Postfix SMTP Relay Gmail Debian 7

Update Debian with current updates with Aptitude command

Install Aptitude command following aptitude update

#apt-get update -y && apt-get upgrade -y

Remove and delete exim4 configuration, data files, dependencies on Debian 7 with following command

#apt-get purge --auto-remove exim4

Make sure the postfix, libsasl2-modules and ca-certificates package is installed and up to date:

#apt-get install postfix libsasl2-modules ca-certificates mailutils

Set Postfix to start on server boot:

#update-rc.d postfix defaults

Remove postfix start on server boot

#update-rc.d postfix disable

Enable postfix start on server boot

#update-rc.d postfix enable

During Postfix installation, a pop up will appear asking for configuration.

  • For “General type of mail configuration,” choose Internet Site.
  • For System Mail name insert system hostname.
  • For any other question, choose default values.

Configuring Gmail SMTP Usernames and Passwords Authentication

Create or edit the password file:

#nano /etc/postfix/sasl_passwd

Add this line:

[]:587 [email protected]:password

Create hash db file for Postfix by running the postmap command:

#postmap /etc/postfix/sasl_passwd

Securing Password and Hash Database Files.

The /etc/postfix/sasl_passwd and the /etc/postfix/sasl_passwd.db files created in the previous steps contain your SMTP credentials in plain text. For security reasons, change ownership and permissions to root for the two files:

#chown root:root /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db
#chmod 0600 /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db

Next, validate certificates to avoid running into error. Run following command:

#cat /etc/ssl/certs/Thawte_Premium_Server_CA.pem | tee -a /etc/postfix/cacert.pem

On Debian 8

Thawte_Premium_Server_CA.pem not exist on Debian 8,so we have to download it manually

#cd /etc/ssl/certs
#mv thawte_Premium_Server_CA.pem Thawte_Premium_Server_CA.pem
#cat /etc/ssl/certs/Thawte_Premium_Server_CA.pem | tee -a /etc/postfix/cacert.pem

Configuring the Relay Server on Postfix configuration /etc/postfix/ file to use the external SMTP server.

#nano /etc/postfix/

Insert following gmail SMTP relay host line

relayhost = []:587

At the end of the file, add the following parameters to enable authentication:

#nano /etc/postfix/

Then add the following parameters on /etc/postfix/ to enable authentication:

#enable SASL authentication
smtp_sasl_auth_enable = yes
# disallow methods that allow anonymous authentication.
smtp_sasl_security_options = noanonymous
# where to find sasl_passwd
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
# Enable STARTTLS encryption
smtp_use_tls = yes
# where to find CA certificates
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt

Save the changes and Restart Postfix:

#service postfix restart

Send test email to test if Relay work good with mail command below

echo "This is a test." | mail -s "test message" [email protected]

Check the logs for any Postfix errors on Debian

#tail -f /var/log/mail.log

Error and Troubleshooting

Port 25 open by iptables firewall
Make sure port 25 open has been accept by iptables firewall, visit this article to Install and Set Up Iptables Firewall on Centos 6
Postfix Gmail SMTP Relay access denied

rcpt to: [email protected]
554 5.7.1 <[email protected]>: : Relay access denied

Your Google Account has been suspendedYour-Google-Account-has-been-suspended

Hi vpshelpdesk,
Google has suspended your Account, [email protected], because of a violation of our Terms of Service.

Please follow possible solution below, so far it is working for meallow-less-secure-apps-ON

Change the “allow less secure apps” setting to enable. This allows them to connect to the account again.
Insert and Verify Account recovery email and phoneVerify-Account-recovery-email-and-phone

If Gmail SMTP Relay rare to use and rare sign in sometimes the message will not deliver again. Once check tail -f /var/log/maillog, we will find error below;

May 16 14:31:43 postfix/smtp[1096]: D738BA40BE0: to=,[]:587, delay=31, delays=0.01/0.04/31/0, dsn=4.7.14, status=deferred (SASL authentication failed; server[] said: 534-5.7.14 Please log in via your web browser and?534-5.7.14 then try again.?534-5.7.14 Learn more at?534 5.7.14 w190sm8732463ywa.39 - gsmtp)
Visit GMAIL HELP and follow the instructions

Can’t sign in to my email app
If you’re using the wrong Gmail password on another email app, you might have these problems:

  • The app keeps asking for your username and password
  • You see an “invalid credentials” error message
  • You see a “web login required” error message

If you have these problems or can’t sign in, first check to make sure you’re using the right password.

Tip: Keep in mind that passwords are case-sensitive.
Troubleshoot sign-in problems
If you’re sure your password is right, try these tips:

  • If you’ve turned on 2-Step Verification for your account, you might need to enter an App password instead of your regular password.
  • Sign in to your account from the web version of Gmail at Once you’re signed in, try signing in to the mail app again.
  • Visit and sign in with your Gmail username and password. If asked, enter the letters in the distorted picture.
  • Your app might not support the latest security standards. Try changing a few settings to allow less secure apps access to your account.
  • Make sure your mail app isn’t set to check for new email too often. If your mail app check for new messages more than once every 10 minutes, the app’s access to your account could be blocked.
  • Change your password according to our tips on creating a strong password.

Leave a Reply

Your email address will not be published. Required fields are marked *