Configure Postfix to use Gmail in RHEL/CentOS

by tux
3 min read
26 Comments

Relaying to Gmail via smtp.gmail.com can be accomplished by configuring your Postfix with SASL authentication and TLS encryption.

The common errors you will encounter if sending from your postfix mail server failing to gmail.com domain but works in other domains are:

@/var/log/maillog
-Must issue a STARTTLS command first
-certificate verification failed for gmail.com:unable to get local issuer certificate
-Authentication Required. Learn more at 530 5.5.1 http://mail.google.com/support/bin/answer.py?

How to fix?

Assuming you already installed Postfix and everything works fine except sending to gmail smtps, here are the steps to follow:

1. Configure Postfix main configuration

a.vi /etc/postfix/main.cf

b. Add these lines:

smtp_sasl_security_options = noanonymous
relayhost = [smtp.gmail.com]:587
smtp_use_tls = yes
smtp_tls_CAfile = /etc/postfix/cacert.pem
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl/passwd

c. Save and exit

2. Create /etc/postfix/sasl/passwd

a. Create a directory sasl under /etc/postfix and create a file passwd with contents below:

[smtp.gmail.com]:587 username@gmail.com:password

Save and exit

b. Change permission
#chmod 600 /etc/postfix/sasl/passwd

c. Create lookup table via postmap
#postmap /etc/postfix/sasl/passwd

Issuing that command will create passwd.db

3. Generate your own CA certificate

a. Change directory to /etc/pki/tls/certs

#cd /etc/pki/tls/certs

b.Create a key and test certificate in one file

#make hostname.pem

You will something like

[root@FLT certs]# make hostname.pem
umask 77 ; \
PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
/usr/bin/openssl req -utf8 -newkey rsa:1024 -keyout $PEM1 -nodes -x509 -days 365 -out $PEM2 -set_serial 0 ; \
cat $PEM1 >  hostname.pem ; \
echo “”    >> hostname.pem ; \
cat $PEM2 >> hostname.pem ; \
rm -f $PEM1 $PEM2
Generating a 1024 bit RSA private key
……………………….++++++
…..++++++
writing new private key to ‘/tmp/openssl.z12084’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [GB]:
State or Province Name (full name) [Berkshire]:
Locality Name (eg, city) [Newbury]:
Organization Name (eg, company) [My Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server’s hostname) []:
Email Address []:

c. Fill-up the necessary information and copy the file on /etc/postfix as cacert.pem

#cp /etc/pki/tls/certs/hostname.pem /etc/postfix/cacert.pem

4. Restart the postfix service

#service postfix restart
5. Inspect now your postfix logs to see if it can send out mails now to gmail servers

A successful message states something like
May  3 17:35:00 FLT postfix/smtp[28244]: 0ABB61CE32A: to=<freelinuxtutorials@gmail.com>, relay=smtp.gmail.com[74.125.93.109]:587, delay=5, delays=0.41/0.02/2.7/1.8, dsn=2.0.0, status=sent (250 2.0.0 OK 1272879300 8sm8902550qwj.38)

About the author

tux

View all posts

26 Comments

  • On latest RHEL, used these as a guide —

    didn’t need the spiel after
    make hostname.pem
    the following commands were unnecessary (or seemed so) in my case.
    =======================================
    umask 77 ; \
    PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
    PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
    /usr/bin/openssl req -utf8 -newkey rsa:1024 -keyout $PEM1 -nodes -x509 -days 365 -out $PEM2 -set_serial 0 ; \
    cat $PEM1 > hostname.pem ; \
    echo “” >> hostname.pem ; \
    cat $PEM2 >> hostname.pem ; \
    rm -f $PEM1 $PEM2
    ========================================

    All mail comes from “root”, however, rather than the gmail smarthost account I desire. To the web for more research…

  • Wonderful guide!!! It worked, no problems!

  • warning: SASL authentication failure: No worthy mechs found
    8A261156E: to=, relay=smtp.gmail.com[74.125.141.109]:587, delay=3.6, delays=0.07/0.02/3.5/0, dsn=4.7.0, status=deferred (SASL authentication failed; cannot authenticate to server smtp.gmail.com[74.125.141.109]: no mechanism available)

    It shows above errors. How can I resolved it? thanks

  • hi an, did you put the smtp_sasl_security_options on your postfix main.cf?

  • If you get message like “warning: SASL authentication failure: No worthy mechs found” in postfix log, and string “smtp_sasl_security_options = noanonymous” is not helps, then do “yum install cyrus-sasl*”. =)

  • Thanks for your guide.

    I finished set up and send email.
    But in recipient inbox,
    It appear “root” in sender field.
    is it possible to change it?
    Sorry for my English.

    Thanks,
    Sammo

  • Hi Sammo, thanks for dropping by. Did you put your gmail address under sasl_passwrod and sender_relay? Able to post the relevant mail.log ? Thanks.

  • Hi
    Here is my mail.log
    Mar 15 09:51:00 myserver sendmail[7618]: r2F2p0Qh007618: from=root, size=57, class=0, nrcpts=1, msgid=, relay=root@localhost
    Mar 15 09:51:00 myserver postfix/smtpd[7621]: connect from localhost.localdomain[127.0.0.1]
    Mar 15 09:51:00 myserver postfix/smtpd[7621]: D1A0A881C8: client=localhost.localdomain[127.0.0.1]
    Mar 15 09:51:00 myserver postfix/cleanup[7624]: D1A0A881C8: message-id=
    Mar 15 09:51:00 myserver postfix/qmgr[4562]: D1A0A881C8: from=, size=640, nrcpt=1 (queue active)
    Mar 15 09:51:00 myserver sendmail[7618]: r2F2p0Qh007618: to=test@testdomain.com, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30057, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (Ok: queued as D1A0A881C8)
    Mar 15 09:51:00 myserver postfix/smtpd[7621]: disconnect from localhost.localdomain[127.0.0.1]
    Mar 15 09:51:06 myserver postfix/smtp[7625]: D1A0A881C8: to=, relay=smtp.gmail.com[74.125.133.109]:587, delay=5.4, delays=0.06/0.03/2.9/2.4, dsn=2.0.0, status=sent (250 2.0.0 OK 1363315939 ur12sm416884igb.8 – gsmtp)
    Mar 15 09:51:06 myserver postfix/qmgr[4562]: D1A0A881C8: removed

    Thanks,
    Sammo

  • Hi,

    Could you help me to replace “root” by another in sender info?

    Thanks,
    Quang

  • What you are about to enter is what is called a Distinguished Name or a DN.
    There are quite a few fields but you can leave some blank

  • Pingback: Mail error 530 5.5.1 when sending emails
  • Pingback: [SOLVED] smtp server

  • Great post!
    Worked well
    Thanks.

  • Great post and it was worked. Thanks for sharing this amazing and informative article.

  • Parabéns pelos post, funcionou certinho no meu server. Obrigado!

  • As compared to the traditional clay pots used in presenting Pen Cai which is much much heavier,
    and more especially so with the tons of food placed in it, the lighter
    weight Corningware pots are definitely more classic looking
    and can easily caters for even small families when a mini Pen Cai is desired.

  • I loved as much as you’ll receive carried out right here.
    The sketch is attractive, your authored subject matter stylish.
    nonetheless, you command get got an nervousness over that you wish be delivering
    the following. unwell unquestionably come more formerly again as exactly the same
    nearly very often inside case you shield this
    increase.

  • Hi

    Could you please help me, followed the steps as above. Still, i am getting STARTTLS command first error

    Sep 8 01:51:57 xampp postfix/smtp[4147]: < smtp.gmail.com[74.125.68.109]:587: 530 5.7.0 Must issue a STARTTLS command first. b89sm624862pfe.43 – gsmtp
    Sep 8 01:51:57 xampp postfix/smtp[4147]: vstream_buf_get_ready: fd 15 got 15
    Sep 8 01:51:57 xampp postfix/smtp[4147]: smtp.gmail.com[74.125.68.109]:587: RSET
    Sep 8 01:51:57 xampp postfix/smtp[4147]: > smtp.gmail.com[74.125.68.109]:587: QUIT
    Sep 8 01:51:57 xampp postfix/smtp[4147]: vstream_fflush_some: fd 15 flush 12
    Sep 8 01:51:57 xampp postfix/smtp[4147]: smtp_get: EOF
    Sep 8 01:51:57 xampp postfix/smtp[4147]: name_mask: resource
    Sep 8 01:51:57 xampp postfix/smtp[4147]: name_mask: software
    Sep 8 01:51:57 xampp postfix/cleanup[4131]: 459C026031A: message-id=
    Sep 8 01:51:57 xampp postfix/qmgr[4123]: 459C026031A: from=, size=2638, nrcpt=1 (queue active)
    Sep 8 01:51:57 xampp postfix/bounce[4134]: C162D26031C: sender non-delivery notification: 459C026031A
    Sep 8 01:51:57 xampp postfix/qmgr[4123]: C162D26031C: removed
    Sep 8 01:51:57 xampp postfix/local[4135]: 459C026031A: to=, relay=local, delay=0.31, delays=0.13/0/0/0.17, dsn=2.0.0, status=sent (delivered to mailbox)
    Sep 8 01:51:57 xampp postfix/qmgr[4123]: 459C026031A: removed

  • You can certainly see your skills within the paintings you write. The sector hopes for more passionate writers like you who aren’t afraid to mention how they believe. All the time go after your heart.
    Filling Machines http://www.nicefiller.com

  • Pingback: Reducing weight

  • Hi
    Nice share.
    In my opinion the best cccam are those from iptvcccam.net
    I would like your feedback
    Thanks

Leave a Reply