postfix relay to gmail

andrewm659

Active Member

Reaction score: 4
Messages: 166

I am trying to make my FreeBSD 10.1 jail instance relay to a Gmail account I have. I have Cyrus-SASL installed.

Here is my config:

Code:
root@mta:~ # postconf -n
command_directory = /usr/local/sbin
config_directory = /usr/local/etc/postfix
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix
debug_peer_level = 3
debug_peer_list = smtp.gmail.com
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
html_directory = /usr/local/share/doc/postfix
inet_protocols = ipv4
mail_owner = postfix
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
mydomain = borg.local
myhostname = mta1.borg.local
mynetworks_style = host
newaliases_path = /usr/local/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/local/share/doc/postfix
relayhost = [smtp.gmail.com]:587
sample_directory = /usr/local/etc/postfix
sendmail_path = /usr/local/sbin/sendmail
setgid_group = maildrop
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/usr/local/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_note_starttls_offer = yes
smtp_tls_policy_maps = hash:/usr/local/etc/postfix/tls_policy
smtp_use_tls = yes
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_tls_loglevel = 1
smtpd_use_tls = yes
unknown_local_recipient_reject_code = 550
root@mta:~ #

Code:
Nov 23 16:16:01 mta postfix/smtp[71107]: send attr reason = host smtp.gmail.com[173.194.194.108] said: 530-5.5.1 Authentication Required. Learn more at 530 5.5.1  https://support.google.com/mail/answer/14257 o10sm5237127igy.8 - gsmtp (in reply to MAIL FROM command)
Nov 23 16:16:01 mta postfix/smtp[71107]: vstream_fflush_some: fd 17 flush 588
Nov 23 16:16:01 mta postfix/smtp[71107]: vstream_buf_get_ready: fd 17 got 10
Nov 23 16:16:01 mta postfix/smtp[71107]: private/bounce socket: wanted attribute: status
Nov 23 16:16:01 mta postfix/smtp[71107]: input attribute name: status
Nov 23 16:16:01 mta postfix/smtp[71107]: input attribute value: 0
Nov 23 16:16:01 mta postfix/smtp[71107]: private/bounce socket: wanted attribute: (list terminator)
Nov 23 16:16:01 mta postfix/smtp[71107]: input attribute name: (end)
Nov 23 16:16:01 mta postfix/smtp[71107]: AFF991C354C: to=<myemail@gmail.com>, orig_to=<root@mta1.borg.local>, relay=smtp.gmail.com[173.194.194.108]:587, delay=0.34, delays=0/0/0.29/0.04, dsn=5.5.1, status=bounced (host smtp.gmail.com[173.194.194.108] said: 530-5.5.1 Authentication Required. Learn more at 530 5.5.1  https://support.google.com/mail/answer/14257 o10sm5237127igy.8 - gsmtp (in reply to MAIL FROM command))

I have the password in a separate file. I did not create my SSL cert, do I need to do that? I've read some sites that say I do, some I don't.

I'm not sure what I'm doing wrong...
 

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 12,681
Messages: 39,278

Did you run postmap /usr/local/etc/postfix/sasl_passwd? Also make sure the /usr/local/etc/postfix/sasl_passwd* files have the correct permissions.
 
OP
andrewm659

andrewm659

Active Member

Reaction score: 4
Messages: 166

Should the permissions be 400, 640 or 600?

Did you run postmap /usr/local/etc/postfix/sasl_passwd? Also make sure the /usr/local/etc/postfix/sasl_passwd* files have the correct permissions.
 

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 12,681
Messages: 39,278

Doesn't matter much, as long as the postfix user is able to read them and nobody else.
 
OP
andrewm659

andrewm659

Active Member

Reaction score: 4
Messages: 166

Doesn't matter much, as long as the postfix user is able to read them and nobody else.

Code:
root@mta:~ # ls -la /usr/local/etc/postfix/sasl_passwd
-rw-------  1 root  wheel  52 Nov 23 14:21 /usr/local/etc/postfix/sasl_passwd
root@mta:~ #
 

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 12,681
Messages: 39,278

That means the postfix user isn't able to read it. chown postfix /usr/local/etc/postfix/sasl_passwd*.
 
OP
andrewm659

andrewm659

Active Member

Reaction score: 4
Messages: 166

Its still giving me the error 530 Authentication Required after changing ownership on the file.
 

obsigna

Daemon

Reaction score: 898
Messages: 1,295

Code:
...
smtp_tls_policy_maps = hash:/usr/local/etc/postfix/tls_policy
smtp_use_tls = yes
...
Try to replace the above both settings smtp_tls_policy_maps= and smtp_use_tls= with:
smtp_tls_security_level=encrypt

smtp_use_tls=YES is deprecated and it sets opportunistic TLS which Google does not permit, and the use of smtp_tls_policy_maps=... offers way too much options for the only one relay host that allows only one TLS level, namely encrypt.
 

obsigna

Daemon

Reaction score: 898
Messages: 1,295

Verify that the entry in /usr/local/etc/postfix/sasl_passwd is in the form of:
Code:
[smtp.gmail.com]:submission <USERNAME>@gmail.com:<PASSWORD>
sudo -u postfix postmap /usr/local/etc/postfix/sasl_passwd
postfix reload
 

phoenix

Administrator
Staff member
Administrator
Moderator

Reaction score: 1,290
Messages: 4,099

It's much more convoluted, but I used the following tutorial to get Postfix at home relaying messages through to my Gmail account. You can skip over the first half of that page, and just start at the "How can I use Google's Gmail as a SMTP server instead of using my ISP's mail server?" section.

There's most likely a much simpler way to do this, but it's been running great for the past several months.
 
Top