Update Debian with current updates with Aptitude command
Install Aptitude command following aptitude update
#apt-get update -y && apt-get upgrade -y
Remove and delete exim4 configuration, data files, dependencies on Debian 7 with following command
#apt-get purge --auto-remove exim4
Make sure the postfix, libsasl2-modules and ca-certificates package is installed and up to date:
#apt-get install postfix libsasl2-modules ca-certificates mailutils
Set Postfix to start on server boot:
#update-rc.d postfix defaults
Remove postfix start on server boot
#update-rc.d postfix disable
Enable postfix start on server boot
#update-rc.d postfix enable
During Postfix installation, a pop up will appear asking for configuration.
- For “General type of mail configuration,” choose Internet Site.
- For System Mail name insert system hostname.
- For any other question, choose default values.
Configuring Gmail SMTP Usernames and Passwords Authentication
Create or edit the password file:
#nano /etc/postfix/sasl_passwd
Add this line:
[smtp.gmail.com]:587 [email protected]:password
Create hash db file for Postfix by running the postmap command:
#postmap /etc/postfix/sasl_passwd
Securing Password and Hash Database Files.
The /etc/postfix/sasl_passwd and the /etc/postfix/sasl_passwd.db files created in the previous steps contain your SMTP credentials in plain text. For security reasons, change ownership and permissions to root for the two files:
#chown root:root /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db #chmod 0600 /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db
Next, validate certificates to avoid running into error. Run following command:
#cat /etc/ssl/certs/Thawte_Premium_Server_CA.pem | tee -a /etc/postfix/cacert.pem
On Debian 8
Thawte_Premium_Server_CA.pem not exist on Debian 8,so we have to download it manually
#cd /etc/ssl/certs
#wget https://www.thawte.com/roots/thawte_Premium_Server_CA.pem
#mv thawte_Premium_Server_CA.pem Thawte_Premium_Server_CA.pem #cat /etc/ssl/certs/Thawte_Premium_Server_CA.pem | tee -a /etc/postfix/cacert.pem
Configuring the Relay Server on Postfix configuration /etc/postfix/main.cf file to use the external SMTP server.
#nano /etc/postfix/main.cf
Insert following gmail SMTP relay host line
relayhost = [smtp.gmail.com]:587
At the end of the file, add the following parameters to enable authentication:
#nano /etc/postfix/main.cf
Then add the following parameters on /etc/postfix/main.cf to enable authentication:
#enable SASL authentication smtp_sasl_auth_enable = yes # disallow methods that allow anonymous authentication. smtp_sasl_security_options = noanonymous # where to find sasl_passwd smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd # Enable STARTTLS encryption smtp_use_tls = yes # where to find CA certificates smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
Save the changes and Restart Postfix:
#service postfix restart
Send test email to test if Relay work good with mail command below
echo "This is a test." | mail -s "test message" [email protected]
Check the logs for any Postfix errors on Debian
#tail -f /var/log/mail.log
Error and Troubleshooting
Port 25 open by iptables firewall
Make sure port 25 open has been accept by iptables firewall, visit this article to Install and Set Up Iptables Firewall on Centos 6
Postfix Gmail SMTP Relay access denied
rcpt to: [email protected] 554 5.7.1 <[email protected]>: : Relay access denied
Your Google Account has been suspended
Hi vpshelpdesk, Google has suspended your Account, [email protected], because of a violation of our Terms of Service.
Please follow possible solution below, so far it is working for me
Change the “allow less secure apps” setting to enable. This allows them to connect to the account again.
Insert and Verify Account recovery email and phone
If Gmail SMTP Relay rare to use and rare sign in sometimes the message will not deliver again. Once check tail -f /var/log/maillog, we will find error below;
May 16 14:31:43 vpsheldesk.com postfix/smtp[1096]: D738BA40BE0: to=, relay=smtp.gmail.com[74.125.138.109]:587, delay=31, delays=0.01/0.04/31/0, dsn=4.7.14, status=deferred (SASL authentication failed; server smtp.gmail.com[74.125.138.109] said: 534-5.7.14 Please log in via your web browser and?534-5.7.14 then try again.?534-5.7.14 Learn more at?534 5.7.14 https://support.google.com/mail/answer/78754 w190sm8732463ywa.39 - gsmtp) Visit GMAIL HELP https://support.google.com/mail/answer/78754 and follow the instructions
Can’t sign in to my email app
If you’re using the wrong Gmail password on another email app, you might have these problems:
- The app keeps asking for your username and password
- You see an “invalid credentials” error message
- You see a “web login required” error message
If you have these problems or can’t sign in, first check to make sure you’re using the right password.
Tip: Keep in mind that passwords are case-sensitive.
Troubleshoot sign-in problems
If you’re sure your password is right, try these tips:
- If you’ve turned on 2-Step Verification for your account, you might need to enter an App password instead of your regular password.
- Sign in to your account from the web version of Gmail at https://mail.google.com. Once you’re signed in, try signing in to the mail app again.
- Visit http://www.google.com/accounts/DisplayUnlockCaptcha and sign in with your Gmail username and password. If asked, enter the letters in the distorted picture.
- Your app might not support the latest security standards. Try changing a few settings to allow less secure apps access to your account.
- Make sure your mail app isn’t set to check for new email too often. If your mail app check for new messages more than once every 10 minutes, the app’s access to your account could be blocked.
- Change your password according to our tips on creating a strong password.