Set up Postfix Gmail SMTP Relay on CentOS 6

This article describe how to Set up and Configure Postfix Gmail SMTP Relay on CentOS 6, we will set up Gmail as a Mail Relay, a Gmail account must ready to configure MTA to relay outgoing mail through Gmail.
Postfix is an MTA (Mail Transfer Agent), an application used to send and receive email.
GMail is a free web-based email service by Google with reliability and robust infrastructure who provides a simple sending email from the command line with smtp.gmail.com:587.

We Assume a website have contact form php page for visitor to send message. Postifx Mail Transfer Agent will deliver the message to recipient but guarantee the message will mark as spam. But if Postifx configure to use GMail as SMTP Relay, the message will send by Gmail account which already set up and configure on Postifx, so far the message will store at inbox not spam.

Install Postfix, make sure SASL authentication framework, and mailx also installed.
First Remove default MTA sendmail first if it’s already installed, make sure postfix as default MTA

#yum remove sendmail
#yum install postfix cyrus-sasl-plain mailx -y

Postfix will need to be start before the SASL framework will be detected.

#service postfix start

If error occurred postfix failed to start

Starting postfix:                                          [FAILED]
#tail -f /var/log/maillog
postfix[1070]:fatal:config variable inet_interfaces:host not found:localhost

Change the inet_interfaces setting in /etc/postfix/main.cf from:

inet_interfaces = localhost inet_interfaces = 127.0.0.1

Postfix should also be set to start on boot.

#chkconfig postfix on

Check that Postfix configured with SSL support (ie. ldd should return at least one line starting with libssl):

#whereis -b postfix
postfix: /usr/sbin/postfix /etc/postfix /usr/libexec/postfix
#ldd /usr/sbin/postfix
libssl.so.6 => /lib/libssl.so.6 (0x00111000)

Find your server’s CA root certificate bundle path, which is typically distributed with openssl. The bundle file is used by Postfix to verify Gmail’s SSL certificate (signed by Thawte).

#locate ca-bundle.crt
/etc/ssl/certs/ca-bundle.crt

Then edit /etc/postfix/main.cf, simply add/paste the following lines to the end of the file.

#vi /etc/postfix/main.cf
myhostname = hostname.example.com
relayhost = [smtp.gmail.com]:587
smtp_use_tls = yes
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_tls_CAfile = /etc/ssl/certs/ca-bundle.crt
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous

The myhostname is optional. If hostname is not specified, Postfix will use the fully-qualified domain name of the server.

Configure Postfix SASL Credentials
The Gmail credentials must now be added for authentication. Create a /etc/postfix/sasl_passwd file and add following line:

#vi /etc/postfix/sasl_passwd
[smtp.gmail.com]:587 username:password

The username and password values must be replaced with valid Gmail credentials.
A Postfix lookup table must now be generated from the sasl_passwd text file by running the following command.

#postmap /etc/postfix/sasl_passwd

Access to the sasl_passwd files should be restricted.

#chown root:postfix /etc/postfix/sasl_passwd*
#chmod 640 /etc/postfix/sasl_passwd*

Lastly, reload the Postfix configuration.

#service postfix restart

Test the Relay
Use the mail command to test the relay.

echo "This is a test." | mail -s "test message" [email protected]

The destination address should receive the test message.
Troubleshoot Delivery Issues
The maillog can be reviewed if the test message is not successfully delivered. Open another shell and run tail while performing another test.

tail -f /var/log/maillog

If there are not enough details in the maillog to determine the problem, then the debug level can be increased by adding the following lines to the /etc/postfix/main.cf.

debug_peer_list=smtp.gmail.com
debug_peer_level=3

The Postfix configuration must be reloaded after updating the main.cf file.

#service postfix restart

Remember to remove the debug settings when testing is complete. The verbose logs can have a negative impact on server performance.

PROBLEM or ERROR occurred and how to resolve them
Port 25 open by iptables firewall
Make sure port 25 open has been accept by iptables firewall, visit this article to Install and Set Up Iptables Firewall on Centos 6
Postfix Gmail SMTP Relay access denied

rcpt to: [email protected]
554 5.7.1 <[email protected]>: : Relay access denied

Your Google Account has been suspendedYour-Google-Account-has-been-suspended

Hi vpshelpdesk,
Google has suspended your Account, [email protected], because of a violation of our Terms of Service.

Please follow possible solution below, so far it is working for meallow-less-secure-apps-ON

Change the “allow less secure apps” setting to enable. This allows them to connect to the account again.
Insert and Verify Account recovery email and phoneVerify-Account-recovery-email-and-phone

If Gmail SMTP Relay rare to use and rare sign in sometimes the message will not deliver again. Once check tail -f /var/log/maillog, we will find error below;

May 16 14:31:43 vpsheldesk.com postfix/smtp[1096]: D738BA40BE0: to=, relay=smtp.gmail.com[74.125.138.109]:587, delay=31, delays=0.01/0.04/31/0, dsn=4.7.14, status=deferred (SASL authentication failed; server smtp.gmail.com[74.125.138.109] said: 534-5.7.14 Please log in via your web browser and?534-5.7.14 then try again.?534-5.7.14 Learn more at?534 5.7.14 https://support.google.com/mail/answer/78754 w190sm8732463ywa.39 - gsmtp)
Visit GMAIL HELP https://support.google.com/mail/answer/78754 and follow the instructions


Can’t sign in to my email app
If you’re using the wrong Gmail password on another email app, you might have these problems:

  • The app keeps asking for your username and password
  • You see an “invalid credentials” error message
  • You see a “web login required” error message

If you have these problems or can’t sign in, first check to make sure you’re using the right password.

Tip: Keep in mind that passwords are case-sensitive.
Troubleshoot sign-in problems
If you’re sure your password is right, try these tips:

  • If you’ve turned on 2-Step Verification for your account, you might need to enter an App password instead of your regular password.
  • Sign in to your account from the web version of Gmail at https://mail.google.com. Once you’re signed in, try signing in to the mail app again.
  • Visit http://www.google.com/accounts/DisplayUnlockCaptcha and sign in with your Gmail username and password. If asked, enter the letters in the distorted picture.
  • Your app might not support the latest security standards. Try changing a few settings to allow less secure apps access to your account.
  • Make sure your mail app isn’t set to check for new email too often. If your mail app check for new messages more than once every 10 minutes, the app’s access to your account could be blocked.
  • Change your password according to our tips on creating a strong password.