Configure Postfix to use Gmail SMTP replay on CentOS 7

You might be asking yourself why you might need such configuration. Well, some Internet Service Providers or hosting companies block the default SMTP port 25. If that is the case and port 25 cannot be unblocked, we can use alternative solutions. Such solution is relaying email via other port such as 587. Google's Gmail offers such capabilities and you can use your own Gmail account in order to send messages from your server. Here is how you can do it with few simple steps:

  • Installing the packages

First, we begin by installing the necessary packages:

yum -y install postfix mailx cyrus-sasl-sql cyrus-sasl-plain cyrus-sasl-lib

Stop sendmail and disable it if it is already installed:

service sendmail stop
systemctl disable sendmail

Start and enable Postfix:

service postfix start
systemctl enable postfix
  • Postfix configuration

Open your Postfix config file /etc/postfix/main.cf with your favorite text editor and add the following lines at the bottom:

relayhost = [smtp.gmail.com]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_use_tls = yes
smtpd_tls_cert_file =  /etc/letsencrypt/live/site.com/cert.pem
smtpd_tls_key_file = /etc/letsencrypt/live/site.com/privkey.pem
smtp_tls_CAfile = /etc/letsencrypt/live/site.com/chain.pem

Note that the above configuration uses valid SSL certificate. The example above uses Letsencrypt SSL which is suitable for our tutorial. The certificate, its key and intermediate chain are defined with smtpd_tls_cert_file, smtpd_tls_key_file and smtp_tls_CAfile directives.

Lets specify our Gmail username and password in /etc/postfix/sasl_passwd. Open this file and add the following line:

[smtp.gmail.com]:587    [email protected]:password

You need to replace the above username and password with your username and password that you use for Gmail.

After this, we need to set appropriate permissions to this file and reload our configuration:

chmod 400 /etc/postfix/sasl_passwd
postmap /etc/postfix/sasl_passwd
service postfix reload
  • Gmail configuration

If you are receiving message similar to this:

Apr 01 08:20:48 guest postfix/smtp[8860]: C372A71DC: SASL authentication failed; server smtp.gmail.com[74.125.193.108] said: 534-5.7.14 <https://accounts.google.com/signin/continue?sarp=1&scc=1&plt=AKgnsbv4?534-5.7.14 UZWyzsPlEVdfghEoXD1L2Cx1XYHjfwxYKpu9lq5ro8TEj9CRjnsQ1iH0vf0ixV8dvkx9ec?534-5.7.14 4TkUhrjvqbpUhsDm2crKLT9VBZBGQyqvTX8g9FFFww-zVaGeqvPyBEw2D0i8dvH2s-VJgE?534-5.7.14 VOjoffPpv65pMni067yIFDXwg93kxssX7pYi-KE-06zYmxzw0bz5BUcHJclvm9C7E3i6v2?534-5.7.14 qhNujOF37jXUaYzoAXaGmneEujFNY> Please log in via your web browser and?534-5.7.14 then try again.?534-5.7.14 Learn more at?534 5.7.14 https://support.google.com/mail/answer/78754 n77sm3804948ioe.33 - gsmtp

Then you will need to make further adjustments to your Gmail account. First, login to your Google account and turn on the option "Allow less secure accounts to access your account". More information on where the option is located can be found here - https://support.google.com/accounts/answer/6010255. The second thing we need to do is to turn on 2-step verification. More information on this matter - https://support.google.com/accounts/answer/185839?hl=en&ref_topic=1099588 The third last step is to create app password. This password will be used in /etc/postfix/sasl_passwd (the gmail account username stays the same). Again, more information can be found here - https://support.google.com/accounts/answer/185833?hl=en

  • Testing our configuration

We can test our SMT relay configuration by sending test email like this, just replace [email protected] with your actual email address:

echo "Test mail from our new relay" | mail -s "Test relay" [email protected]

Comments