How to upgrade postfix on Mac OS using macports

I have spent far too long trying to wade through numerous blog and forum posts from people trying to get postfix working on Mac OS X. My troubles started when I noticed that no matter what I did, mail sent via various tools I am developing on my laptop were simply not getting sent. Mail was getting sent properly from my mail programs, but not via my local mail agent. Why?

My debugging process naturally led me to my mail daemon's log file: /var/log/mail.log. In it I was seeing a whole bunch of this:

May 12 06:30:09 byrne-reeses-macbook postfix/smtp[66017]: connect to[]:25: Operation timed out

So weird. Not that long ago this was all working, what happened?

Then I remembered: I moved. Literally, from one house to another. This required me to give up my old static IP address I had taken for granted, and "upgrade" to one of AT&T's new DSL routers that began dispensing a dynamic IP address. And when that happened, everything stopped working, because as I have learned, most SMTP servers I might want to talk to reject connections from dynamic IP addresses.

To work around this, I needed to update my copy of postfix on my laptop. For those who don't know, postfix is the program responsible for sending email on my computer. Upgrading postfix is actually quite straight forward if you have macports installed. What is macports? Well for those who are familiar with yum or apt-get, its the Mac version of that. For those who are still lost, macports is a program that makes it easy to install other programs. How meta. Anyways, to install macports you need to install XCode that came with your Mac OS DVD when you bought your computer. You can also download the 1GB file from Apple if you want. Ug.

But lets just assume you have macports installed properly and begin the upgrade. From a terminal type:

 prompt> sudo port install postfix +tls +ldap +sasl

When this process is complete, your machine will be running the latest version of postfix. One problem though - you now have two copies of postfix installed: the one that comes installed by default, and the one you just installed via macports. So your next step is to disable the version of postfix that comes loaded on your computer by default. Do this:

Unload or shutdown postfix:

 prompt> sudo launchctl unload -w \
 prompt> sudo mv /System/Library/LaunchDaemons/org.postfix.master.plist \

Re-route requests through the new version of postfix:

 prompt> sudo mv /usr/sbin/sendmail /usr/sbin/sendmail.orig
 prompt> sudo ln -s /opt/local/sbin/sendmail /usr/sbin/sendmail

Ok, we are almost there. Now we need to edit your postfix configuration to relay mail through GMail, or your ISP's SMTP server. To do this, first create your password file:

 prompt> sudo emacs /opt/local/etc/postfix/sasl_passwd

In it add the following line:

I will assume for a moment that you are smart enough to edit the above line to suit your particular mail host. I recommend keeping the port designation of 587 though, as that will not likely need to change.

Once this file has been created, generate the lookup file:

 prompt> sudo postmap /opt/local/etc/postfix/sasl_passwd

Almost done. Now edit your file to use SASL authentication:

 sudo emacs /opt/local/etc/postfix/

Scroll to the very end of the file and paste this into it:

 relayhost = 
 mydomain_fallback = localhost
 message_size_limit = 10485760
 inet_interfaces = localhost
 tls_random_source = dev:/dev/urandom
 # SASL/SMTP Auth Options
 # Enable Transport Layer Security (TLS), i.e. SSL.

The very first line in the above excerpt is critical. Make sure it matches whatever you put into your sasl_passwd file.

Now, let's test.

In one terminal run this command:

prompt> tail -f /var/log/mail.log

In a second terminal run this command:

prompt> printf "Subject: Test Hello" | sendmail -f

In the terminal where you are tailing your mail.log file, you should see something like this:

May 12 10:56:08 byrne-reeses-macbook postfix/pickup[85777]: 241DD3D398D1: uid=501 from=<>
May 12 10:56:08 byrne-reeses-macbook postfix/cleanup[86339]: 241DD3D398D1: message-id=<20110512175608.241DD3D398D1@byrne-reeses-macbook.local>
May 12 10:56:08 byrne-reeses-macbook postfix/qmgr[85778]: 241DD3D398D1: from=<>, size=332, nrcpt=1 (queue active)
May 12 10:56:08 byrne-reeses-macbook postfix/smtp[86344]: certificate verification failed for[]:587: untrusted issuer /C=US/O=Equifax/OU=Equifax Secure Certificate Authority
May 12 10:56:10 byrne-reeses-macbook postfix/smtp[86344]: 241DD3D398D1: to=<>,[]:587, delay=2.4, delays=0.07/0.08/0.83/1.4, dsn=2.0.0, status=sent (250 2.0.0 OK 1305222970 25sm1358194wfb.22)
May 12 10:56:10 byrne-reeses-macbook postfix/qmgr[85778]: 241DD3D398D1: removed

Ok, so my certificate failed to be "trusted," but the mail got sent and my mail queue is empty, which I can confirm by running this command:

 prompt> mailq

There you go. Hopefully these instructions, which aggregate all that I learned in the last several hours will help others.

Recommended Entries


The lack of a proper built-in package manager on OSX is one thing that makes me miss Linux when I'm on my mac.

this isn't really google blacklisting you, it's actually AT&T DSL blacklisting your outbound connections to any machine port 25. You have to ask them to unblock your account.

The only reason it works now is because you're connecting to port 587, not because you're authenticating. (you just need to authenticate to talk to google).

Leave a comment

what will you say?

Monthly Archives

Recent Comments