When sending emails through a local Postfix server directly to Gmail recipients, messages often land in spam folders due to:
- Lack of domain authentication (SPF/DKIM/DMARC)
- Missing TLS encryption
- No sender reputation with Gmail's servers
To properly relay through Gmail's SMTP, we need:
1. Postfix SMTP relay configuration
2. SASL authentication setup
3. TLS encryption
4. Proper Gmail account preparation1. Install Required Packages
yum install postfix cyrus-sasl cyrus-sasl-plain openssl2. Configure SASL Authentication
Create/edit /etc/postfix/sasl_passwd:
smtp.gmail.com:587 your.email@gmail.com:your-app-passwordThen secure and postmap the file:
chmod 600 /etc/postfix/sasl_passwd
postmap /etc/postfix/sasl_passwd3. Main Postfix Configuration
Edit /etc/postfix/main.cf with these key parameters:
relayhost = smtp.gmail.com:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_security_level = encrypt
smtp_tls_CAfile = /etc/ssl/certs/ca-bundle.crt
smtp_use_tls = yes4. Gmail Account Preparation
Before this will work, you must:
- Enable "Less secure app access" or create an App Password if using 2FA
- Allow access from your server's IP address if restrictive settings are enabled
After making changes, restart Postfix and test:
service postfix restart
echo "Test message" | mail -s "Test Subject" recipient@gmail.comCheck mail logs for errors:
tail -f /var/log/maillogFor better email deliverability, consider adding:
SPF Record
v=spf1 include:_spf.google.com ~allDKIM Signing
Install and configure OpenDKIM:
yum install opendkim opendkim-tools
mkdir /etc/opendkim/keys/yourdomain.com
opendkim-genkey -D /etc/opendkim/keys/yourdomain.com/ -d yourdomain.com -s defaultPostfix Header Checks
Add to main.cf:
header_checks = regexp:/etc/postfix/header_checksCreate /etc/postfix/header_checks:
/^Received:/ IGNORE
/^X-Originating-IP:/ IGNORE- Authentication failed: Verify app password and less secure apps setting
- Connection timeout: Check firewall rules for outbound port 587
- TLS handshake failure: Ensure correct CA certificates are installed
When sending emails through a local Postfix server without proper authentication, messages often land in recipients' spam folders. This happens because major email providers like Gmail enforce strict anti-spam measures for unauthenticated mail relays.
To properly configure Postfix as an authenticated relay through Gmail's SMTP server, you'll need:
1. A valid Gmail account (or Google Workspace account) 2. Postfix installed on CentOS/RHEL 3. SASL authentication libraries 4. Proper TLS configuration
1. Install Required Packages
yum install postfix cyrus-sasl cyrus-sasl-plain openssl2. Configure Postfix main.cf
Add these settings to /etc/postfix/main.cf:
relayhost = [smtp.gmail.com]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_security_level = encrypt
smtp_tls_CAfile = /etc/ssl/certs/ca-bundle.crt
smtp_use_tls = yes
3. Create SASL Password File
Create /etc/postfix/sasl_passwd with your Gmail credentials:
[smtp.gmail.com]:587 username@gmail.com:passwordThen secure and compile the file:
chmod 600 /etc/postfix/sasl_passwd
postmap /etc/postfix/sasl_passwd4. Enable "Less Secure Apps" in Gmail
For older Gmail accounts or if you're not using App Passwords, you'll need to enable this setting in your Google Account security page.
After restarting Postfix (service postfix restart), test with:
echo "Test message" | mail -s "Postfix Relay Test" recipient@example.comIf emails still go to spam:
1. Check /var/log/maillog for errors 2. Verify your server's hostname is properly set 3. Consider adding SPF and DKIM records 4. Ensure your From: address matches the authenticated account
For better deliverability, consider adding these to main.cf:
smtp_header_checks = regexp:/etc/postfix/header_checks
smtp_generic_maps = hash:/etc/postfix/genericExample header_checks file:
/^From:.*/ REPLACE From: "Your Name" <username@gmail.com>