Postfix using gmail.com relay, simply not working.

[zeroth]

I'm on Debian 7.0 testing

guide followed: Postfix: Configuring Gmail as Relay - matthew hawthorne is mhawthorne.net

/etc/postfix/main.cf

Code:

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
append_dot_mydomain = no
readme_directory = no
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
myhostname = eocserver.helix
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = eocserver.helix, localhost.helix, localhost
relayhost = [smtp.gmail.com]:587
smtp_use_tls=yes
smtp_sasl_auth_enable = yes 
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtp_sasl_security_options =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = loopback-only
default_transport = error
relay_transport = error

/var/log/mail.log: (my mail masked with Xs)

Code:

Feb 25 14:30:45 eocserver postfix/pickup[8569]: CCA3E5FC27: uid=0 from=<root>
Feb 25 14:30:45 eocserver postfix/cleanup[8582]: CCA3E5FC27: message-id=<20130225193045.CCA3E5FC27@eocserver.helix>
Feb 25 14:30:45 eocserver postfix/qmgr[8570]: CCA3E5FC27: from=<root@eocserver.helix>, size=257, nrcpt=1 (queue active)
Feb 25 14:30:45 eocserver postfix/error[8585]: CCA3E5FC27: to=<XXXXXXXXXX@gmail.com>, relay=none, delay=11, delays=11/0/0/0.03, dsn=5.0.0, status=bounced ([smtp.gmail.com]:587)
Feb 25 14:30:45 eocserver postfix/cleanup[8590]: DFB845FBE3: message-id=<20130225193045.DFB845FBE3@eocserver.helix>
Feb 25 14:30:45 eocserver postfix/qmgr[8570]: DFB845FBE3: from=<>, size=1966, nrcpt=1 (queue active)
Feb 25 14:30:45 eocserver postfix/bounce[8588]: CCA3E5FC27: sender non-delivery notification: DFB845FBE3
Feb 25 14:30:45 eocserver postfix/qmgr[8570]: CCA3E5FC27: removed
Feb 25 14:30:45 eocserver postfix/cleanup[8582]: E96C75FC27: message-id=<20130225193045.DFB845FBE3@eocserver.helix>
Feb 25 14:30:45 eocserver postfix/local[8587]: DFB845FBE3: to=<root@eocserver.helix>, relay=local, delay=0.08, delays=0.03/0.01/0/0.04, dsn=2.0.0, status=sent (forwarded as E96C75FC27)
Feb 25 14:30:45 eocserver postfix/qmgr[8570]: DFB845FBE3: removed
Feb 25 14:30:45 eocserver postfix/qmgr[8570]: E96C75FC27: from=<>, size=2097, nrcpt=1 (queue active)
Feb 25 14:30:46 eocserver postfix/error[8585]: E96C75FC27: to=<XXXXXXXXXX@gmail.com>, orig_to=<root@eocserver.helix>, relay=none, delay=0.08, delays=0.04/0/0/0.04, dsn=5.0.0, status=bounced ([smtp.gmail.com]:587)
Feb 25 14:30:46 eocserver postfix/qmgr[8570]: E96C75FC27: removed

notice there [b]relay=none[b]. wtf?

I've googled the error, a few others have had this problem but it's unclear if/how they resolved it.

[bsdtux]

Do you have your relay authentication with gmail servers setup? In the past when trying this that always seemed to be the step that would trip me up.

[zeroth]

Do you have your relay authentication with gmail servers setup? In the past when trying this that always seemed to be the step that would trip me up.

pop and imap are both enabled in my gmail account. or is something else required?

[bsdtux]

when setting up a relay you will still have to authenticate to the gmail server.

to accomplish this create a password file. The example I followed used the following (replace smtp_user:smtp_passwd with your gmail username and password)

Code:

echo "smtp.gmail.com    smtp_user:smtp_passwd" > /etc/postfix/sasl_passwd
postmap hash:/etc/postfix/sasl_passwd

This wil create a password files and hash it so that it does not stay in clear text on the server.

It looks like you already have your postfix file pointing to a sasl_passwd file which is good. One change would be to smtp_sasl_security_options =
make sure it says

Code:

smtp_sasl_security_options = noanonymous

after changing those restart the postfix service.

Code:

service postfix restart

[zeroth]

when setting up a relay you will still have to authenticate to the gmail server.

to accomplish this create a password file. The example I followed used the following (replace smtp_user:smtp_passwd with your gmail username and password)

Code:

echo "smtp.gmail.com    smtp_user:smtp_passwd" > /etc/postfix/sasl_passwd
postmap hash:/etc/postfix/sasl_passwd

This wil create a password files and hash it so that it does not stay in clear text on the server.

It looks like you already have your postfix file pointing to a sasl_passwd file which is good. One change would be to smtp_sasl_security_options =
make sure it says

Code:

smtp_sasl_security_options = noanonymous

after changing those restart the postfix service.

Code:

service postfix restart

oh yeah. I definitely did that.

[bsdtux]

in your password file do you have the following format

Code:

[smtp.gmail.com]:587 gmail-username@gmail.com:gmail-password

or is it like this

Code:

[smtp.gmail.com]:587 gmail-username:gmail-password

If it is like the second one then try changing it to the first method and see if that helps.

[zeroth]

in your password file do you have the following format

Code:

[smtp.gmail.com]:587 gmail-username@gmail.com:gmail-password

or is it like this

Code:

[smtp.gmail.com]:587 gmail-username:gmail-password

If it is like the second one then try changing it to the first method and see if that helps.

that's the format I use. I've tried both username variations.

[bsdtux]

that's the format I use. I've tried both username variations.

Ok I just tested this on a brand new CentOS machine and got it working. Here are the steps

1. install the following

Code:

yum install cyrus-sasl-plain

#Needed this because of authentication problems

2. Generated my own self signed cert. (I believe this is optional.)

Code:

openssl genrsa -des3 -out server.key 1024
openssl req -new -key server.key -out server.csr
cp server.key server.key.org
openssl rsa -in server.key.org -out server.key #this was supposed to clear the need for a passphrase but I couldn't get it to work. Still made me put one in
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

3. I added the following to my /etc/postfix/main.cf

Code:

relayhost = [smtp.gmail.com]:587
smtp_use_tls = yes
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = no anonymous
smtp_tls_CAfile = /etc/ssl/certs/server.crt

4. Then I created the password file and made sure not to make a new line

Code:

[smtp.gmail.com]:587 my_gmail_account@gmail.com:my_gmail_password
postmap sasl_passwd
chmod 600 sasl_passwd sasl_passwd.db

5. restart postfix

Code:

service postfix restart

6. OPTIONAL - I installed mailx which has always treated me better than the old mail command

Code:

yum install mailx
echo "This is a test email" | mailx -s 'A simple Test' test@example.com

I know you went through these steps but it normally helps me to start over from scratch in case I missed something. Also when I checked my logs I do see where it says relay=[smtp.gmail.com]

I hope this helps.

[zeroth]

I noticed you have a space in "no anonymous"

aside from the "optional" part of creating my own cert, and that space, my setup is the same.

maybe what I'm getting tripped up on is the cert. how is the cert even used? whats it for anyway? if I can just create my own on the fly, it sounds like it's just used to sign emails so recipients can see where the message originated. or does it need it to actually connect to gmail's smtp?

edit: also, there's no cyrus-sasl-plain package on debian 7 testing, so I'm guessing it was satisfied by a different name.

[bsdtux]

That was a typo. it should not have a space. Also try commenting out anything with my in your main.conf. As you pointed out the problem is that it is not even trying to use gmail as the relay.