CentOS 8.x postfix send email through relay or smarthost with smtp authentication
To send email through relay with smtp authentication use:
- yum -y install cyrus-sasl cyrus-sasl-plain cyrus-sasl-lib postfix mailx
- Note that without cyrus-sasl and related packages error no worthy mechanisms found would be received while authenticating to relay server via postfix. Refer https://serverfault.com/questions/325955/no-worthy-mechs-found-when-trying-to-relay-email-to-gmail-using-postfix
- Set at least following in /etc/postfix/main.cf for mail system to work properly:
- inet_interfaces = all
- inet_protocols = ipv4
- edit /etc/postfix/sasl_passwd and put something like
- <smtp-server>:<port-number> <username-or-email-address>:<password>
- For example in case of gmail use:
- smtp.gmail.com:587 <gmail-email-address>:<gmail-password>
- Create hash postmap of sasl_password using:
- cd /etc/postfix
- chmod 600 sasl_passwd
- postmap hash:/etc/postfix/sasl_passwd
- edit /etc/postfix/main.cf and after relayhost comment lines insert
- smtp_sasl_auth_enable = yes
- smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
- smtp_sasl_security_options =
- smtp_tls_security_level = may
- relayhost = <relay-server>:<relay-port>
- Often relay port will be submission port (587) and not smtp port (25). Example smtp.gmail.com:587
- Start and enable postfix:
- systemctl start postfix
- systemctl enable postfix
- Test outgoing email using
- echo "Test email using postfix" | mail -s "Relay test with smtp authentication" firstname.lastname@example.org
- If the outgoing email server compares from address with authentication details then use below instead
- echo "Test email using postfix" | mail -s "Relay test with smtp authentication" -r <From-address> <Recipient address>
- Look for successful email being sent or errors logs using:
- tail -50 /var/log/maillog
- Also consider looking at destinatino email server /var/log/maillog if you have access to it for more information
To troubleshoot look at /var/log/maillog. In log lines look at value of ctladdr such as 'ctladdr=saurabh (501/501)'. Then look at /var/mail/saurabh or login as user saurabh and use 'mail' command to see error message sent by relay server.
Also have a look at https://stackoverflow.com/questions/55159882/how-do-i-configure-postfix-to-only-relay-emails-from-a-specific-domain if the relay should be used only for a few specific IDs and domains and not for every email.
Sending emails using Gmail SMTP server as relay
Avoid use of less secure apps. Better option is to enable 2-step verification. Then create app passwords for apps that do not support 2-step verification / OAUTH etc.. See
Also note that Gmail is likely to stop support for less secure apps very soon (See https://support.excelmicro.com/index.php?/News/NewsItem/View/374/g-suite-switch-to-g-suite-apps-that-use-secure-oauth-access-as-password-based-access-will-no-longer-be-supported ). Most of emails sent via gmail using this technique neither seem to get delivered neither bounce back!!!.
- Configure gmail to use app passwords using:
- Login into Gmail account and go to Settings -> Accounts -> Google Account Settings
- In "Google Account Settings" go to Security.
- In Security under "Signing in to Google" enable "2-Step Verification"
- After 2-step verification is enabled there should be option for App password underneath. Use App password and create password with meaningful name such as "postfix on example server".
- Configure this password directly in /etc/postfix/sasl_passwd as suggested in above steps. If you use app password do not forget to rerun 'postmap hash:/etc/postfix/sasl_passwd'. After this restart postfix 'systemctl restart postfix' for changes to take effect.
- Logging into above configured account via browser also helps for troubleshooting in case emails fail to deliver. After login to to Settings -> Account -> Google Account Settings. Then under Security there should be some alerts on blocked login attempts.
There is older article on this at Sending email via Gmail relay through postfix