Whilst I was looking through the syslog on my home server on an unrelated matter, I noticed some messages along the lines of:

 Jan  5 11:36:54 localhost postfix/smtp[29391]: 75858A424AC: SASL authentication failed; server smtp.gmail.com[64.233.184.109] said: 534-5.7.9 Appl ication-specific password required. Learn more at?534 5.7.9  https://support.google.com/mail/?p=InvalidSecondFactor f67sm99639626wmd.13 - gsmtp

The key part of the messages being SASL authentication failed and Appl ication-specific password required . Come to think of it, I hadn't had any emails from the server for a while. In fact, from around about the time I turned on two factor authentication.

After some research I managed to piece together what needed to be done to allow two factor authentication for postfix on Ubuntu. In case you haven't to set up gmail as a SMTP relay before, here's the steps to set it up.

Configure /etc/postfix/main.cf as follows:

 # Relaying Postfix SMTP via GMAIL
 relayhost = [smtp.gmail.com]:587
 smtp_sasl_auth_enable = yes
 smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
 smtp_sasl_security_options = noanonymous
 smtp_tls_CAfile = /etc/postfix/cacert.pem
 smtp_use_tls = yes

Add you gmail credentials to /etc/postfix/sasl_passwd

 [smtp.gmail.com]:587    MUYSER@gmail.com:MYPASSWD

Make sure perms of this file are secure, i.e.

 r-------- 1 root root    65 Jan  5 11:36 sasl_passwd

Compile and hash contents of /etc/postfix/sasl_passwd

 postmap /etc/postfix/sasl_passwd

Restart postfix

 systemctl restart posfix

You'll need to set up gmail to allow less secure apps. The procedure is here: https://support.google.com/accounts/answer/6010255

If you have enabled two factor authentication on your google account, these are the extra steps required:

Go to https://security.google.com/settings/security/apppasswords

 
 select app > Mail , select device > Other (Custom Name) > create a name > Generate

Add the application specific pssword generated to sasl_passwd replacing the one already there:

 run: postmap /etc/postfix/sasl_passwd

restart postfix and you're done.

Recent Changes

Contribute to this wiki

Why not help others by sharing your knowledge? Contribute something to this wiki and join out hall of fame!
Contact us for a user name and password