When configuring Sendmail to use Gmail's SMTP servers, the default port 25 configuration often fails due to ISP restrictions. Modern security practices mandate using encrypted ports 465 (SMTPS) or 587 (STARTTLS). Here's how to properly set up Sendmail for Gmail's secure ports.
First, modify your sendmail.mc with these crucial directives:
define(SMART_HOST', [smtp.gmail.com]')dnl
define(confAUTH_OPTIONS', A p')dnl
TRUST_AUTH_MECH(EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(confAUTH_MECHANISMS', EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(confCACERT_PATH', /etc/ssl/certs')dnl
define(confCACERT', /etc/ssl/certs/ca-certificates.crt')dnl
FEATURE(authinfo',hash -o /etc/mail/authinfo.db')dnlCreate /etc/mail/authinfo with proper credentials and encryption:
AuthInfo:smtp.gmail.com "U:your.email@gmail.com" "P:your_app_password" "M:PLAIN"
AuthInfo:[smtp.gmail.com]:587 "U:your.email@gmail.com" "P:your_app_password" "M:PLAIN"
AuthInfo:[smtp.gmail.com]:465 "U:your.email@gmail.com" "P:your_app_password" "M:PLAIN"Generate the database file:
makemap hash /etc/mail/authinfo < /etc/mail/authinfoFor port 587 (STARTTLS):
define(MAILER_DEFINITIONS',
define(SMART_HOST', [smtp.gmail.com]')dnl
define(RELAY_MAILER_ARGS', TCP $h 587')dnl
define(ESMTP_MAILER_ARGS', TCP $h 587')dnl
')dnlFor port 465 (SMTPS):
define(MAILER_DEFINITIONS',
define(SMART_HOST', [smtp.gmail.com]')dnl
define(RELAY_MAILER_ARGS', TCP $h 465')dnl
define(ESMTP_MAILER_ARGS', TCP $h 465')dnl
')dnlAfter making changes, rebuild your Sendmail configuration:
m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
service sendmail restartVerify your configuration with this command:
echo "Subject: Test" | sendmail -v -Am -t recipient@example.comCheck logs for troubleshooting:
tail -f /var/log/maillog- Use Gmail App Passwords instead of your main account password
- Ensure your server's hostname resolves properly
- Keep your SSL certificates up to date
- Consider rate limiting to avoid Gmail's sending limits
When attempting to configure Sendmail as a Gmail relay, many administrators encounter port blocking issues (especially port 25) by ISPs. Google's SMTP service actually requires either:
- Port 465 (SMTPS - implicit TLS)
- Port 587 (SMTP with STARTTLS)
Here's the complete working setup for modern Sendmail implementations:
# /etc/mail/sendmail.mc critical changes
define(SMART_HOST', [smtp.gmail.com]')dnl
define(confAUTH_OPTIONS', A p')dnl
TRUST_AUTH_MECH(EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(confAUTH_MECHANISMS', EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(RELAY_MAILER_ARGS', TCP $h 587')dnl
define(ESMTP_MAILER_ARGS', TCP $h 587')dnl
FEATURE(authinfo', hash -o /etc/mail/authinfo.db')dnlThe authinfo file requires special formatting for Gmail's requirements:
# /etc/mail/authinfo
AuthInfo:smtp.gmail.com "U:your.email@gmail.com" "P:your_app_specific_password" "M:PLAIN"
AuthInfo:[smtp.gmail.com]:587 "U:your.email@gmail.com" "P:your_app_specific_password" "M:PLAIN"
AuthInfo:[smtp.gmail.com]:465 "U:your.email@gmail.com" "P:your_app_specific_password" "M:PLAIN"Modern Sendmail versions need explicit TLS directives:
# Add to sendmail.mc
define(CERT_DIR', /etc/mail/certs')dnl
define(confCACERT_PATH', CERT_DIR')dnl
define(confCACERT', CERT_DIR/CAcert.pem')dnl
define(confSERVER_CERT', CERT_DIR/sendmail.pem')dnl
define(confSERVER_KEY', CERT_DIR/sendmail.pem')dnl
define(confCLIENT_CERT', CERT_DIR/sendmail.pem')dnl
define(confCLIENT_KEY', CERT_DIR/sendmail.pem')dnl- Process the configuration files:
makemap hash /etc/mail/authinfo < /etc/mail/authinfo m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf service sendmail restart - Verify with a test email:
echo "Test" | mail -s "SMTP Test" recipient@example.com - Check logs for troubleshooting:
tail -f /var/log/maillog
- Ensure you're using an App Password if 2FA is enabled
- Verify firewall rules allow outbound 587/tcp
- Check certificate directory permissions (typically 700)
- Test connectivity manually first:
openssl s_client -connect smtp.gmail.com:587 -starttls smtp