How to get gmail to use postfix as an SMTP server


I’m trying to get gmail to send email from my vanity domain – it understandably wants to use an SMTP server set up for that domain. I tried to configure postfix to be an SMTP server for my vanity domain, but in gmail I keep getting authentication errors.
My experience seems very much the same as Postfix as SMTP server for Gmail. (“Send mail as” google option)
I found very little other helpful information online for this specific problem. Most other users who seem to ask about this problem get given “this is how to use gmail as an SMTP server” answers which are obviously not helpful. Gmail can’t send from my vanity domain which is why I (and it) need/s the SMTP server.

Here are my config files, I’ve used host.example.com for the full host and domain name of the server postfix is running on. – I’ve used vanity.domain for the vanity domain name I am trying to get to work with gmail and and user1 etc as different users.

I added Letsencrypt certificates because it was suggested gmail might reject self-signed ones. I don’t know if this is correct, or if I’ve done it correctly – I used certbot –apache on the host.domain.com – the certificates do work in the browser for host.exmaple.com.

as an aside I haven’t yet managed to get postfix to use port 587 – so I remived the :587 from where it was (vanity.domain):587 in the configs.

main.cf (it became very long with all the tings that different guides suggested adding)

# See /usr/share/postfix/main.cf.dist for a commented, more complete version

# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
# fresh installs.
compatibility_level = 2

# TLS parameters
smtpd_tls_cert_file=/etc/letsencrypt/live/host.example.com/fullchain.pem
#smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/letsencrypt/live/host.example.com/privkey.pem
#smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = host.example.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = $myhostname, host.example.com, host, localhost.localdomain, localhost
#relayhost =(vanity.domain):587
mynetworks = 127.0.0.0/8 (::ffff:127.0.0.0)/104 (::1)/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all

virtual_alias_domains = vanity.domain
virtual_alias_maps = hash:/etc/postfix/virtual
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noplaintext,noanonymous
smtp_sasl_tls_security_options = noanonymous
smtp_sasl_auth_enable = yes
smtp_use_tls = yes
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt

#smtp_tls_security_level = may
#smtp_tls_protocols = !SSLv2, !SSLv3
#smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
#smtp_tls_mandatory_ciphers = high
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_local_domain = 
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtp_tls_security_level = may
smtpd_tls_security_level = may
smtp_tls_note_starttls_offer = yes
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtp_tls_security_level = may
smtp_tls_protocols = !SSLv2, !SSLv3
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
smtp_tls_mandatory_ciphers = high
smtp_tls_loglevel = 1 
sender_canonical_maps = tcp:127.0.0.1:10001
sender_canonical_classes = envelope_sender
recipient_canonical_maps = tcp:127.0.0.1:10002
recipient_canonical_classes = envelope_recipient

etc/postfix/virtual:

user1@vanity.domain user1@gmail.com
user2@vanity.domain user2@gmail.com
user3@vanity.domain user3@gmail.com
testing@vanity.domain user1@gmail.com
@vanity.domain user1@gmail.com

my log when I try to connect (ips, dates and times removed):

connect from mail-ua1-f41.google.com
Anonymous TLS connection established from mail-ua1-f41.google.com: TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
warning: mail-ua1-f41.google.com: SASL PLAIN authentication failed:
lost connection after AUTH from mail-ua1-f41.google.com
disconnect from mail-ua1-f41.google.com ehlo=2 starttls=1 auth=0/1 commands=3/4

sasl_passwd

(vanity.domain) user1:longpassword

Lastly, in gmail’s SMTP settings, I fill the following:

smtp server: host.example.com
user: user1 (I tried user1@vanity.domain and user1@host.example.com too – I’m not sure which it should be)
password: longpassword
port: 25 (tried 587 and 465 too)
Security: TLS (tried SSL and unsecured to)