Configure a Postfix Relay through Gmail on CentOS 7

Configure a Postfix Relay through Gmail on CentOS 7



Table of Contents

Introduction

Postfix is a flexible mail server that is available on most Linux distribution. Though a full feature mail server, Postfix can also be used as a simple relay host to another mail server, or smart host. This tutorial will describe how to configure Postfix as a relay through Gmail.
Simple Authentication and Security Layer (SASL) is a standard authentication framework supported by many services including Postfix.

Requirements

  • CentOS 7 or Red Hat Enterprise Linux 7
  • Valid Gmail or Google App credentials

Install Packages

Make sure Postfix, the SASL authentication framework, and mailx are all installed.
yum -y install postfix cyrus-sasl-plain mailx
Postfix will need to be restarted before the SASL framework will be detected.
systemctl restart postfix
Postfix should also be set to start on boot.
systemctl enable postfix

Configure Postfix

Open the /etc/postfix/main.cf and add the following lines to the end of the file.
myhostname = hostname.example.com

relayhost = [smtp.gmail.com]:587
smtp_use_tls = yes
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_tls_CAfile = /etc/ssl/certs/ca-bundle.crt
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
The myhostname parameter is optional. If the hostname is not specified, Postfix will use the fully-qualified domain name of the Linux server.
Save the main.cf file and close the editor.

Configure Postfix SASL Credentials

The Gmail credentials must now be added for authentication. Create a /etc/postfix/sasl_passwd file and add following line:
 [smtp.gmail.com]:587 username:password
The username and password values must be replaced with valid Gmail credentials. The sasl_passwd file can now be saved and closed.
A Postfix lookup table must now be generated from the sasl_passwd text file by running the following command.
postmap /etc/postfix/sasl_passwd
Access to the sasl_passwd files should be restricted.
chown root:postfix /etc/postfix/sasl_passwd*
chmod 640 /etc/postfix/sasl_passwd*
Lastly, reload the Postfix configuration.
systemctl reload postfix

Test the Relay

Use the mail command to test the relay.
echo "This is a test." | mail -s "test message" user@example.net
The destination address should receive the test message.

Troubleshoot Delivery Issues

The maillog can be reviewed if the test message is not successfully delivered. Open another shell and run tail while performing another test.
tail -f /var/log/maillog
If there are not enough details in the maillog to determine the problem, then the debug level can be increased by adding the following lines to the /etc/postfix/main.cf.
debug_peer_list=smtp.gmail.com
debug_peer_level=3
The Postfix configuration must be reloaded after updating the main.cf file.
systemctl reload postfix
Remember to remove the debug settings when testing is complete. The verbose logs can have a negative impact on server performance.

Comments

Post a Comment

Popular posts from this blog

How to Set Up IP and Port-Based Virtual Hosting (Vhosts) With Apache Web Server on CentOS 7

Image
How to Set Up IP and Port-Based Virtual Hosting (Vhosts) With Apache Web Server on CentOS 7 Table of Contents Introduction Requirements Set up multiple IP addresses on a single network interface Set up multiple instances of Apache Create the directory structure Create test web pages for each virtual host Set up ownership and permissions Create virtual host files Allow Apache through the firewall Test the virtual hosts Introduction Virtual hosting is a method for hosting multiple websites on a single machine. There are two types of virtual hosting:  Name-based virtual hosting  and  IP-based virtual hosting . IP-based virtual hosting is a technique to apply different directives based on the IP address and port a request is received on. You can assign a separate IP for each website on a single server using IP-based virtual hosting. This is mainly used to host different websites on different ports or IP addresses. In this article we will be creating: ...
Read more

Gateway to Gateway - Intro to Configure IPsec VPN (Gateway-to-Gateway ) using Strongswan

Image
Intro to Configure IPsec VPN (Gateway-to-Gateway ) using Strongswan Strongswan supports Gateway-to-Gateway (site-to-site) and Road warrior  types of VPN. In first type, network traffic is encrypted/decrypted on the gateway (entrance/exit) of an organization. However in Road warrior case, traffic encrypted from the end client (machine) to remote end gateway. In this article, we will explain creation of  tunnel between two sites of an organization to secure the communication. Strongswan based VPN server/gateway placement is shown in the following figure. We want to secure communication between 10.1.0.0/16 and 11.1.0.0/16 networks of organization. As shown in the above figure, we are interested to secure the communication from A to B and vice versa. It is important to make sure the routing of Strongswan based VPN Gateways in the organization network. We assume that machine from  office A can ping a machine in the network of B office . This will ensure th...
Read more