CentOS 8.x postfix send email through relay or smarthost with smtp authentication

From Notes_Wiki
Revision as of 03:01, 30 March 2022 by Saurabh (talk | contribs)

Home > CentOS > CentOS 8.x > CentOS 8.x email servers > CentOS 8.x postfix > CentOS 8.x postfix send email through relay or smarthost with smtp authentication

To send email through relay with smtp authentication use:

  1. yum -y install cyrus-sasl cyrus-sasl-plain cyrus-sasl-lib postfix mailx
  2. Note that without cyrus-sasl and related packages error no worthy mechanisms found would be received while authenticating to relay server via postfix. Refer https://serverfault.com/questions/325955/no-worthy-mechs-found-when-trying-to-relay-email-to-gmail-using-postfix
  3. Set at least following in /etc/postfix/main.cf for mail system to work properly:
    myhostname
    mydomain
    myorigin
    inet_interfaces = all
    inet_protocols = ipv4
  4. edit /etc/postfix/sasl_passwd and put something like
    <smtp-server>:<port-number> <username-or-email-address>:<password>
    For example in case of gmail use:
    smtp.gmail.com:587 <gmail-email-address>:<gmail-password>
  5. Create hash postmap of sasl_password using:
    cd /etc/postfix
    chmod 600 sasl_passwd
    postmap hash:/etc/postfix/sasl_passwd
  6. edit /etc/postfix/main.cf and after relayhost comment lines insert
    smtp_sasl_auth_enable = yes
    smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
    smtp_sasl_security_options =
    smtp_tls_security_level = may
    relayhost = <relay-server>:<relay-port>
    Often relay port will be submission port (587) and not smtp port (25). Example smtp.gmail.com:587
  7. Start and enable postfix:
    systemctl start postfix
    systemctl enable postfix
  8. Test outgoing email using
    echo "Test email using postfix" | mail -s "Relay test with smtp authentication" saurabh@example.com
    If the outgoing email server compares from address with authentication details then use below instead
    echo "Test email using postfix" | mail -s "Relay test with smtp authentication" -r <From-address> <Recipient address>
  9. Look for successful email being sent or errors logs using:
    mailq
    tail -50 /var/log/maillog
    Also consider looking at destinatino email server /var/log/maillog if you have access to it for more information


To troubleshoot look at /var/log/maillog. In log lines look at value of ctladdr such as 'ctladdr=saurabh (501/501)'. Then look at /var/mail/saurabh or login as user saurabh and use 'mail' command to see error message sent by relay server.


Also have a look at https://stackoverflow.com/questions/55159882/how-do-i-configure-postfix-to-only-relay-emails-from-a-specific-domain if the relay should be used only for a few specific IDs and domains and not for every email.




Sending emails using Gmail SMTP server as relay

Avoid use of less secure apps. Better option is to enable 2-step verification. Then create app passwords for apps that do not support 2-step verification / OAUTH etc.. See

Also note that Gmail is likely to stop support for less secure apps very soon (See https://support.excelmicro.com/index.php?/News/NewsItem/View/374/g-suite-switch-to-g-suite-apps-that-use-secure-oauth-access-as-password-based-access-will-no-longer-be-supported ). Most of emails sent via gmail using this technique neither seem to get delivered neither bounce back!!!.

  1. Configure gmail to use app passwords using:
    1. Login into Gmail account and go to Settings -> Accounts -> Google Account Settings
    2. In "Google Account Settings" go to Security.
    3. In Security under "Signing in to Google" enable "2-Step Verification"
    4. After 2-step verification is enabled there should be option for App password underneath. Use App password and create password with meaningful name such as "postfix on example server".
    5. Configure this password directly in /etc/postfix/sasl_passwd as suggested in above steps. If you use app password do not forget to rerun 'postmap hash:/etc/postfix/sasl_passwd'. After this restart postfix 'systemctl restart postfix' for changes to take effect.
  2. Logging into above configured account via browser also helps for troubleshooting in case emails fail to deliver. After login to to Settings -> Account -> Google Account Settings. Then under Security there should be some alerts on blocked login attempts.

Refer: https://support.google.com/accounts/answer/185833#zippy=%2Cwhy-you-may-need-an-app-password


There is older article on this at Sending email via Gmail relay through postfix


Home > CentOS > CentOS 8.x > CentOS 8.x email servers > CentOS 8.x postfix > CentOS 8.x postfix send email through relay or smarthost with smtp authentication