inside the mind of a linux admin

Configure Postfix to use a remote SMTP relay server via alternate port

On one of my local Ubuntu workstations at home, I sometimes have the need to send mail out using mailutils/mailx inside of scripts or on the command line. I also don’t necessarily want/need to set up an entire mail server on my workstation. In addition, Verizon FiOS doesn’t take too kindly to this for purposes of preventing malicious activity, SPAM, etc. They actually block outbound connections on the default SMTP port (25).

If you’re using Ubuntu 14.04 LTS, it comes with Postfix by default. If you’re using a different version or flavor, chances are you’ve got Sendmail or Exim installed. These instructions assume you’ve uninstalled whatever MTA came with your system, and that you want to use Postfix (far superior to its counterparts in my eyes).

First, it’s easiest to install postfix and Cyrus SASL packages from your operating system’s repository. If you’re compiling from source, be sure to make Postfix with the -DUSE_SASL_AUTH flag for SASL support and -DUSE_TLS for TLS support.

# apt-get install postfix libsasl2-2 -y

Note:
In Ubuntu/Debian/Mint, the SASL package is called libsasl2-2
In CentOS/RHEL/Fedora, the SASL packages are called cyrus-sasl and cyrus-sasl-plain

Next, edit the main Postfix configuration file @ /etc/postfix/main.cf to include the following:

# Set this to your server's fully qualified domain name.
# If you don't have a internet domain name,
# use the default or your email addy's domain - it'll keep
# postfix from generating warnings all the time in the logs
mydomain = local.domain
myhostname = host.local.domain

# Set this to your email provider's smtp server.
# A lot of ISP's (ie. Verizon) block the default port 25
# to prevent spamming. So in this case we'll use port 587.
relayhost = your.smtp.host:587

smtpd_sasl_auth_enable = yes
smtpd_sasl_path = smtpd
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_type = cyrus
smtp_sasl_auth_enable = yes

# optional: necessary if email provider uses load balancing and
# forwards emails to another smtp server
# for delivery (ie: smtp.yahoo.com --> smtp.phx.1.yahoo.com)
smtp_cname_overrides_servername = no

# optional: necessary if email provider
# requires passwords sent in clear text
smtp_sasl_security_options = noanonymous

Note: Your remote SMTP host must be configured to listen on the alternate port you specify in relayhost=

Next, you need to configure authentication with SASL, so edit /etc/postfix/sasl_passwd and provide the credentials in this format:

your.smtp.host:587 username:password

Note: The host and port must match identically to relayhost= in main.cf

Generate a postfix .db file from the previous file

# postmap hash:/etc/postfix/sasl_passwd

For security, you’ll want to make sure the sasl_passwd and sasl_passwd.db files are not readable:

# chmod 600 /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db

That’s it, restart the postfix service and test sending email.

# service postfix restart
# echo testing | mail some@address.com

If you did everything correctly, you’ll see your local host connect to the remote host and send the message. If something went wrong, you’ll want to start digging through logs to figure out why.

Enjoy!

Related Posts

How to install CSF Firewall on CentOS 7

ConfigServer (CSF) is advanced open-source firewall for Linux. If you are like me, I don’t really care much for the native firewalld that’s included with RHEL7 releases, and I’ve used APF for years which is basically just a frontend for iptables. Here’s instructions on how to install it: 1. Disable firewalld systemctl stop firewalld systemctl […]

Read More

ScreenCloud: Troubleshooting missing Python modules after updates

One of my favorite tools that I find myself using quite often is called “ScreenCloud“. It allows you to quickly select any area of your workspace, create an sized screen shot, and then upload it or export it off to their server, your Dropbox account or an SFTP server. If you’ve recently performed upgrades, either […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

Twitter: kireguy

Tweeter button Facebook button Myspace button