Postfix
is a flexible mail server that is available on most Linux
distributions. Although Postfix is a full feature mail server, it can also be
used as a simple relay host to relay email to another mail server or
smart host for processing. This tutorial will describe how to configure Postfix as a
relay through Gmail.
Simple
Authentication and Security Layer (SASL) is a standard authentication
framework supported by many services including Postfix.
Requirements
- CentOS 7
- A Valid Gmail account or Google App credentials (I recommend creating a credential just for this use)
Install Packages
Ensure Postfix, the SASL authentication framework, and mailx are all installed:
yum -y install postfix cyrus-sasl-plain mailx
Postfix will need to be restarted before the SASL framework will be detected.:
systemctl restart postfix
Postfix should also be set to start on boot:
systemctl enable postfix
Configure Postfix
Open the /etc/postfix/main.cf file in your favorite text editor (vi!) and add the following lines to the end of the file:
myhostname = hostname.example.com #The hostname of your server
relayhost = [smtp.gmail.com]:587
smtp_use_tls = yes
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_tls_CAfile = /etc/ssl/certs/ca-bundle.crt
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
The myhostname parameter is optional. If the hostname is not specified, Postfix will use the fully-qualified domain name of the Linux server.
Save the main.cf file and close the editor.
Configure Postfix SASL Credentials
The Gmail credentials must now be added for authentication. Create a /etc/postfix/sasl_passwd file and add the following line:
[smtp.gmail.com]:587 username:password
The username and password values must be replaced with valid Gmail credentials. The sasl_passwd file
can now be saved and closed.
A Postfix lookup table must now be generated from the sasl_passwd text file by running the following command:
postmap /etc/postfix/sasl_passwd
Access to the sasl_passwd files should be restricted:
chown root:postfix /etc/postfix/sasl_passwd*
chmod 640 /etc/postfix/sasl_passwd*
And finally, reload the Postfix configuration:
systemctl reload postfix
Test the Relay
Use the mail command to test the relay:
echo "This is a test." | mail -s "test message" user@example.net
Instead of user@example.net, use a valid email address. Check your email!
Troubleshoot Delivery Issues
Postfix will log to /var/log/maillog, and this file can
be reviewed if the test message is not successfully delivered. Open a
separate shell window to watch the maillog using this command:
tail -f /var/log/maillog
Now re-run the email test in the original terminal window. Watch the log entries.
If there are not enough details in the log to determine the problem, then the debug level can be increased by adding the following lines to the /etc/postfix/main.cf file:
debug_peer_list=smtp.gmail.com
debug_peer_level=3
The Postfix configuration must be reloaded after updating the main.cf file:
systemctl reload postfix
Do not leave those settings in the configuration file long term, or your log files will get excessively large, which can have a negative impact on server performance.