Hello OpenBSD community,
I’m setting up an OpenBSD 7.6 server running PostgreSQL 16.8, and I’m
trying to configure smtpd to send emails from cron jobs to an external
Gmail account. I’ve followed my own setup documentation (see below), but
I’m hitting an authentication error when sending emails. I suspect the
issue lies in /etc/mail/smtpd.conf or /etc/mail/secrets, and I’d greatly
appreciate your help in troubleshooting and resolving this.
My Setup:
- OS: OpenBSD 7.6 (fully patched with syspatch)
- Hostname: [my-server] (anonymized for this post)
- Network: Connected via a router with DynDNS ([my-dyndns].duckdns.org).
External access is restricted by pf to ports 22 (SSH) and 5432 (PostgreSQL).
- Goal: Send emails from cron jobs (e.g., echo "Hallo" | mail -s "Test"
[my-gmail]@gmail.com) to my Gmail account using smtpd as a relay via
smtp.gmail.com:587.
Configuration Details:
1. /etc/mail/smtpd.conf:
- table aliases file:/etc/mail/aliases
- listen on socket listen on lo0
- action "local_mail" mbox alias <aliases>
- match from local for local action "local_mail"
- table secrets file:/etc/mail/secrets
- action "relay" relay host "smtp://smtp.gmail.com:587" auth <secrets>
- match from local for any action "relay"
1. /etc/mail/secrets: gmail [my-gmail]@gmail.com:[my-app-password]
- Permissions: chmod 600 /etc/mail/secrets, owned by root:_smtpd.
- The password is a Google App Password (generated with spaces, e.g.,
xxxx xxxx xxxx xxxx, for an account with 2FA enabled).
- Content: "gmail infobsdu...@gmail.com:wkfh msov bnse xlwk" (Password
is not the real one)
3. /etc/mail/aliases: root: [my-gmail]@gmail.com
- Followed by doas newaliases.
4. Firewall (/etc/pf.conf):
- antispoof for re0 inet
- block drop
- pass in on re0 proto tcp from any to any port 22 keep state
- pass in on re0 proto tcp from any to any port 5432 keep state
- pass out on re0 inet proto { tcp udp } to any port { 53 80 443 123 587
} keep state
- Rules reloaded with doas pfctl -f /etc/pf.conf.
5. Service Status:
- doas rcctl check smtpd returns smtpd(ok).
- doas smtpd -n returns configuration OK.
- Enabled and started with doas rcctl enable smtpd and doas rcctl start
smtpd.
The Problem: When I run a test command: echo "Hallo" | mail -s "Test"
[my-gmail]@gmail.com The email doesn’t arrive at my Gmail account, and the
logs show an authentication failure:
Mar 27 09:48:44 [my-server] smtpd[71276]: 25cb81901fef0c4b mta connecting
address=smtp://64.233.167.109:587 host=wl-in-f109.1e100.net Mar 27 09:48:44
[my-server] smtpd[71276]: 25cb81901fef0c4b mta connected Mar 27 09:48:44
[my-server] smtpd[71276]: 25cb81901fef0c4b mta tls
ciphers=TLSv1.3:TLS_CHACHA20_POLY1305_SHA256:256 Mar 27 09:48:44
[my-server] smtpd[71276]: 25cb81901fef0c4b mta cert-check
result="unverified"
fingerprint="SHA256:bc5da60044fdab1aa57cb9ec019a47ecf55983ae81b0f8d50f1f0bf4a6c94be1"
Mar 27 09:48:44 [my-server] smtpd[71276]: 25cb81901fef0c4b mta delivery
evpid=79590e16b003b1d6 from=<bsduser@[my-server].my.domain> to=<[my-gmail]@
gmail.com> rcpt=<-> source="192.168.178.10" relay="64.233.167.109 (
wl-in-f109.1e100.net)" delay=0s result="PermFail" stat="530-5.7.0
Authentication Required. For more information, go to
https://support.google.com/mail/?p=WantAuthError
ffacd0b85a97d-3997f9e65d5sm19546995f8f.64 - gsmtp"
The error 530-5.7.0 Authentication Required suggests that Gmail rejects the
relay attempt due to an authentication issue. I haven’t made any changes to
the configuration since this test.
Additional Notes:
- My server is behind a router (Fritzbox), and I’m inexperienced with
networking, so I can’t rule out that something else might block outgoing
SMTP traffic, though port 587 is allowed in pf.
- The sender address in the log is bsduser@[my-server].my.domain, which
might be an issue since my.domain isn’t a real domain. My external address
is [my-dyndns].duckdns.org, but I’m not sure if this affects Gmail’s
acceptance.
- I haven’t set up the cron jobs yet—I want to get basic email sending
working first.
Questions:
1. Is there something wrong with my /etc/mail/smtpd.conf or
/etc/mail/secrets configuration? Does the App Password with spaces need
special handling?
2. Could the sender address (bsduser@[my-server].my.domain) cause Gmail
to reject the email? If so, how do I fix it?
3. Any other debugging steps or fixes you’d recommend to get this
working?
Thanks in advance for your help—I’m eager to get this resolved so I can
move on to setting up my cron jobs!
Best regards, Ralf (A really very inexperienced user)
