Postfix SMTP relay using Gmail

So I have a bunch of stuff on my network that wants to send email, the Asterisk server, various camera's, NAS'S, etc. There's no way to send email directly out of my house anymore given that the days of me hosting my own email are long gone, I have my domain hosted in a GSuite org.

I don't particularly want to have to configure every single device to use Gmail, so instead, I decided to setup a local SMTP relay server that used Gmail as it's outbound relay.

First things first - you'll need an ubuntu 16.04 VM with postfix installed via apt-get.

Now we need to setup the password file under /etc/postfix/sasl/sasl_password

[smtp.gmail.com]:587 someuser@gmail.com:whateveryourpasswordis

Once you have saved this file, execute the following command:

sudo postmap /etc/postfix/sasl/sasl_passwd

Now, you'll need to setup postfix's main configuration, /etc/postfix/main.cf

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no
readme_directory = no

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = smtp-relay.local.lan
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 YOUR_LOCAL_LAN_CIDR
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
relayhost = [smtp.gmail.com]:587
smtp_use_tls = yes
smtp_sasl_auth_enable = yes
smtp_sasl_security_options =
smtp_sasl_password_maps = hash:/etc/postfix/sasl/sasl_passwd
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt

This should all be pretty obvious, you should ensure that YOUR_LOCAL_LAN_CIDR is replaced with the cidr block for your local LAN to allow local clients to relay through.