How to Configure Sendmail to Relay Through Gmail on Debian 12 (Bookworm)
Introduction
If you need to configure Sendmail to relay emails through Gmail on Debian 12 (Bookworm), you must adjust your configuration to align with Google’s updated security policies. Since Google has deprecated “Less Secure Apps” authentication, traditional methods no longer work. Instead, you must use an App Password for authentication. This guide provides updated steps to configure Sendmail properly for Gmail SMTP relay.
Prerequisites
- A Debian 12 (Bookworm) server with Sendmail installed
- A Gmail or Google Workspace account
- Two-factor authentication (2FA) enabled on your Google account
- An App Password for authentication
Step 1: Install Sendmail and Required Packages
Ensure Sendmail and essential utilities are installed:
sudo apt update && sudo apt install sendmail mailutils sendmail-bin -y
Step 2: Generate an App Password for Gmail
Google no longer allows direct password authentication for SMTP. Instead, you must create an App Password:
- Go to your Google Account Security Page.
- Under “Signing in to Google,” enable 2-Step Verification (if not already active).
- Navigate to App Passwords and generate a new password for “Mail.”
- Copy the 16-character App Password—you’ll need it in the next step.
Step 3: Configure Sendmail Authentication for Gmail
Create or edit the /etc/mail/authinfo file:
sudo nano /etc/mail/authinfo
Add the following line, replacing <your-email@gmail.com> with your Gmail address and <your-app-password> with the App Password you generated:
AuthInfo:smtp.gmail.com "U:<your-email@gmail.com>" "P:<your-app-password>" "M:PLAIN"
Save and exit.
Convert it into a Sendmail database format:
sudo makemap hash /etc/mail/authinfo < /etc/mail/authinfo
Step 4: Update Sendmail Configuration for Gmail SMTP Relay
Edit /etc/mail/sendmail.mc:
sudo nano /etc/mail/sendmail.mc
Modify or add the following lines:
define(`SMART_HOST', `smtp.gmail.com')
FEATURE(`authinfo', `hash -o /etc/mail/authinfo.db')
define(`RELAY_MAILER_ARGS', `TCP $h 587')
define(`ESMTP_MAILER_ARGS', `TCP $h 587')
FEATURE(`tls')
define(`confCACERT_PATH', `/etc/ssl/certs')
define(`confCACERT', `/etc/ssl/certs/ca-certificates.crt')
Save and exit the file.
Now rebuild Sendmail’s configuration:
sudo make -C /etc/mail
sudo systemctl restart sendmail
Step 5: Test the Sendmail Relay Configuration
Send a test email:
echo "Test email from Sendmail via Gmail on Debian 12" | mail -s "Test Email" recipient@example.com
Check the mail logs for any errors:
sudo journalctl -u sendmail --no-pager | tail -n 50
Alternative: Use Postfix with a Gmail SMTP Relay
If you run into persistent issues with Sendmail, Postfix may be an easier alternative only if you’re using an external SMTP relay (like Gmail, SendGrid, or Amazon SES). Self-hosted mail servers are often blocked or marked as spam unless using a reputable relay.
To install Postfix:
sudo apt install postfix mailutils libsasl2-modules
Then configure it to use Gmail’s SMTP relay with an App Password.
Conclusion
Debian 12 requires updated configurations for Sendmail due to Google’s security policies. By following these steps, you can securely relay emails through Gmail.
If your emails are not being delivered, ensure you are using Gmail’s SMTP relay correctly and not attempting to send directly from your server’s IP, which can lead to blacklisting.
For further troubleshooting, check Google’s SMTP relay documentation and review mail logs for errors.
