CentOS 8.x postfix send email through relay or smarthost with smtp authentication
Home > CentOS > CentOS 8.x > CentOS 8.x email servers > CentOS 8.x postfix > CentOS 8.x postfix send email through relay or smarthost with smtp authentication
General postfix configuration to use a SMTP Relay
To send email through relay with smtp authentication use:
- Install required packages via:
dnf -y install epel-release dnf -y install cyrus-sasl cyrus-sasl-plain cyrus-sasl-lib postfix dnf -y install mailx dnf -y install s-nail
- Note that without cyrus-sasl and related packages error no worthy mechanisms found would be received while authenticating to relay server via postfix. Refer https://serverfault.com/questions/325955/no-worthy-mechs-found-when-trying-to-relay-email-to-gmail-using-postfix
- Set at least following in /etc/postfix/main.cf for mail system to work properly:
- myhostname
- mydomain
- myorigin
- inet_interfaces = all
- inet_protocols = ipv4
- edit /etc/postfix/sasl_passwd and put something like
- <smtp-server>:<port-number> <username-or-email-address>:<password>
- For example in case of gmail use:
- smtp.gmail.com:587 <gmail-email-address>:<gmail-password>
- Create hash postmap of sasl_password using:
- cd /etc/postfix
- chmod 600 sasl_passwd
- postmap hash:/etc/postfix/sasl_passwd
- edit /etc/postfix/main.cf and after relayhost comment lines insert
- smtp_sasl_auth_enable = yes
- smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
- smtp_sasl_security_options =
- smtp_tls_security_level = may
- relayhost = <relay-server>:<relay-port>
- Often relay port will be submission port (587) and not smtp port (25). Example smtp.gmail.com:587
- Start and enable postfix:
- systemctl start postfix
- systemctl enable postfix
- Test outgoing email using
- echo "Test email using postfix" | mail -s "Relay test with smtp authentication" saurabh@example.com
- If the outgoing email server compares from address with authentication details then use below instead
- echo "Test email using postfix" | mail -s "Relay test with smtp authentication" -r <From-address> <Recipient address>
- Look for successful email being sent or errors logs using:
- mailq
- tail -50 /var/log/maillog
- Also consider looking at destinatino email server /var/log/maillog if you have access to it for more information
To troubleshoot look at /var/log/maillog. In log lines look at value of ctladdr such as 'ctladdr=saurabh (501/501)'. Then look at /var/mail/saurabh or login as user saurabh and use 'mail' command to see error message sent by relay server.
Also have a look at https://stackoverflow.com/questions/55159882/how-do-i-configure-postfix-to-only-relay-emails-from-a-specific-domain if the relay should be used only for a few specific IDs and domains and not for every email.
Sending emails using Gmail SMTP server as relay
Avoid use of less secure apps. Better option is to enable 2-step verification. Then create app passwords for apps that do not support 2-step verification / OAUTH etc.. See
Also note that Gmail is likely to stop support for less secure apps very soon (See https://support.excelmicro.com/index.php?/News/NewsItem/View/374/g-suite-switch-to-g-suite-apps-that-use-secure-oauth-access-as-password-based-access-will-no-longer-be-supported ). Most of emails sent via gmail using this technique neither seem to get delivered neither bounce back!!!.
- Configure gmail to use app passwords using:
- Login into Gmail account and go to Settings -> Accounts -> Google Account Settings
- In "Google Account Settings" go to Security.
- In Security under "Signing in to Google" enable "2-Step Verification"
- After 2-step verification is enabled there should be option for App password underneath. Use App password and create password with meaningful name such as "postfix on example server".
- Configure this password directly in /etc/postfix/sasl_passwd as suggested in above steps. If you use app password do not forget to rerun 'postmap hash:/etc/postfix/sasl_passwd'. After this restart postfix 'systemctl restart postfix' for changes to take effect.
- Logging into above configured account via browser also helps for troubleshooting in case emails fail to deliver. After login to to Settings -> Account -> Google Account Settings. Then under Security there should be some alerts on blocked login attempts.
- In case you still get error related to ssmtp: Authorization failed (534 5.7.14 https://support.google.com/mail/answer/78754 v24-v6sm2921112pfl.31 - gsmtp) you can try visiting https://accounts.google.com/DisplayUnlockCaptcha to solve the problem
Refer: https://support.google.com/accounts/answer/185833#zippy=%2Cwhy-you-may-need-an-app-password
Sending email via Exchange SMTP relay server
In case of Exchange STMP relay server, we need to add following to main.cf:
smtp_sasl_mechanism_filter = !gssapi, !ntlm, static:rest
There is older article on this at Sending email via Gmail relay through postfix
Automated configuration of postfix with smart host with authentication
Shell script based configuration on Redhat systems
Use below script with appropriate command line arguments to setup postfix (Not tested in production yet):
!/bin/bash
# To use the script, save it in a file named install-postfix-redhat.sh and make it executable by running the command chmod +x install-postfix-redhat.sh. Then run the script by providing the parameters as command line arguments like this::
# ./install-postfix-redhat.sh hostname domain_name smtp_relay_host username password
# Replace the hostname, domain_name, smtp_relay_host, username, and password parameters with your own values.
#
# Input Parameters
hostname="$1"
domain_name="$2"
smtp_relay_host="$3"
username="$4"
password="$5"
# Install postfix package
sudo yum update
sudo yum install postfix -y
# Configure postfix
sudo sed -i "s/myhostname =.*/myhostname = $hostname.$domain_name/g" /etc/postfix/main.cf
sudo sed -i "s/mydestination =.*/mydestination = $hostname.$domain_name, $hostname, localhost.localdomain, localhost/g" /etc/postfix/main.cf
sudo sed -i "s/relayhost =.*/relayhost = $smtp_relay_host/g" /etc/postfix/main.cf
sudo sed -i "s/#smtp_sasl_auth_enable.*/smtp_sasl_auth_enable = yes/g" /etc/postfix/main.cf
sudo sed -i "s/#smtp_sasl_password_maps.*/smtp_sasl_password_maps = hash:\/etc\/postfix\/sasl_passwd/g" /etc/postfix/main.cf
sudo sed -i "s/#smtp_sasl_security_options.*/smtp_sasl_security_options = noanonymous/g" /etc/postfix/main.cf
# Create sasl_passwd file and set permissions
echo "$smtp_relay_host $username:$password" | sudo tee /etc/postfix/sasl_passwd > /dev/null
sudo chmod 600 /etc/postfix/sasl_passwd
sudo postmap /etc/postfix/sasl_passwd
# Restart postfix service
sudo systemctl restart postfix
sudo systemctl enable postfix
Shell script based configuration on Ubuntu systems
Use below script with appropriate command line arguments to setup postfix (Not tested in production yet):
#!/bin/bash
# To use the Ubuntu script, save it in a file named install-postfix-ubuntu.sh and make it executable by running the command chmod +x install-postfix-ubuntu.sh. Then run the script by providing the parameters as command line arguments like this:
# ./install-postfix-ubuntu.sh hostname domain_name smtp_relay_host username password
# Replace the hostname, domain_name, smtp_relay_host, username, and password parameters with your own values.
#
# Input Parameters
hostname="$1"
domain_name="$2"
smtp_relay_host="$3"
username="$4"
password="$5"
# Install postfix package
sudo apt-get update
sudo apt-get install postfix -y
# Configure postfix
sudo sed -i "s/myhostname =.*/myhostname = $hostname.$domain_name/g" /etc/postfix/main.cf
sudo sed -i "s/mydestination =.*/mydestination = $hostname.$domain_name, $hostname, localhost.localdomain, localhost/g" /etc/postfix/main.cf
sudo sed -i "s/relayhost =.*/relayhost = $smtp_relay_host/g" /etc/postfix/main.cf
sudo sed -i "s/#smtp_sasl_auth_enable.*/smtp_sasl_auth_enable = yes/g" /etc/postfix/main.cf
sudo sed -i "s/#smtp_sasl_password_maps.*/smtp_sasl_password_maps = hash:\/etc\/postfix\/sasl_passwd/g" /etc/postfix/main.cf
sudo sed -i "s/#smtp_sasl_security_options.*/smtp_sasl_security_options = noanonymous/g" /etc/postfix/main.cf
# Create sasl_passwd file and set permissions
echo "$smtp_relay_host $username:$password" | sudo tee /etc/postfix/sasl_passwd > /dev/null
sudo chmod 600 /etc/postfix/sasl_passwd
sudo postmap /etc/postfix/sasl_passwd
# Restart postfix service
sudo systemctl restart postfix
sudo systemctl enable postfix
Home > CentOS > CentOS 8.x > CentOS 8.x email servers > CentOS 8.x postfix > CentOS 8.x postfix send email through relay or smarthost with smtp authentication