Yin and Yang


Configuring Postfix as a Gmail Relay on CentOS

This tutorial should work on any distro based on RedHat, but I have only tested it on CentOS 6.4.
You will need to run the commands as root.

I found a ton of how-tos and tutorials on how to set up Postfix as a Gmail relay, but most of them required making a client certificate or were incomplete. After fighting with getting Postfix set up on CentOS 6.1, and browsing the internet for many, many days, I finally got it working. Part of the configuration is based on the pages found here and here.

Installing Postfix

Installing Postfix is easy, just run this command as root:

yum install postfix mailx cyrus-sasl-plain

Thanks to Jonathan for pointing that out.


Basically, you need to create a password file so that Postfix can authenticate to Gmail's servers. You do this by creating a file named sasl_passwd in /etc/postfix. Replace smtp_user and smtp_passwd with their respective values.

echo "smtp.gmail.com    smtp_user:smtp_passwd" > /etc/postfix/sasl_passwd

You then hash that file so that the password is not stored in clear text. This command will create a file named sasl_passwd.db in the /etc/postfix/ directory.

postmap hash:/etc/postfix/sasl_passwd

After that is done, add these to the bottom of /etc/postfix/main.cf. This is assuming that your root certificates installed from openssl are located in /etc/pki/tls/certs/ca-bundle.crt.

smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
# Secure channel TLS with exact nexthop name match.
smtp_tls_security_level = secure
smtp_tls_mandatory_protocols = TLSv1
smtp_tls_mandatory_ciphers = high
smtp_tls_secure_cert_match = nexthop
smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
relayhost = smtp.gmail.com:587

After that is done, restart postfix:

service postfix restart

Now test it to make sure it is working. Run this:

mail email@domain

Fill in the subject, put something in the body and then type a . and hit enter.

If all went well, you should get an email at the email address you entered. If you do, you can delete the file that has the password.

rm /etc/postfix/sasl_passwd

If it did not work, check the log to see what happened.

tail /var/log/maillog

Everything should be good after you get everything set up, so enjoy your new SMTP relay!