{"id":7342,"date":"2020-12-02T22:39:45","date_gmt":"2020-12-02T19:39:45","guid":{"rendered":"https:\/\/kifarunix.com\/?p=7342"},"modified":"2024-03-15T09:15:00","modified_gmt":"2024-03-15T06:15:00","slug":"configure-postfix-to-use-gmail-smtp-on-centos-8","status":"publish","type":"post","link":"https:\/\/kifarunix.com\/configure-postfix-to-use-gmail-smtp-on-centos-8\/","title":{"rendered":"Configure Postfix to Use Gmail SMTP on CentOS 8"},"content":{"rendered":"\n<p>Welcome to our tutorial on how to configure Postfix to use Gmail SMTP on CentOS 8 to relay mails. <a href=\"http:\/\/www.postfix.org\/\" target=\"_blank\" rel=\"noreferrer noopener\">Postfix<\/a> is a free and open-source mail transfer agent that routes and delivers electronic mail. Postfix MTA can be configured to relay mails through an external SMTP servers such as Gmail SMTP server for a reliable mail delivery.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"934\" height=\"588\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2020\/12\/postfix-gmail-relay.png\" alt=\"Configure Postfix to Use Gmail SMTP on CentOS 8\" class=\"wp-image-7347\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2020\/12\/postfix-gmail-relay.png?v=1606937257 934w, https:\/\/kifarunix.com\/wp-content\/uploads\/2020\/12\/postfix-gmail-relay-768x483.png?v=1606937257 768w\" sizes=\"(max-width: 934px) 100vw, 934px\" \/><\/figure><\/div>\n\n\n<h2 class=\"wp-block-heading\" id=\"configurepostfixgmailsmtp\">Configuring Postfix to Use Gmail SMTP on CentOS 8<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"installpostfixubuntu20.04\">Install Postfix on CentOS 8<\/h3>\n\n\n\n<p>You can install Postfix by installing the <code>postfix<\/code> package itself or via the <code>mailutils<\/code> package which installs along with it.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>dnf install postfix<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Install SASL on CentOS 8 <\/h3>\n\n\n\n<p>SASL (Simple Authentication and Security Layer) <em>provides a mechanism of authenticating users using their username and password<\/em>. The implementation of SASL is provided Cyrus SASL library which can be installed on a CentOS 8 system by running the command below;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>dnf install cyrus-sasl-plain <\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Install Mail Command on CentOS 8<\/h3>\n\n\n\n<p>Mail command on CentOS 8 is provided by mailx package. <\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>dnf install mailx<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Configuring Postfix to Use Gmail SMTP Relay<\/h3>\n\n\n\n<p>Postfix is now installed with the default configuration. You can view Postfix configuration values using the postconf command;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>postconf<\/code><\/pre>\n\n\n\n<p>To make further configuration changes, edit the main Postfix configuration file, <code>\/etc\/postfix\/main.cf<\/code> and make any necessary changes as needed.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"setpostfixrelayserver\">Set the Postfix Relay server<\/h4>\n\n\n\n<p>Postfix can be configured to deliver mails indirectly via a&nbsp;relay host. A relay host can be defined on a Postfix configuration file using the <code><strong>relayhost<\/strong><\/code> parameter.<\/p>\n\n\n\n<p>By default, the value of the <code><strong>relayhost<\/strong><\/code> parameter is <strong>empty<\/strong>. This configures Postfix is to try to deliver mail directly to the Internet, which is usually not desirable.<\/p>\n\n\n\n<p>According to <a href=\"http:\/\/www.postfix.org\/postconf.5.html#relayhost\" target=\"_blank\" rel=\"noreferrer noopener\">Postfix configuration<\/a>, different values can be set for the relayhost parameter;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>On an intranet, you can specify your organizational domain name. If your internal DNS uses no MX records, specify the name of the intranet gateway host instead.<\/li>\n\n\n\n<li>In the case of SMTP or LMTP delivery, specify one or more destinations in the form of a domain name, hostname, hostname:port, [hostname]:port, [hostaddress] or [hostaddress]:port, separated by comma or whitespace. The form [hostname] turns off MX lookups.<\/li>\n<\/ul>\n\n\n\n<p>In our case, we are setting Postfix relay to Gmail SMTP servers. Hence, open the Postfix main configuration file;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>vim \/etc\/postfix\/main.cf<\/code><\/pre>\n\n\n\n<p>Under the Intranet\/Internet section, find the, <code>relayhost =<\/code>, lines and set its value to Gmail SMTP domain name as shown below;<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>...\n#relayhost = $mydomain\n#relayhost = [gateway.my.domain]\n#relayhost = [mailserver.isp.tld]\n#relayhost = uucphost\n#relayhost = [an.ip.add.ress]\n<strong>relayhost = [smtp.gmail.com]:587<\/strong>\n<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">Configure Postfix SASL Authentication<\/h4>\n\n\n\n<p>According to <a rel=\"noreferrer noopener\" href=\"http:\/\/www.postfix.org\/SASL_README.html\" target=\"_blank\">Postfix<\/a>:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>SMTP servers need to decide whether an SMTP client is authorized to send mail to remote destinations, or only to destinations that the server itself is responsible for.<\/li>\n\n\n\n<li>Usually, SMTP servers accept mail to remote destinations when the client&#8217;s IP address is in the &#8220;same network&#8221; as the server&#8217;s IP address.<\/li>\n\n\n\n<li>SMTP clients outside the SMTP server&#8217;s network need a different way to get &#8220;same network&#8221; privileges. To address this need, Postfix supports SASL authentication. With this, a remote SMTP client can authenticate to the Postfix SMTP server, and the Postfix SMTP client can authenticate to a remote SMTP server.<\/li>\n\n\n\n<li>Once a client is authenticated, a server can give it &#8220;same network&#8221; privileges.<\/li>\n<\/ul>\n\n\n\n<p>To enable SASL server authentication, you need to;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Enable SMTP client-side authentication by setting the value of&nbsp;<code><strong>smtp_sasl_auth_enable<\/strong><\/code>&nbsp;to&nbsp;<code><strong>yes<\/strong><\/code>.<br><br><code>smtp_sasl_auth_enable = yes<\/code><br><\/li>\n\n\n\n<li>Configure the Postfix SMTP client to send username and password information to the mail gateway server. This can be done by defining the path to&nbsp;<code>sasl_passwd<\/code>&nbsp;as using the <code><strong>smtp_sasl_password_maps<\/strong><\/code> parameter.<br><br><code>smtp_sasl_password_maps = hash:\/etc\/postfix\/sasl_passwd<\/code><br><\/li>\n\n\n\n<li>Enforce STARTTLS encryption for outgoing SMTP to ensure that connection to the remote smtp server will be encrypted using the <code><strong>smtp_tls_security_level<\/strong><\/code> parameter.<br><br><code>smtp_tls_security_level = encrypt<\/code><br><\/li>\n\n\n\n<li>Define the Postfix SMTP client SASL security options. This be zero or more of the following options;\n<ul class=\"wp-block-list\">\n<li><strong>noplaintext:<\/strong> Disallow methods that use plaintext passwords.<\/li>\n\n\n\n<li><strong>noactive<\/strong>: Disallow methods subject to active (non-dictionary) attack.<\/li>\n\n\n\n<li><strong>nodictionary<\/strong>: Disallow methods subject to passive (dictionary) attack.<\/li>\n\n\n\n<li><strong>noanonymous<\/strong>: Disallow methods that allow anonymous authentication.<\/li>\n\n\n\n<li><strong>mutual_auth<\/strong>: Only allow methods that provide mutual authentication.<br><br><code>smtp_sasl_security_options = noanonymous<\/code><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<p>These configs can be updated on Postfix configuration file (<strong>See the highlighted lines<\/strong>);<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>...\nrelayhost = [smtp.gmail.com]:587\n...\n#\n...\n# SASL authentication\n# change may to encrypt.\nsmtp_tls_security_level = encrypt\nmeta_directory = \/etc\/postfix\nshlib_directory = \/usr\/lib64\/postfix\n# Added these lines\nsmtp_sasl_auth_enable = yes\nsmtp_sasl_password_maps = hash:\/etc\/postfix\/sasl_passwd\nsmtp_sasl_security_options = noanonymous\n<\/code><\/pre>\n\n\n\n<p>Save and exit the configurtion file.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Set the SMTP SASL Credentials<\/h4>\n\n\n\n<p>As per our configurations above, the SASL credentials database file is set to <strong><code>\/etc\/postfix\/sasl_passwd<\/code><\/strong>.<\/p>\n\n\n\n<p>You should define the SMTP credentials in the format;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code># destination                   credentials\n[smtp.domain.name]              username:password<\/code><\/pre>\n\n\n\n<p>As shown below;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>vim \/etc\/postfix\/sasl_passwd<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>[smtp.gmail.com]:587 userid@gmail.com:password<\/code><\/pre>\n\n\n\n<p>Replace the <code><strong>userid@gmail<\/strong><\/code> and <code><strong>password<\/strong><\/code> with your Gmail account credentials.<\/p>\n\n\n\n<p>Note:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>If you specify the &#8220;<code>[<\/code>&#8221; and &#8220;<code>]<\/code>&#8221; in the&nbsp;<code>relayhost<\/code>&nbsp;destination, you must as well use the same format in the&nbsp;<code>smtp_sasl_password_maps<\/code>&nbsp;file.<\/li>\n\n\n\n<li>If you specify a non-default TCP Port (such as &#8220;<code>:submission<\/code>&#8221; or &#8220;<code>:587<\/code>&#8220;) in the&nbsp;<code>relayhost<\/code>&nbsp;destination, you must as well use the same form in the&nbsp;<code>smtp_sasl_password_maps<\/code>&nbsp;file.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\">Secure the SASL Password File<\/h4>\n\n\n\n<p>The credentials are set in plaintext. To protect access to the file by other users, make the file read+write only for&nbsp;<code>root<\/code>.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>chown root:root \/etc\/postfix\/sasl_passwd\nchmod go-rwx \/etc\/postfix\/sasl_passwd\nchmod 600 \/etc\/postfix\/sasl_passwd<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">Create SASL Password DB file<\/h4>\n\n\n\n<p>Postfix requires that the&nbsp;<code>sasl_passwd<\/code>&nbsp;file to be a database such that it can be read faster. Use&nbsp;<code>postmap<\/code>&nbsp;command to convert the file into a database,&nbsp;<code>sasl_passwd.db<\/code>.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>postmap \/etc\/postfix\/sasl_passwd<\/code><\/pre>\n\n\n\n<p>This will assign the same ownership and permissions to the database file as set for the sasl_passwd file above.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>ls -l \/etc\/postfix\/sasl_passwd*<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>-rw-------. 1 root root 56 Dec 2 22:02 \/etc\/postfix\/sasl_passwd\n-rw-------. 1 root root 12288 Dec 2 22:03 \/etc\/postfix\/sasl_passwd.db<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">Check Postfix Configuration<\/h4>\n\n\n\n<p>Run the&nbsp;<code>postfix check<\/code>&nbsp;command to check the Postfix configuration for any error. Any error should printed on the output.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>postfix check<\/code><\/pre>\n\n\n\n<p>You can ignore the warning, <strong><code>postfix\/postfix-script: warning: symlink leaves directory: \/etc\/postfix\/.\/makedefs.out<\/code><\/strong>.<\/p>\n\n\n\n<p>Start and enable Postfix to run on system boot;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>systemctl enable --now  postfix<\/code><\/pre>\n\n\n\n<p>To check the status;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>systemctl status postfix<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\u25cf postfix.service - Postfix Mail Transport Agent\n   Loaded: loaded (\/usr\/lib\/systemd\/system\/postfix.service; disabled; vendor preset: disabled)\n   Active: active (running) since Wed 2020-12-02 22:04:20 EAT; 6s ago\n  Process: 3653 ExecStart=\/usr\/sbin\/postfix start (code=exited, status=0\/SUCCESS)\n  Process: 3651 ExecStartPre=\/usr\/libexec\/postfix\/chroot-update (code=exited, status=0\/SUCCESS)\n  Process: 3647 ExecStartPre=\/usr\/libexec\/postfix\/aliasesdb (code=exited, status=0\/SUCCESS)\n Main PID: 3721 (master)\n    Tasks: 3 (limit: 5027)\n   Memory: 5.6M\n   CGroup: \/system.slice\/postfix.service\n           \u251c\u25003721 \/usr\/libexec\/postfix\/master -w\n           \u251c\u25003722 pickup -l -t unix -u\n           \u2514\u25003723 qmgr -l -t unix -u\n\nDec 02 22:04:19 centos8.kifarunix-demo.com systemd[1]: Starting Postfix Mail Transport Agent...\nDec 02 22:04:20 centos8.kifarunix-demo.com postfix\/master[3721]: daemon started -- version 3.3.1, configuration \/etc\/postfix\nDec 02 22:04:20 centos8.kifarunix-demo.com systemd[1]: Started Postfix Mail Transport Agent.\n<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">Send a Test Mail to Verify Postfix Gmail SMTP Relay<\/h4>\n\n\n\n<p>Once you are done with the configuration, you can try to send a test mail to verify that Gmail SMTP relay works fine. You can use mail client or any other for this purpose.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>echo \"Test Postfix Gmail SMTP Relay\" | mail -s \"Postfix Gmail SMTP Relay\" <strong>userid@gmail.com<\/strong><\/code><\/pre>\n\n\n\n<p>You can tail the logs to check the delivery status;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>tail \/var\/log\/mail.log<\/code><\/pre>\n\n\n\n<p>If you get the error;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>...<strong>status=deferred (SASL authentication failed; server smtp.gmail.com[74.125.133.108] said: 535-5.7.8 Username and Password not accepted.<\/strong><\/code><\/pre>\n\n\n\n<p>You need to login to the account you used for the SASL authentication and enable <a href=\"https:\/\/myaccount.google.com\/lesssecureapps\" target=\"_blank\" rel=\"noreferrer noopener\">Less secure app access<\/a>.<\/p>\n\n\n\n<p>NOTE that the use of less secure app access has been deprecated. See how you can use App password as an alternative in the guide below;<\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/configure-postfix-to-use-gmail-app-passwords\/\" target=\"_blank\" rel=\"noreferrer noopener\">Configure Postfix to Use Gmail App Passwords<\/a><\/p>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1050\" height=\"443\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2020\/06\/less-secure-app-gmail.png\" alt=\"Configure Postfix to Use Gmail SMTP on CentOS 8\" class=\"wp-image-6003\" style=\"width:952px;height:401px\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2020\/06\/less-secure-app-gmail.png?v=1591022246 1050w, https:\/\/kifarunix.com\/wp-content\/uploads\/2020\/06\/less-secure-app-gmail-768x324.png?v=1591022246 768w\" sizes=\"(max-width: 1050px) 100vw, 1050px\" \/><\/figure>\n\n\n\n<p>After that, retry to sent the test mail and check the logs and hurray, our test mail is delivered, <strong>status=sent<\/strong>.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>...\nDec  2 22:04:56 ceph-admin postfix\/qmgr&#91;3723]: 46993C35EAC: from=&lt;root@ceph-admin.kifarunix-demo.com&gt;, size=513, nrcpt=1 (queue active)\nDec  2 22:05:00 ceph-admin postfix\/smtp&#91;3732]: 46993C35EAC: to=&lt;userid@gmail.com&gt;, relay=smtp.gmail.com&#91;108.177.127.109]:587, delay=4, delays=0.47\/0.33\/2\/1.2, dsn=2.0.0, status=sent (250 2.0.0 OK  1606935899 f18sm554842edt.60 - gsmtp)\n...<\/code><\/pre>\n\n\n\n<p>And that is how easy it is to configure Postfix to use Gmail as an SMTP relay host. That marks the end of our guide on how to install and configure Postfix to use Gmail SMTP relay host on CentOS 8.<\/p>\n\n\n\n<p>Read more about Postfix Configuration on;<\/p>\n\n\n\n<p><a rel=\"noreferrer noopener\" href=\"http:\/\/www.postfix.org\/BASIC_CONFIGURATION_README.html\" target=\"_blank\">Postfix Basic Configuration<\/a><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Related Tutorials<\/h3>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/configure-postfix-to-use-gmail-smtp-on-ubuntu-20-04\/\" target=\"_blank\" aria-label=\"Configure Postfix to Use Gmail SMTP on Ubuntu 20.04 (opens in a new tab)\" rel=\"noreferrer noopener\" class=\"rank-math-link\">Configure Postfix to Use Gmail SMTP on Ubuntu 20.04<\/a><\/p>\n\n\n\n<p><a rel=\"noreferrer noopener\" href=\"https:\/\/kifarunix.com\/configure-nagios-email-notification-using-gmail\/\" target=\"_blank\">Configure Nagios Email Notification Using Gmail<\/a><\/p>\n\n\n\n<p><a rel=\"noreferrer noopener\" href=\"https:\/\/kifarunix.com\/configure-sendmail-to-use-gmail-relay-on-ubuntu-18-04-debian-10-9\/\" target=\"_blank\">Configure Sendmail to Use Gmail Relay on Ubuntu 18.04\/Debian 10\/9<\/a><\/p>\n\n\n\n<p><a rel=\"noreferrer noopener\" href=\"https:\/\/kifarunix.com\/encrypt-emails-using-enigmail-on-thunderbird\/\" target=\"_blank\">Encrypt Emails using Enigmail on Thunderbird<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/configure-postfix-to-use-gmail-smtp-on-ubuntu-18-04\/\" target=\"_blank\" rel=\"noreferrer noopener\">Configure Postfix to Use Gmail SMTP on Ubuntu 18.04<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Welcome to our tutorial on how to configure Postfix to use Gmail SMTP on CentOS 8 to relay mails. Postfix is a free and open-source<\/p>\n","protected":false},"author":1,"featured_media":7347,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rank_math_lock_modified_date":false,"footnotes":""},"categories":[1631,272,121],"tags":[1634,2924,2925,288,1164,1635,2928,2929,2926],"class_list":["post-7342","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-postfix","category-email","category-howtos","tag-configure-postfix-with-gmail-smtp-relay-host","tag-install-postfix-centos-8","tag-mail-command-centos-8","tag-postfix","tag-postfix-gmail-relay","tag-postfix-gmail-smtp","tag-postfix-relay-host","tag-postfix-sasl","tag-sasl-postfix","generate-columns","tablet-grid-50","mobile-grid-100","grid-parent","grid-50","resize-featured-image"],"_links":{"self":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/7342"}],"collection":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/comments?post=7342"}],"version-history":[{"count":9,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/7342\/revisions"}],"predecessor-version":[{"id":21578,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/7342\/revisions\/21578"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media\/7347"}],"wp:attachment":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media?parent=7342"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/categories?post=7342"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/tags?post=7342"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}