Problem
Recently I upgraded to Mountain Lion, and getting some things like Postfix to work out of the box has been a chore. Normally when you configure Outlook or Thunderbird email, you must provide separate settings for sending and receiving email. Generally you'll see imap.myisp.com for reading mail and smtp.myisp.com for sending. The standard mail port is 25, but with the exploitation of open mail relays and spamming, you'll need to configure some sort of authentication and/or encryption when transmitting your message.Just for giggles, I tried to send a quick message via the builtin text mail program, and here's what I saw:
$ mail ladiesman@gmail.com
Subject: Testing
blah blah blah
.
EOT
In /var/log/mail.log:
Apr 13 23:53:37 poly.ftrdhcpuser.net postfix/smtp[23687]: connect to alt1.gmail-smtp-in.l.google.com[2607:f8b0:400d:c02::1a]:25: No route to host
This happens because gmail.com has an MX record (MX records specify other machines for mail delivery options):
$ nslookup > set q=mx > gmail.com Server: 192.168.1.1 Address: 192.168.1.1#53 Non-authoritative answer: gmail.com mail exchanger = 5 gmail-smtp-in.l.google.com. gmail.com mail exchanger = 10 alt1.gmail-smtp-in.l.google.com. gmail.com mail exchanger = 20 alt2.gmail-smtp-in.l.google.com. gmail.com mail exchanger = 30 alt3.gmail-smtp-in.l.google.com. gmail.com mail exchanger = 40 alt4.gmail-smtp-in.l.google.com.
And Google likely doesn't allow port 25 mail transmission for security purposes, so trying to telnet to port 25 of any of these hosts results in a timeout.
Getting Postfix to Run at Boot
MacOS uses this annoying launchctl tool rather than the old Bourne-shell based /etc/rc system we remember from our UNIX days. It's more powerful and uses noisy XML files. Anyway, to understand the various settings you will want to take a look at the manpage for it via: man 5 launchd.plist.
At any rate, here are the contents of my /System/Library/LaunchDaemons/org.postfix.master.plist
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>Label</key> <string>org.postfix.master</string> <key>Program</key> <string>/usr/libexec/postfix/master</string> <key>ProgramArguments</key> <array> <string>master</string> </array> <key>QueueDirectories</key> <array> <string>/Library/Server/Mail/Data/spool</string> </array> <key>AbandonProcessGroup</key> <true/> <key>RunAtLoad</key> <true/> </dict> </plist>
The key components to note here are the removal of the -e 60 that was there in the command-line for Postfix master or Postfix will exit after that specified amount of time and won't continue to deliver email. Also you will want the RunAtLoad setting enabled so that it launches at the time you load the file
$ sudo launchctl load /System/Library/LaunchDaemons/org.postfix.master.plistNote that there are many examples floating around on the Internet using the OnDemand switch. According to the documentation, this has been deprecated, and I couldn't get it to work right by setting it to false anyway. If you want to dial in the behavior, they have a new KeepAlive switch for that. There are a couple of caveats with this plist file. If you try to stop Postfix using sudo postfix stop, launchctl will re-launch it automatically on your behalf. For fatal configuration problems, this will cause a re-launch loop until you unload the plist file. The problem is that if you relinquish control from launchctl and try to manually start/stop Postfix, you lose the process tracking feature of the tool.
Postfix Settings
Most of the settings that others provided were helpful, but there was one that cost me hours of aggravation. I'm hoping that by providing the correction I may save someone else the same pain. Postconf -n will show you the explicit settings you've put into main.cf. Here are the relevant ones for this problem.relayhost = smtp.gmail.com:587 smtp_generic_maps = hash:/etc/postfix/generic smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_sasl_security_options = smtp_tls_security_level = encrypt smtp_use_tls = yes
You don't have to use the generic maps, but what this does is give you is the ability to rewrite the from address to be your gmail address. Here's an example I snarfed by searching:
clint@poly.local ladiesman@gmail.com @poly.local ladiesman@gmail.com
The sasl_passwd should look like:
smtp.gmail.com ladiesman@gmail.com:<Googlepassword>
Remember to regenerate your databases using sudo postmap <mapfile> after you've edited sasl_passwd or generic.
NOTE: The relayhost specifies port 587, but the sasl_passwd does NOT. This is important. At first I followed all the instructions online saying that it needs to match exactly what you put in the relayhost. This is WRONG. Postfix refused to use SASL authentication until I tried this. I had stmp.gmail.com:587. I also tried using square brackets around the hostname to avoid MX lookups. I was up until 3am trying to debug this.
Also bear in mind that if you have enabled 2-step verification, you will need to use an application-specific password rather than your regular Google password.
Credits
Thanks to the following articles which helped me along this journey:http://slashusr.wordpress.com/2012/02/14/enabling-postfix-for-outbound-relay-via-gmail-on-os-x-lion-11/
http://benjaminrojas.net/configuring-postfix-to-send-mail-from-mac-os-x-mountain-lion/
Feedback
Please leave a comment if you have any feedback, thanks...