Postfix relay using Gmail on CentOS

Many ISPs block sending email over port 25. This means that you won’t be able to send mail from your Linux server through simple commands like mailx or logwatch. A good way to get around this limitation is to set up a relay through a Gmail account.
The following instructions were tested on CentOS 6.3, 6.4 and 6.5 using Postfix.
Note: You must install certain modules for SASL authentication to work. On CentOS, you can check that these are installed by running the following command: yum install cyrus-sasl-plain
Create the file /etc/postfix/sasl_passwd in your favorite text editor, and fill in the following on one line:

smtp.gmail.com    GmailUsername:GmailPassword

Next, we’ll need to hash that file so that it’s more secure. First, make sure that /etc/postfix is owned by the postfix user, or you’ll get an error message stating “postmap: fatal: open database /etc/postfix/sasl_passwd.db: Permission denied”:

sudo chown postfix /etc/postfix
postmap hash:/etc/postfix/sasl_passwd

The files /etc/postfix/sasl_passwd and /etc/postfix/sasl_passwd.db will both still exist on your computer even after hashing. Please make sure that both are owned by user and group root. Set the file permissions to 640 for both files.
Edit the /etc/postfix/main.cf configuration file, and add the following lines at the end:

#Set the relayhost to the Gmail SMTP server
relayhost = smtp.gmail.com:587
#Set the required TLS options
smtp_tls_security_level = secure
smtp_tls_mandatory_protocols = TLSv1
smtp_tls_mandatory_ciphers = high
smtp_tls_secure_cert_match = nexthop
#Check that this path exists -- these are the certificates used by TLS
smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
#Set the sasl options
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous

Restart postfix with this command: service postfix restart

Other notes:

The CentOS minimal install does not include the mail command – run yum install mail to install.
Send a test message by using the format: echo “Test email” | mail -s “This is a test” youremail@domain.com
Make sure to chown postfix /etc/postfix or you will get a fatal error when using postmap.
More reading: http://charlesa.net/tutorials/centos/centosgmail.php
Set postfix to only use ipv4 to fix ipv6 routing issues with gmail:
http://linuxmoz.com/google-mail-ipv6-network-is-unreachable-postfix-ipv4-only-fix/

22 Comments

  1. There seems to be an issue.. perhaps it is with 64bit Centos 6.4..
    after executing
    ” postmap hash:/etc/postfix/sasl_passwd ”
    There was no output good or bad, so i decided to look closer, turns out it creates a new file called sasl_passwd.db wich appears to be encrypted, however sasl_passwd file remains untouched, and very much intact.

  2. Awesome! Tried almost everything with sendmail with no result. Finally was in the verge of giving up when I stumbled on this site. Worked the first time.
    Note: I did a clean install, also set to ipv4 from the link above. Was done on Centos 6.2. Stopped sendmail and installed postfix.

  3. i worked with eyesofnetwork in centos
    i want to connect my virtual machine to internet in order to receive mails from postfix
    may anyone help me please 🙂

  4. Thanx lot, this was solved my problem, if selinux is enabled then we need to use the following command,
    /usr/sbin/getsebool httpd_can_sendmail
    which will report
    httpd_can_sendmail –> {on|off}
    and if it is off, you can turn it on using
    sudo setsebool -P httpd_can_sendmail 1

  5. It does not work for me :
    SASL authentication failed; server smtp.gmail.com[74.125.206.108] said: 534-5.7.14 Please log in via your web browser and then try again.?534-5.7.14 Learn more at?534 5.7.14 https://support.google.com/mail/bin/answer.py?answer=78754 n4sm18275231wjb.40 – gsmtp
    Nov 2 14:22:23 ns384574 postfix/smtp[17702]: 0348A37C006A: to=, relay=smtp.gmail.com[74.125.206.109]:587, delay=95163, delays=95163/0.03/0.49/0, dsn=4.7.14, status=deferred (SASL authentication failed; server smtp.gmail.com[74.125.206.109] said: 534-5.7.14 Please log in via your web browser and?534-5.7.14 then try again.?534-5.7.14 Learn more at?534 5.7.14 https://support.google.com/mail/bin/answer.py?answer=78754 da3sm18636144wjb.12 – gsmtp)

    • I got the same issue.
      But I resolved that by going into my gmail account and making a settign change to allow gmail to get unsecure apps.
      Basically I got a security warning email from gmail and I had to take an action for it by visitng the site: https://www.google.com/settings/security/lesssecureapps
      Hi XXXXXX,
      You recently changed your security settings so that your Google Account [sanjay.vijayasundaram@gmail.com] is no longer protected by modern security standards.
      If you did not make this change
      Please review your Account Activity page at https://security.google.com/settings/security/activity to see if anything looks suspicious. Whoever made the change knows your password; we recommend that you change it right away.
      If you made this change
      Please be aware that it is now easier for an attacker to break into your account. You can make your account safer again by undoing this change at https://www.google.com/settings/security/lesssecureapps then switching to apps made by Google such as Gmail to access your account.
      Sincerely,
      The Google Accounts team

  6. mail3 postfix/smtp[11624]: 0E2E760790: to=, relay=none, delay=0.22, delays=0.12/0.09/0.01/0, dsn=4.4.1, status=deferred (connect to smtp.x.x[w.w.w.w]:456: No route to host)
    For me mail3 is the hostname of the postfix server. I am trying to send mail using the smtpserver smtp.y.y by assigning the relayhost=smtp.y.y . Email is being sent from the postfix server using mail command where example@x.x is my email address.
    In short, I am will be using postfix as relay server so that the mail send using this server will be pushed to another smtp server .

  7. I had the SAS Authentication error and did the following to resolve:
    sudo vi /etc/postfix/main.cf:
    I added this line anywhere in the file:
    smtpd_sasl_auth_enable = yes
    I also had to edit my user/pass file again because the username was incorrect.
    vi /etc/postfix/sasl_passwd
    I also changed my password on GMAIL.
    In addition to that, I had to restart the server, restarting postfix wasn’t enough. If I were you, I would try with just adding the smtpd_sasl_auth_enable = yes line and rebooting the server before you go changing your gmail password.
    Good Luck!

3 Trackbacks / Pingbacks

  1. Email Relay in Linux | Tech Tidbits
  2. Sending email with postfix - Network is unreachable
  3. Email relay in Linux | Charles Nguyen Consulting LLC

Leave a Reply

Your email address will not be published.


*