<yambe:breadcrumb self="Send email through relay or smarthost with smtp authentication">CentOS 8.x postfix|postfix</yambe:breadcrumb>

CentOS 8.x postfix send email through relay or smarthost with smtp authentication

To send email through relay with smtp authentication use:

1. yum -y install cyrus-sasl cyrus-sasl-plain cyrus-sasl-lib postfix mailx
2. Note that without cyrus-sasl and related packages error no worthy mechanisms found would be received while authenticating to relay server via postfix. Refer https://serverfault.com/questions/325955/no-worthy-mechs-found-when-trying-to-relay-email-to-gmail-using-postfix
3. Set at least following in /etc/postfix/main.cf for mail system to work properly:

   myhostname
   mydomain
   myorigin
   inet_interfaces = all
   inet_protocols = ipv4

4. edit /etc/postfix/sasl_passwd and put something like

   <smtp-server>:<port-number>  <username-or-email-address>:<password>

   For example in case of gmail use:

   smtp.gmail.com:587	<gmail-email-address>:<gmail-password>

5. Create hash postmap of sasl_password using:

   cd /etc/postfix
   chmod 600 sasl_passwd
   postmap hash:/etc/postfix/sasl_passwd

6. edit /etc/postfix/main.cf and after relayhost comment lines insert

   smtp_sasl_auth_enable = yes
   smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
   smtp_sasl_security_options =
   smtp_tls_security_level = may
   relayhost = <relay-server>:<relay-port>

   Often relay port will be submission port (587) and not smtp port (25). Example smtp.gmail.com:587

7. Start and enable postfix:

   systemctl start postfix
   systemctl enable postfix

8. echo "Test email using postfix" | mail -s "Relay test with smtp authentication" saurabh@sbarjatiya.com
9. Look for successful email being sent or errors logs using:

   mailq
   tail -50 /var/log/maillog

   Also consider looking at destinatino email server /var/log/maillog if you have access to it for more information

To troubleshoot look at /var/log/maillog. In log lines look at value of ctladdr such as 'ctladdr=saurabh (501/501)'. Then look at /var/mail/saurabh or login as user saurabh and use 'mail' command to see error message sent by relay server.

Sending emails using Gmail SMTP server as relay

Avoid use of less secure apps. Better option is to enable 2-step verification. Then create app passwords for apps that do not support 2-step verification / OAUTH etc.. See

Also note that Gmail is likely to stop support for less secure apps very soon (See https://support.excelmicro.com/index.php?/News/NewsItem/View/374/g-suite-switch-to-g-suite-apps-that-use-secure-oauth-access-as-password-based-access-will-no-longer-be-supported ). Most of emails sent via gmail using this technique neither seem to get delivered neither bounce back!!!.

1. Configure gmail to use app passwords using:
   1. Login into Gmail account and go to Settings -> Accounts -> Google Account Settings
   2. In "Google Account Settings" go to Security.
   3. In Security under "Signing in to Google" enable "2-Step Verification"
   4. After 2-step verification is enabled there should be option for App password underneath. Use App password and create password with meaningful name such as "postfix on example server".
   5. Configure this password directly in /etc/postfix/sasl_passwd as suggested in above steps. If you use app password do not forget to rerun 'postmap hash:/etc/postfix/sasl_passwd'. After this restart postfix 'systemctl restart postfix' for changes to take effect.
2. Logging into above configured account via browser also helps for troubleshooting in case emails fail to deliver. After login to to Settings -> Account -> Google Account Settings. Then under Security there should be some alerts on blocked login attempts.

Refer: https://support.google.com/accounts/answer/185833#zippy=%2Cwhy-you-may-need-an-app-password

There is older article on this at Sending email via Gmail relay through postfix

<yambe:breadcrumb self="Send email through relay or smarthost with smtp authentication">CentOS 8.x postfix|postfix</yambe:breadcrumb>