Configuring gmail as a mail relay with two factor authentication - Ubuntu
Whilst I was looking through the syslog on my home server on an unrelated matter, I noticed some messages along the lines of:
Jan 5 11:36:54 localhost postfix/smtp: 75858A424AC: SASL authentication failed; server smtp.gmail.com[22.214.171.124] said: 534-5.7.9 Appl ication-specific password required. Learn more at?534 5.7.9 https://support.google.com/mail/?p=InvalidSecondFactor f67sm99639626wmd.13 - gsmtp
The key part of the messages being SASL authentication failed and Appl ication-specific password required . Come to think of it, I hadn't had any emails from the server for a while. In fact, from around about the time I turned on two factor authentication.
After some research I managed to piece together what needed to be done to allow two factor authentication for postfix on Ubuntu. In case you haven't to set up gmail as a SMTP relay before, here's the steps to set it up.
Configure /etc/postfix/main.cf as follows:
# Relaying Postfix SMTP via GMAIL relayhost = [smtp.gmail.com]:587 smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_sasl_security_options = noanonymous smtp_tls_CAfile = /etc/postfix/cacert.pem smtp_use_tls = yes
Add you gmail credentials to /etc/postfix/sasl_passwd
Make sure perms of this file are secure, i.e.
r-------- 1 root root 65 Jan 5 11:36 sasl_passwd
Compile and hash contents of /etc/postfix/sasl_passwd
systemctl restart posfix
You'll need to set up gmail to allow less secure apps. The procedure is here: https://support.google.com/accounts/answer/6010255
If you have enabled two factor authentication on your google account, these are the extra steps required:
select app > Mail , select device > Other (Custom Name) > create a name > Generate
Add the application specific pssword generated to sasl_passwd replacing the one already there:
run: postmap /etc/postfix/sasl_passwd
restart postfix and you're done.