Configuring Postfix as a Gmail Relay on FreePBX Distro

This method has been tested on the Free PBX Distro versions 1.811.210.57-2 and 4.211.64-8 with excellent results.

When setting out to configure Postfix to use Gmail as a relay many how-to’s were found but most of them were either incomplete or complex, however, a tutorial by Charles Auer at http://charlesa.net/tutorials/centos/postfix-as-gmail-relay-centos.php provided all the information necessary to set up Postfix as a Gmail relay on FreePBX Distro Systems.

Here are simple instructions derived from that tutorial:

  1. A working Gmail account is required. If more than one FreePBX system is involved the best way is to open a new Gmail account for each FreePBX system. This makes identifying which system an email came from very simple.

  2. Using Putty or a similar SSL client log on to the PBX system as root.

  3. A password file needs to be created so that Postfix can authenticate to Gmail’s servers. This is done by creating a file named sasl_passwd in /etc/postfix. Replace smtp_user and smtp_passwd with their respective values for the Gmail account and run the following command:

echo “smtp.gmail.com smtp_user:smtp_passwd” > /etc/postfix/sasl_passwd

  1. Then hash that file so that the password is not stored in clear text. This command will create a file named sasl_passwd.db in the /etc/postfix/ directory when run:

postmap hash:/etc/postfix/sasl_passwd

  1. After that step is completed use Nano or Vi editors to add the following lines to the bottom of /etc/postfix/main.cf. This assumes that the root certificates installed from open ssl are located in /etc/pki/tls/certs/ca-bundle.crt which has proved to be the case with the versions of the FreePBX Distro tested:

Use Gmail as a relay for Postfix

smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous

Secure channel TLS with exact nexthop name match.

smtp_tls_security_level = secure
smtp_tls_mandatory_protocols = TLSv1
smtp_tls_mandatory_ciphers = high
smtp_tls_secure_cert_match = nexthop
smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
relayhost = smtp.gmail.com:587

  1. Now restart Postfix with this command:

service postfix restart

  1. Now test it to make sure it is working. Run the following command replacing email and domain with the values for the email address that is to receive the email:

mail email@domain

Fill in the subject, put something in the body and then type Control D twice. If all went well an email should be received at the email address entered. If so, delete the unencrypted password file with the following command:

rm /etc/postfix/sasl_passwd

  1. That’s it everything should be good to go and the system should be sending out emails for voice mail, alerts, intrusions etc.

  2. If it did not work, check the log to see what happened by running:

tail /var/log/maillog

  1. This work is based on the work of Charles Auer, unless otherwise stated and is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License