Linux: Postfix with a remote SMTP relay host

From Luky-Wiki
Revision as of 18:23, 13 November 2013 by Lukas Dzunko (talk | contribs)

Jump to: navigation, search

This is short guide how to setup postfix to use another server as email relay. Most of the dynamic IP address assigned to broadband (home) network are blacklisted. This is desired behavior as users should use email service instead of direct email delivery. If your are using server or Linux box to send notifications from local services then you may find problem to deliver such a notifications. Configuration of postfix is flexible and it is possible to configure it to act as "user" which use user/pass for authentication. Once postfix is authenticated on relay host it's possible to send emails through it. Here is example how to configure postifx in this way:

You should have running postfix. It should be installed with options sasl and ssl enabled. I don't cover installation itself here.

In order to configure postfix set following options in /etc/postfix/main.cf by editing configuration file or by postconf:

  • by editing:
relayhost = mail.example.com:587
smtp_use_tls = yes
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
  • via command:
postconf -e 'relayhost = mail.example.com:587'
postconf -e 'smtp_use_tls = yes'
postconf -e 'smtp_sasl_auth_enable = yes'
postconf -e 'smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd'
postconf -e 'smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt'

Description of configuration:

  • relayhost - dns name (or IP) used for client connection on remote server
  • smtp_use_tls - enable TLS/SSL connection to remote servers
  • smtp_sasl_auth_enable - sasl authentication to remote SMTP server (e.g. client login)
  • smtp_sasl_password_maps - map file with password
  • smtp_tls_CAfile - list of CAs to trust

Syntax for password file (/etc/postfix/sasl_passwd) is: 

mail.example.com:587 user:password

Once this file is in place access should be secured. I recommend root:root owner and 600 permisions. 

chown root:root /etc/postfix/sasl_passwd
chmod 600 /etc/postfix/sasl_passwd

Postfix access its files in binary form so before restart it is necessary to convert password file: 

postmap /etc/postfix/sasl_passwd

Last step is restart or reload of postfix: 

/etc/init.d/postfix restart

...

Retrieved from "https://lukas.dzunko.sk/index.php?title=Linux:_Postfix_with_a_remote_SMTP_relay_host&oldid=694"