The Peculiar Case of Email in the Cloud

Troubleshooting

It's very possible the e-mail will fail. If you get an error like this in your log files:


SASL authentication failed; server smtp.gmail.com[1.2.3.4]
 ↪said: 534-5.7.14 Please log in via your web browser
 ↪and then try again.

the most probable reason is that secure login setting I mentioned earlier. Like I mentioned previously, I don't have a problem with doing this on an account I created specifically for relaying e-mail. If you're using your actual e-mail address though, I don't really recommend it.

If you're still interested in softening the security to fix this problem, log in to your Gmail account and head here (Figure 1).

Figure 1. It seems odd to "turn on" insecurity.

You should be able to switch this to "turn on", which turns on the ability for less secure apps to log in. (That sounds a bit counterintuitive, turning "on" a more insecure method, but if you read closely, that's what you want to do.)

Once you make that change, try sending an e-mail again, and it should go through. The original e-mail actually probably will go through too, since Postfix keeps trying to send failed messages.

If You Prefer More Security

I've had mixed results using a Google App Password and two-factor authentication for Postfix e-mail relay setups. I'll leave this as an exercise for those folks who don't want to allow less secure authentication or who already use two-factor authentication on their accounts. (This might be the only option for Google Hosted Domain users whose administrators have not enabled the "less secure app" feature.)

The first step is to turn on two-factor authentication on your account. Otherwise, you won't be able to generate App Passwords. Head here in order to enable and configure two-factor authentication.

Then, create an App Password for your server setup here.

Once you have the App Password, copy it into your Postfix authentication file in place of the password entered earlier. You'll need to re-create the password map too using the postmap command. Then restart Postfix, and try sending an e-mail. If it doesn't work, check your log files and start troubleshooting there. Like I said, I've had mixed results.

Not Just Gmail!

If you are struggling with your Gmail account, or just prefer not to rely on Google for relaying your information, the good news is this procedure works for any SMTP server. In fact, the configuration might be far simpler for other SMTP servers. If you have an e-mail account from your ISP, you likely can use that account by tweaking the settings above to match your ISP's account information. I think I have a charter.net e-mail address that I've never used for anything. I suspect many folks have similar addresses.

E-mail might be a dying form of communication, but for things like server notifications, it's hard to beat. The problem is, there are so many security concerns over relaying e-mail, it can be frustratingly difficult to configure one of the oldest messaging protocols!

Usually when I'm setting up a new server, I quickly install Postfix and configure it like this using a Chef or Puppet method for quick and reliable configuration. If you have a simpler or different method for enabling e-mail on cloud servers, drop me an e-mail at shawn@linuxjournal.com. I love hearing other solutions, and I'll share any really great solutions with the rest of the class in a future issue!

______________________

Shawn Powers is a Linux Journal Associate Editor. You might find him on IRC, Twitter, or training IT pros at CBT Nuggets.