inside the mind of a linux admin

Configure Postfix to use a remote SMTP relay server via alternate port

On one of my local Ubuntu workstations at home, I sometimes have the need to send mail out using mailutils/mailx inside of scripts or on the command line. I also don’t necessarily want/need to set up an entire mail server on my workstation. In addition, Verizon FiOS doesn’t take too kindly to this for purposes of preventing malicious activity, SPAM, etc. They actually block outbound connections on the default SMTP port (25).

If you’re using Ubuntu 14.04 LTS, it comes with Postfix by default. If you’re using a different version or flavor, chances are you’ve got Sendmail or Exim installed. These instructions assume you’ve uninstalled whatever MTA came with your system, and that you want to use Postfix (far superior to its counterparts in my eyes).

First, it’s easiest to install postfix and Cyrus SASL packages from your operating system’s repository. If you’re compiling from source, be sure to make Postfix with the -DUSE_SASL_AUTH flag for SASL support and -DUSE_TLS for TLS support.

# apt-get install postfix libsasl2-2 -y

Note:
In Ubuntu/Debian/Mint, the SASL package is called libsasl2-2
In CentOS/RHEL/Fedora, the SASL packages are called cyrus-sasl and cyrus-sasl-plain

Next, edit the main Postfix configuration file @ /etc/postfix/main.cf to include the following:

# Set this to your server's fully qualified domain name.
# If you don't have a internet domain name,
# use the default or your email addy's domain - it'll keep
# postfix from generating warnings all the time in the logs
mydomain = local.domain
myhostname = host.local.domain

# Set this to your email provider's smtp server.
# A lot of ISP's (ie. Verizon) block the default port 25
# to prevent spamming. So in this case we'll use port 587.
relayhost = your.smtp.host:587

smtpd_sasl_auth_enable = yes
smtpd_sasl_path = smtpd
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_type = cyrus
smtp_sasl_auth_enable = yes

# optional: necessary if email provider uses load balancing and
# forwards emails to another smtp server
# for delivery (ie: smtp.yahoo.com --> smtp.phx.1.yahoo.com)
smtp_cname_overrides_servername = no

# optional: necessary if email provider
# requires passwords sent in clear text
smtp_sasl_security_options = noanonymous

Note: Your remote SMTP host must be configured to listen on the alternate port you specify in relayhost=

Next, you need to configure authentication with SASL, so edit /etc/postfix/sasl_passwd and provide the credentials in this format:

your.smtp.host:587 username:password

Note: The host and port must match identically to relayhost= in main.cf

Generate a postfix .db file from the previous file

# postmap hash:/etc/postfix/sasl_passwd

For security, you’ll want to make sure the sasl_passwd and sasl_passwd.db files are not readable:

# chmod 600 /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db

That’s it, restart the postfix service and test sending email.

# service postfix restart
# echo testing | mail some@address.com

If you did everything correctly, you’ll see your local host connect to the remote host and send the message. If something went wrong, you’ll want to start digging through logs to figure out why.

Enjoy!

Related Posts

Touchpad stops working after sleep + resume (Fedora 26 on Dell XPS)

After recently upgrading my Dell XPS 13 w/Touchscreen to Fedora 26, the touchpad suddenly stopped working upon resuming from sleep mode. It was reproduced 100% of the time, and required a complete restart in order to get the touchpad working again. There have been several forum posts and bug reports regarding others experiencing these exact […]

Read More

Fun with fsck on Fedora – avoiding mounted partitions and handling LUKS encrypted ones

I run Fedora on a few of my machines, and inevitably over the course of time the filesystem will need to be repaired because of orphaned inodes, wrong free byte counts, etc. Typically when EXT4 errors are detected during boot, Fedora will detect this and offer to drop you into “Emergency mode” or continue. example: […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

Tweeter button Facebook button Myspace button