inside the mind of a linux admin

Configure Postfix to use a remote SMTP relay server via alternate port

On one of my local Ubuntu workstations at home, I sometimes have the need to send mail out using mailutils/mailx inside of scripts or on the command line. I also don’t necessarily want/need to set up an entire mail server on my workstation. In addition, Verizon FiOS doesn’t take too kindly to this for purposes of preventing malicious activity, SPAM, etc. They actually block outbound connections on the default SMTP port (25).

If you’re using Ubuntu 14.04 LTS, it comes with Postfix by default. If you’re using a different version or flavor, chances are you’ve got Sendmail or Exim installed. These instructions assume you’ve uninstalled whatever MTA came with your system, and that you want to use Postfix (far superior to its counterparts in my eyes).

First, it’s easiest to install postfix and Cyrus SASL packages from your operating system’s repository. If you’re compiling from source, be sure to make Postfix with the -DUSE_SASL_AUTH flag for SASL support and -DUSE_TLS for TLS support.

# apt-get install postfix libsasl2-2 -y

Note:
In Ubuntu/Debian/Mint, the SASL package is called libsasl2-2
In CentOS/RHEL/Fedora, the SASL packages are called cyrus-sasl and cyrus-sasl-plain

Next, edit the main Postfix configuration file @ /etc/postfix/main.cf to include the following:

# Set this to your server's fully qualified domain name.
# If you don't have a internet domain name,
# use the default or your email addy's domain - it'll keep
# postfix from generating warnings all the time in the logs
mydomain = local.domain
myhostname = host.local.domain

# Set this to your email provider's smtp server.
# A lot of ISP's (ie. Verizon) block the default port 25
# to prevent spamming. So in this case we'll use port 587.
relayhost = your.smtp.host:587

smtpd_sasl_auth_enable = yes
smtpd_sasl_path = smtpd
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_type = cyrus
smtp_sasl_auth_enable = yes

# optional: necessary if email provider uses load balancing and
# forwards emails to another smtp server
# for delivery (ie: smtp.yahoo.com --> smtp.phx.1.yahoo.com)
smtp_cname_overrides_servername = no

# optional: necessary if email provider
# requires passwords sent in clear text
smtp_sasl_security_options = noanonymous

Note: Your remote SMTP host must be configured to listen on the alternate port you specify in relayhost=

Next, you need to configure authentication with SASL, so edit /etc/postfix/sasl_passwd and provide the credentials in this format:

your.smtp.host:587 username:password

Note: The host and port must match identically to relayhost= in main.cf

Generate a postfix .db file from the previous file

# postmap hash:/etc/postfix/sasl_passwd

For security, you’ll want to make sure the sasl_passwd and sasl_passwd.db files are not readable:

# chmod 600 /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db

That’s it, restart the postfix service and test sending email.

# service postfix restart
# echo testing | mail some@address.com

If you did everything correctly, you’ll see your local host connect to the remote host and send the message. If something went wrong, you’ll want to start digging through logs to figure out why.

Enjoy!

Related Posts

synergy: How to enable crypto (encryption) and generate SSL certificate

The newer Linux versions of the popular mouse/keyboard sharing application “synergy” now has built in encryption. Here’s how to configure it: Just simply passing the –enable-crypto flag on your synergy server without having a proper SSL certificate will result in the inability to connect to clients and generate an error message similar to this in […]

Read More

Change Number Pad Delete (dot) key from a comma in Ubuntu Linux

I recently purchased a new keyboard and updated to the latest Ubuntu, I’m also an avid user of the number pad for quick input when dealing with spreadsheets or accounting. I found that my num pad’s delete key (“.”) was outputting a comma (“,”) instead. Pretty annoying? I agree, but this can be very easily […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

Twitter: kireguy

Tweeter button Facebook button Myspace button