_passwd

Use Postmap to generate the sasl_passwd.db file

/usr/sbin/postmap sasl_passwd

Restart the Postfix service

/etc/init.d/postfix reload

If you did all steps correctly you should be able to send email from this LXC without issues

echo "Subject: Test mail from postfix" | sendmail -v USERNAME@gmail.com

Verify the logs and see if you did everything correctly

root@Postfix:/etc/postfix# tail -f /var/log/mail.log 
May  3 06:31:23 Postfix postfix/postfix-script[1279]: starting the Postfix mail system
May  3 06:31:23 Postfix postfix/master[1281]: daemon started -- version 3.5.6, configuration /etc/postfix
May  3 06:32:11 Postfix postfix/pickup[1283]: CCFC45E1B: uid=0 from=<root>
May  3 06:32:11 Postfix postfix/cleanup[1296]: CCFC45E1B: message-id=20220503063211.CCFC45E1B@Postfix.localdomain
May  3 06:32:11 Postfix postfix/qmgr[1284]: CCFC45E1B: from=<root@Postfix.localdomain>, size=268, nrcpt=1 (queue active)
May  3 06:32:13 Postfix postfix/smtp[1298]: CCFC45E1B: to=<USERNAME@gmail.com>, relay=smtp.gmail.com[]:587, delay=7, delays=5.3/0.04/0.5/1.1, dsn=2.0.0, status=sent (250 2.0.0 OK  1651559533 n21-20020a2e86d5000000b0024cac53a82csm1248338ljj.0 – gsmtp)