/var/net/sys/admin/blog
| More

Relaying to Gmail via smtp.gmail.com can be accomplished by configuring your Postfix with SASL authentication and TLS encryption.

The common errors you will encounter if sending from your postfix mail server failing to gmail.com domain but works in other domains are:

@/var/log/maillog
-Must issue a STARTTLS command first
-certificate verification failed for gmail.com:unable to get local issuer certificate
-Authentication Required. Learn more at 530 5.5.1 http://mail.google.com/support/bin/answer.py?

How to fix?

Assuming you already installed Postfix and everything works fine except sending to gmail smtps, here are the steps to follow:

1. Configure Postfix main configuration

a.vi /etc/postfix/main.cf

b. Add these lines:

smtp_sasl_security_options = noanonymous
relayhost = [smtp.gmail.com]:587
smtp_use_tls = yes
smtp_tls_CAfile = /etc/postfix/cacert.pem
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl/passwd

c. Save and exit

2. Create /etc/postfix/sasl/passwd

a. Create a directory sasl under /etc/postfix and create a file passwd with contents below:

[smtp.gmail.com]:587 username@gmail.com:password

Save and exit

b. Change permission
#chmod 600 /etc/postfix/sasl/passwd

c. Create lookup table via postmap
#postmap /etc/postfix/sasl/passwd

Issuing that command will create passwd.db

3. Generate your own CA certificate

a. Change directory to /etc/pki/tls/certs

#cd /etc/pki/tls/certs

b.Create a key and test certificate in one file

#make hostname.pem

You will something like

[root@FLT certs]# make hostname.pem
umask 77 ; \
PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
/usr/bin/openssl req -utf8 -newkey rsa:1024 -keyout $PEM1 -nodes -x509 -days 365 -out $PEM2 -set_serial 0 ; \
cat $PEM1 >  hostname.pem ; \
echo “”    >> hostname.pem ; \
cat $PEM2 >> hostname.pem ; \
rm -f $PEM1 $PEM2
Generating a 1024 bit RSA private key
……………………….++++++
…..++++++
writing new private key to ‘/tmp/openssl.z12084’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [GB]:
State or Province Name (full name) [Berkshire]:
Locality Name (eg, city) [Newbury]:
Organization Name (eg, company) [My Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server’s hostname) []:
Email Address []:

c. Fill-up the necessary information and copy the file on /etc/postfix as cacert.pem

#cp /etc/pki/tls/certs/hostname.pem /etc/postfix/cacert.pem

4. Restart the postfix service

#service postfix restart
5. Inspect now your postfix logs to see if it can send out mails now to gmail servers

A successful message states something like
May  3 17:35:00 FLT postfix/smtp[28244]: 0ABB61CE32A: to=<freelinuxtutorials@gmail.com>, relay=smtp.gmail.com[74.125.93.109]:587, delay=5, delays=0.41/0.02/2.7/1.8, dsn=2.0.0, status=sent (250 2.0.0 OK 1272879300 8sm8902550qwj.38)

Share

21 Responses to “Configure Postfix to use Gmail in RHEL/CentOS”

  1. flyingboz

    on August 10 2011

    On latest RHEL, used these as a guide —

    didn’t need the spiel after
    make hostname.pem
    the following commands were unnecessary (or seemed so) in my case.
    =======================================
    umask 77 ; \
    PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
    PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
    /usr/bin/openssl req -utf8 -newkey rsa:1024 -keyout $PEM1 -nodes -x509 -days 365 -out $PEM2 -set_serial 0 ; \
    cat $PEM1 > hostname.pem ; \
    echo “” >> hostname.pem ; \
    cat $PEM2 >> hostname.pem ; \
    rm -f $PEM1 $PEM2
    ========================================

    All mail comes from “root”, however, rather than the gmail smarthost account I desire. To the web for more research…

  2. GmailFree.com

    on January 21 2012

    nice . i love linux 🙂

  3. Nick

    on July 15 2012

    Wonderful guide!!! It worked, no problems!

  4. an

    on November 28 2012

    warning: SASL authentication failure: No worthy mechs found
    8A261156E: to=, relay=smtp.gmail.com[74.125.141.109]:587, delay=3.6, delays=0.07/0.02/3.5/0, dsn=4.7.0, status=deferred (SASL authentication failed; cannot authenticate to server smtp.gmail.com[74.125.141.109]: no mechanism available)

    It shows above errors. How can I resolved it? thanks

  5. Free Linux Tutorials

    on December 1 2012

    hi an, did you put the smtp_sasl_security_options on your postfix main.cf?

  6. MegaCrash

    on February 28 2013

    If you get message like “warning: SASL authentication failure: No worthy mechs found” in postfix log, and string “smtp_sasl_security_options = noanonymous” is not helps, then do “yum install cyrus-sasl*”. =)

  7. Sammo

    on March 14 2013

    Thanks for your guide.

    I finished set up and send email.
    But in recipient inbox,
    It appear “root” in sender field.
    is it possible to change it?
    Sorry for my English.

    Thanks,
    Sammo

  8. Free Linux Tutorials

    on March 15 2013

    Hi Sammo, thanks for dropping by. Did you put your gmail address under sasl_passwrod and sender_relay? Able to post the relevant mail.log ? Thanks.

  9. Sammo

    on March 15 2013

    Hi
    Here is my mail.log
    Mar 15 09:51:00 myserver sendmail[7618]: r2F2p0Qh007618: from=root, size=57, class=0, nrcpts=1, msgid=, relay=root@localhost
    Mar 15 09:51:00 myserver postfix/smtpd[7621]: connect from localhost.localdomain[127.0.0.1]
    Mar 15 09:51:00 myserver postfix/smtpd[7621]: D1A0A881C8: client=localhost.localdomain[127.0.0.1]
    Mar 15 09:51:00 myserver postfix/cleanup[7624]: D1A0A881C8: message-id=
    Mar 15 09:51:00 myserver postfix/qmgr[4562]: D1A0A881C8: from=, size=640, nrcpt=1 (queue active)
    Mar 15 09:51:00 myserver sendmail[7618]: r2F2p0Qh007618: to=test@testdomain.com, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30057, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (Ok: queued as D1A0A881C8)
    Mar 15 09:51:00 myserver postfix/smtpd[7621]: disconnect from localhost.localdomain[127.0.0.1]
    Mar 15 09:51:06 myserver postfix/smtp[7625]: D1A0A881C8: to=, relay=smtp.gmail.com[74.125.133.109]:587, delay=5.4, delays=0.06/0.03/2.9/2.4, dsn=2.0.0, status=sent (250 2.0.0 OK 1363315939 ur12sm416884igb.8 – gsmtp)
    Mar 15 09:51:06 myserver postfix/qmgr[4562]: D1A0A881C8: removed

    Thanks,
    Sammo

  10. Sammo

    on March 18 2013

    Hi,

    Could you help me to replace “root” by another in sender info?

    Thanks,
    Quang

  11. linnworksreview

    on April 14 2013

    What you are about to enter is what is called a Distinguished Name or a DN.
    There are quite a few fields but you can leave some blank

  12. Mail error 530 5.5.1 when sending emails

    on June 21 2013

    […] as far as how to use Gmail as a relay??? http://mhawthorne.net/posts/postfix-…-as-relay.html http://freelinuxtutorials.com/quick-…in-rhelcentos/ […]

  13. mo

    on August 29 2013

    thanks

  14. [SOLVED] smtp server

    on October 9 2013

    […] hi all my postfix uis working now used below link as a guide http://www.freelinuxtutorials.com/qu…in-rhelcentos/ […]

  15. Martin Trepanier

    on November 28 2014

    Great post!
    Worked well
    Thanks.

  16. Gheatza

    on December 3 2014

    Great post and it was worked. Thanks for sharing this amazing and informative article.

  17. Johan

    on March 11 2015

    Thank you very much

  18. Janduy Euclides

    on February 12 2016

    Parabéns pelos post, funcionou certinho no meu server. Obrigado!

  19. 八鄉圍村盆菜

    on December 25 2016

    As compared to the traditional clay pots used in presenting Pen Cai which is much much heavier,
    and more especially so with the tons of food placed in it, the lighter
    weight Corningware pots are definitely more classic looking
    and can easily caters for even small families when a mini Pen Cai is desired.

  20. mouad

    on January 3 2017

    thank you very much

    save lot of time : bookmarked 🙂

  21. berita terbaru

    on March 7 2017

    I loved as much as you’ll receive carried out right here.
    The sketch is attractive, your authored subject matter stylish.
    nonetheless, you command get got an nervousness over that you wish be delivering
    the following. unwell unquestionably come more formerly again as exactly the same
    nearly very often inside case you shield this
    increase.

Comment RSS · TrackBack URI

Leave a comment

Name: (Required)

E-mail: (Required)

Website:

Comment:

 

About FLT

This site is dedicated to everyone who likes to learn and explore the beautiful world of Linux. If you have comments and suggestions, please feel free to email at freelinuxtutorials@gmail.com. I am happy to serve and share things esp. that is free and enjoyable as Linux.