Tuesday, March 12, 2013

Using Postfix SASL authentication with Google 2-step verification on

If you configure your Google account for extra security to use the 2-step verification, then some applications which work outside the browser might not be compatible with 2-step verification and cannot ask for verification codes.
Postfix which was installed and configured to send out emails won't work anymore, and you might notice error messages in the /var/log/mail.log file. Something like -
SASL authentication failed; server smtp.gmail.com said: Application-specific password required.
The solution below should fix this issue:
First, you would need visit the Authorizing applications & sites page (pictured below) under your Google Account settings.

On this page page enter the name of the application to be authorized (Postfix) and click on Generate Password button. Write down the password generated by this page.
Then, the following changes need to be made to Postfix configuration:
  • As root user (or using sudo), modify the SASL password file:
vi /etc/postfix/sasl_passwd
# to contain the password generated instead of your Google account password used before.
[smtp.gmail.com]:587 <yourAccount>@gmail.com:<passwordGenerated>
  • Hash the password file
postmap /etc/postfix/sasl_passwd
  • Make sure SASL password files can be read by root user only
sudo chmod 600 /etc/postfix/sasl_passwd
sudo chmod 600 /etc/postfix/sasl_passwd.db
  • Restart Postfix
/etc/init.d/postfix restart
That is it. Postfix should be able to send emails the same way it did before, using the 2-step verification feature from Google.

5 comments:

  1. Thanks! totally helped me troubleshoot my homework assignment and get my relay working!

    ReplyDelete
  2. Thanks a ton. Now my GoFlex Home running Arch can send me status updates!!

    ReplyDelete
  3. Great!!! only your tutorial worked! thanks a lot

    ReplyDelete
  4. Quick and concise. It's amazing this still works after 3 years since original post with the way Google changes things around. Thanks for the help!

    ReplyDelete
    Replies
    1. You are very welcome - I am really glad it helped.

      Delete