Configuring Postfix as a Gmail Relay on CentOS
This tutorial should work on any distro based on RedHat, but I have only tested it on CentOS 6.4.
You will need to run the commands as root.
You will need to run the commands as root.
I found a ton of how-tos and tutorials on how to set up Postfix as a Gmail relay, but most of them required making a client certificate or were incomplete. After fighting with getting Postfix set up on CentOS 6.1, and browsing the internet for many, many days, I finally got it working. Part of the configuration is based on the pages found here and here.
Installing Postfix
Installing Postfix is easy, just run this command as root:
yum install postfix mailx cyrus-sasl-plain
Thanks to Jonathan for pointing that out.
Thanks to Jonathan for pointing that out.
Configuring
Basically, you need to create a password file so that Postfix can authenticate to Gmail's servers. You do this by creating a file named sasl_passwd in /etc/postfix. Replace smtp_user and smtp_passwd with their respective values.
echo "smtp.gmail.com smtp_user:smtp_passwd" > /etc/postfix/sasl_passwd
You then hash that file so that the password is not stored in clear text. This command will create a file named sasl_passwd.db in the /etc/postfix/ directory.
You then hash that file so that the password is not stored in clear text. This command will create a file named sasl_passwd.db in the /etc/postfix/ directory.
postmap hash:/etc/postfix/sasl_passwd
After that is done, add these to the bottom of /etc/postfix/main.cf. This is assuming that your root certificates installed from openssl are located in /etc/pki/tls/certs/ca-bundle.crt.
After that is done, add these to the bottom of /etc/postfix/main.cf. This is assuming that your root certificates installed from openssl are located in /etc/pki/tls/certs/ca-bundle.crt.
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
# Secure channel TLS with exact nexthop name match.
smtp_tls_security_level = secure
smtp_tls_mandatory_protocols = TLSv1
smtp_tls_mandatory_ciphers = high
smtp_tls_secure_cert_match = nexthop
smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
relayhost = smtp.gmail.com:587
After that is done, restart postfix:
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
# Secure channel TLS with exact nexthop name match.
smtp_tls_security_level = secure
smtp_tls_mandatory_protocols = TLSv1
smtp_tls_mandatory_ciphers = high
smtp_tls_secure_cert_match = nexthop
smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
relayhost = smtp.gmail.com:587
After that is done, restart postfix:
service postfix restart
Now test it to make sure it is working. Run this: