# postfix relay to gmail



## andrewm659 (Nov 23, 2015)

I am trying to make my FreeBSD 10.1 jail instance relay to a Gmail account I have.  I have Cyrus-SASL installed.  

Here is my config:


```
root@mta:~ # postconf -n
command_directory = /usr/local/sbin
config_directory = /usr/local/etc/postfix
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix
debug_peer_level = 3
debug_peer_list = smtp.gmail.com
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
html_directory = /usr/local/share/doc/postfix
inet_protocols = ipv4
mail_owner = postfix
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
mydomain = borg.local
myhostname = mta1.borg.local
mynetworks_style = host
newaliases_path = /usr/local/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/local/share/doc/postfix
relayhost = [smtp.gmail.com]:587
sample_directory = /usr/local/etc/postfix
sendmail_path = /usr/local/sbin/sendmail
setgid_group = maildrop
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/usr/local/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_note_starttls_offer = yes
smtp_tls_policy_maps = hash:/usr/local/etc/postfix/tls_policy
smtp_use_tls = yes
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_tls_loglevel = 1
smtpd_use_tls = yes
unknown_local_recipient_reject_code = 550
root@mta:~ #
```


```
Nov 23 16:16:01 mta postfix/smtp[71107]: send attr reason = host smtp.gmail.com[173.194.194.108] said: 530-5.5.1 Authentication Required. Learn more at 530 5.5.1  https://support.google.com/mail/answer/14257 o10sm5237127igy.8 - gsmtp (in reply to MAIL FROM command)
Nov 23 16:16:01 mta postfix/smtp[71107]: vstream_fflush_some: fd 17 flush 588
Nov 23 16:16:01 mta postfix/smtp[71107]: vstream_buf_get_ready: fd 17 got 10
Nov 23 16:16:01 mta postfix/smtp[71107]: private/bounce socket: wanted attribute: status
Nov 23 16:16:01 mta postfix/smtp[71107]: input attribute name: status
Nov 23 16:16:01 mta postfix/smtp[71107]: input attribute value: 0
Nov 23 16:16:01 mta postfix/smtp[71107]: private/bounce socket: wanted attribute: (list terminator)
Nov 23 16:16:01 mta postfix/smtp[71107]: input attribute name: (end)
Nov 23 16:16:01 mta postfix/smtp[71107]: AFF991C354C: to=<myemail@gmail.com>, orig_to=<root@mta1.borg.local>, relay=smtp.gmail.com[173.194.194.108]:587, delay=0.34, delays=0/0/0.29/0.04, dsn=5.5.1, status=bounced (host smtp.gmail.com[173.194.194.108] said: 530-5.5.1 Authentication Required. Learn more at 530 5.5.1  https://support.google.com/mail/answer/14257 o10sm5237127igy.8 - gsmtp (in reply to MAIL FROM command))
```

I have the password in a separate file.  I did not create my SSL cert, do I need to do that?  I've read some sites that say I do, some I don't.  

I'm not sure what I'm doing wrong...


----------



## SirDice (Nov 23, 2015)

Did you run `postmap /usr/local/etc/postfix/sasl_passwd`? Also make sure the /usr/local/etc/postfix/sasl_passwd* files have the correct permissions.


----------



## andrewm659 (Nov 23, 2015)

Yes I did.



SirDice said:


> Did you run `postmap /usr/local/etc/postfix/sasl_passwd`? Also make sure the /usr/local/etc/postfix/sasl_passwd* files have the correct permissions.


----------



## andrewm659 (Nov 23, 2015)

Should the permissions be 400, 640 or 600?



SirDice said:


> Did you run `postmap /usr/local/etc/postfix/sasl_passwd`? Also make sure the /usr/local/etc/postfix/sasl_passwd* files have the correct permissions.


----------



## SirDice (Nov 23, 2015)

Doesn't matter much, as long as the postfix user is able to read them and nobody else.


----------



## andrewm659 (Nov 23, 2015)

SirDice said:


> Doesn't matter much, as long as the postfix user is able to read them and nobody else.




```
root@mta:~ # ls -la /usr/local/etc/postfix/sasl_passwd
-rw-------  1 root  wheel  52 Nov 23 14:21 /usr/local/etc/postfix/sasl_passwd
root@mta:~ #
```


----------



## SirDice (Nov 23, 2015)

That means the postfix user isn't able to read it. `chown postfix /usr/local/etc/postfix/sasl_passwd*`.


----------



## andrewm659 (Nov 23, 2015)

Its still giving me the error 530 Authentication Required after changing ownership on the file.


----------



## obsigna (Nov 23, 2015)

andrewm659 said:


> ```
> ...
> smtp_tls_policy_maps = hash:/usr/local/etc/postfix/tls_policy
> smtp_use_tls = yes
> ...


Try to replace the above both settings smtp_tls_policy_maps= and smtp_use_tls= with:
`smtp_tls_security_level=encrypt`

smtp_use_tls=YES is deprecated and it sets opportunistic TLS which Google does not permit, and the use of smtp_tls_policy_maps=... offers way too much options for the only one relay host that allows only one TLS level, namely encrypt.


----------



## andrewm659 (Nov 23, 2015)

sSame thing. , even restarted the jail.


----------



## obsigna (Nov 23, 2015)

Verify that the entry in /usr/local/etc/postfix/sasl_passwd is in the form of:

```
[smtp.gmail.com]:submission <USERNAME>@gmail.com:<PASSWORD>
```
`sudo -u postfix postmap /usr/local/etc/postfix/sasl_passwd`
`postfix reload`


----------



## phoenix (Nov 23, 2015)

It's much more convoluted, but I used the following tutorial to get Postfix at home relaying messages through to my Gmail account.  You can skip over the first half of that page, and just start at the "How can I use Google's Gmail as a SMTP server instead of using my ISP's mail server?" section.

There's most likely a much simpler way to do this, but it's been running great for the past several months.


----------

