I have a new Ubuntu 18.04 system and want to have mdadm, smartd, et al. to send warning emails through my gmail account. I have followed the guides in How can I configure Postfix to send all email through my Gmail account? and How to configure Postfix to use Gmail SMTP on Ubuntu 16.04 / 17.10, but I keep getting authentication failures. I have two-factor authentication (2FA) set up with my gmail account. Could this be a factor?
Asked
Active
Viewed 6,854 times
3
Niclas Börlin
- 2,194
3 Answers
5
As George suggested, 2FA was indeed a factor. I wrote down the full procedure below that solved my problems:
Install packages
sudo apt-get install postfix mailutils libsasl2-2 ca-certificates libsasl2-modules
- Select
Internet host. - Enter a hostname (does not have to be known to the internet), e.g.,
trillian.at.home.
Get app password from google
Google allows you to set up 'apps' that have their own password. This technique works with mail relays, too.
- Visit your app passwords page (https://security.google.com/settings/security/apppasswords).
- Log in using your two-factor authentication method.
- Select app:
Mailand device:Other. - Give your 'app' a name, e.g.,
mail relay from <hostname>. - Press
Generate. - Write down the 'app' password (16 characters, no spaces).
Store the app password
Open/create a password file:
sudo nano /etc/postfix/sasl/relay_passwd
Put the following text in the file:
[smtp.gmail.com]:587 USERNAME@gmail.com:APP-PASSWORD
where USERNAME is your gmail username and APP-PASSWORD is the 16-digit app password.
Create a hash file:
sudo postmap /etc/postfix/sasl/relay_passwd
Ensure that only root can read/write the password files:
sudo chown root:root /etc/postfix/sasl/relay_passwd /etc/postfix/sasl/relay_passwd.db
sudo chmod 0600 /etc/postfix/sasl/relay_passwd /etc/postfix/sasl/relay_passwd.db
Create a certificate file
cat /etc/ssl/certs/thawte_Primary_Root_CA.pem | sudo tee -a /etc/postfix/cacert.pem
Configure postfix
sudo nano /etc/postfix/main.cf
Remove the relayhost line and ensure that the following lines are in the file.
relayhost = [smtp.gmail.com]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl/relay_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_CAfile = /etc/postfix/cacert.pem
smtp_use_tls = yes
Test
Run
echo "Test email" | mail -s "Test" you@gmail.com
Hopefully your mail has appeared at gmail. Otherwise, use mailq and tail -f /var/log/mail.log for debugging.
Set up mdadm and smartd
If the test email arrived, you can now set up mdadm and smartd. For mdadm, I use the line
MAILADDR MY-GMAIL-USERNAME+mdadm-trillian@gmail.com
in /etc/mdadm/mdadm.conf to enable mail filtering in my gmail inbox. Similarly, I use the text
-m MY-GMAIL-USERNAME+smartd-trillian@gmail.com
in my DEVICESCAN line in /etc/smartd.conf.
Niclas Börlin
- 2,194
0
Please follow this guide to get it working as 2FA affects these apps but here is a summary:
- Visit your App passwords page. You may be asked to sign in to your Google Account.
- At the bottom, click Select app and choose the app you’re using.
- Click Select device and choose the device you’re using.
- Select Generate.
- Follow the instructions to enter the App password (the 16 character code in the yellow bar) on your device.
- Select Done.
Once you are finished, you won’t see that App password code again. However, you will see a list of apps and devices you’ve created App passwords for.
READ MORE:
https://duo.com/blog/bypassing-googles-two-factor-authentication
George Udosen
- 37,534
0
I was able to get email working as per the above instructions on Ubuntu 22.04 but with the following caveat:
I was not able to create the certificate file (/etc/ssl/certs/thawte_Primary_Root_CA.pem does not exist) and
I did not add "smtp_tls_CAfile = /etc/postfix/cacert.pem" to "/e/etc/postfix/main.cftc/postfix/main.cf"
noel
- 1