Email out thru Gmail as domain is a public facing ec2 instance, over which I have full control.
When we ask gmail to send out an email as,
Gmail doesnt send out email with “MAIL FROM: <>”, even though it is capable.
Instead, gmail request host to send the email.
gmail requires TLS. use Cyrus SASL
SASL: Simple Authentication Security Layer
Cyrus SASL library implementation
Config SASL
Install: apt-get install sasl2-bin libsasl2-modules
Create credential: saslpasswd2 -c -u smtp
this create username smtp, enter password when prompted.
Notify Cyrus how to check password by editting /etc/postfix/sasl/smtpd.conf with:
pwcheck_method: auxprop
mech_list: PLAIN LOGIN
Create certificate, self signed:
create keypair: openssl genrsa -des3 -out smtpRioWing.key 1024
create signing request: openssl req -new -key smtpRioWing.key -out smtpRioWing.csr
remove password: openssl rsa -in smtpRioWing.key.orig -out smtpRioWing.key
make cert: openssl x509 -req -days 3650 -in smtpRioWing.csr -signkey smtpRioWing.key -out smtpRioWing.crt
create .pem: cat smtpRioWing.crt smtpRioWing.key > smtpRioWing.pem
Config Postfix:
Edit /etc/postfix/ so that:
both smtpd_tls_cert_file and smtpd_tls_key_file point to /etc/postfix/smtpRioWing.pem

Edit /etc/postfix/ this opens up 587
submission inet n – n – – smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=may was encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_reject_unlisted_recipient=no
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
sudo postfix reload
Security group on aws:
Make sure port 587 is listening: netstat -ltn |grep 587
Open it up.

Add to gmail account so that it appears as one option in From.
This is straighforward; just enter smtp domain name, user name and password.

Email by telnet to port 587 with “AUTH LOGIN” with base64 user name and password also works.