How to configure Postfix to use an External SMTP Server

Last updated on | 25 replies

Introduction

In this article we are going to configure Postfix to relay mail through an external SMTP server. This has its advantages if you are having spam issues sending mail directly from your own server.

Sending mail via Postifx has become increasingly more difficult due to the spam filters and restrictions put in place by email providers over the past few years.

My recommendation now is to relay all Postfix/PHP mail() email via an external, trusted email provider in order to guarantee delivery.

Prerequisites

You’ll need the address and port of your SMTP server, and the username and password of your email account.

Your SMTP port should be 587, though this may be different depending on your host.

1. Install Postfix

If you’ve already installed Postfix, skip to Step 2.

Let’s update the package database first.

sudo apt-get update

Install mailutils, which will automatically install Postfix.

sudo apt install -y mailutils

On the first Postfix configuration screen, select OK by pressing TAB and ENTER

Select Internet Site and press ENTER.

System mail name should be your domain name eg. example.com, press ENTER.

Package should now be installed.

2. Configure Postfix

Edit the Postfix configuration file.

sudo nano /etc/postfix/main.cf

Find the following line relayhost = about 6 lines up from the bottom of the file and delete it.

Add the following to the end of the file. Make sure to replace smtp.example.com with your own SMTP server. The default SMTP port is 587, make sure you get the right one.

/etc/postfix/main.cf
relayhost = [smtp.example.com]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_CAfile = /etc/postfix/cacert.pem
smtp_use_tls = yes

Save file and exit. (Press CTRL + X, press Y and then press ENTER)

3. Create Password and DB Files

Create the sasl_passwd file which will store our credentials.

sudo nano /etc/postfix/sasl_passwd

Insert the following:

/etc/postfix/sasl_passwd
[smtp.example.com]:587 username:password

Make sure to replace smtp.example.com with your own SMTP server. The default SMTP port is 587. Replace username and password with your own. The username is sometimes the email address.

Save file and exit. (Press CTRL + X, press Y and then press ENTER)

Create a hash database file for Postfix with the postmap command.

sudo postmap /etc/postfix/sasl_passwd

There should now be a file called sasl_passwd.db in the /etc/postfix/ directory.

For added security, we will only allow root user to read and write to sasl_passwd and sasl_passwd.db

sudo chown root:root /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db
sudo chmod 0600 /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db

4. Sign Certificate

Now we are going to create the certificate.

cat /etc/ssl/certs/thawte_Primary_Root_CA.pem | sudo tee -a /etc/postfix/cacert.pem

There should now be a certificate file called cacert.pem in /etc/postfix

5. Send a Test Mail

We’ll now send a test email message. Make sure to replace [email protected] with your own email address.

echo "Test Email message body" | mail -s "Email test subject" [email protected]

Don’t forget to check your spam folder.

If you still haven’t received any mail, check the mail error log.

sudo tail /var/log/mail.log

If the mail log is empty or doesn’t exist, try parsing the syslog. This will return the last 50 entries for postfix.

sudo tail -f -n 50 /var/log/syslog | grep postfix

If the syslog is empty and you still haven’t received any test email, it’s possible that the test email was rejected by the recipient server. You should check to see if anything has bounced back to your mail folder.

sudo less /var/mail/$(whoami)

Press uppercase G to scroll to the bottom of the file and lowercase q to quit. The $(whoami) variable returns the currently logged in user.

Note: Sending Mail to Your Own Domain

If you ever intend to send email from postfix to your own domain, [email protected] for example, postfix may need some further configuration. Please see article Can’t send mail to own domain. Postfix: status=bounced (unknown user: “user”)

Let me know if this helped. Follow me on Twitter, Facebook and YouTube, or 🍊 buy me a smoothie.

25 replies

Leave a reply

Your email address will not be published. Required fields are marked *

  1. [root@mailserver postfix]# cat /etc/ssl/certs/thawte_Primary_Root_CA.pem | sudo tee -a /etc/postfix/cacert.pem
    cat: /etc/ssl/certs/thawte_Primary_Root_CA.pem: No such file or directory

    Reply

  2. Mar 25 12:47:27 ubuntu postfix/smtp[5794]: E0DADC51F5: to=, relay=none, delay=2.1, delays=0.01/0.01/2.1/0, dsn=4.4.1, status=deferred (connect to smtp.gmail.com[2404:6800:4003:c03::6c]:587: Network is unreachable)

    Reply

  5. [root@mantisbt ssl]# cat /etc/ssl/certs/thawte_Primary_Root_CA.pem | sudo tee -a /etc/postfix/cacert.pem
    cat: /etc/ssl/certs/thawte_Primary_Root_CA.pem: No such file or directory

    Reply

    1. What is your distribution of Linux?

      Also see if you can locate the cert

      locate thawte_Primary_Root_CA.pem

      Reply

      1. I have the same issue, i.e. 257 certs in /etc/ssl/certs but no thawte_Primary_Root_CA.pem:

        “cat: /etc/ssl/certs/thawte_Primary_Root_CA.pem: No such file or directory.”

        I’m on Raspbian Buster, deritive of Debian 10. Locate drew a blank on “thawte_Primary_Root_CA.pem” as did find.

        Can I substitute another cert?

        Reply

  6. Awesome! Thank you so much for this. I’ve been trying to find a simple solution to allow my home server to email me via SMTP and this worked on the initial try.

    Reply

  7. Cannot send email, the following error occur:
    (Host or domain name not found. Name service error for name=mail.khmerdeliveryservices.com
    type=AAAA: Host found)

    I did set up A record and AAAA record for mail.khmerdeliveryservices.com correctly from my domain registrar.

    Reply

    1. What have you got for relayhost in /etc/postfix/main.cf?

      According to a DNS scan for you domain, you are using Namecheap for mail, is that right?

      Reply

  8. I’ve set this up with Mailgun so that WordPress comments will be emailed to my Gmail, however, I get this error in the log when I post a reply to someone.

    status=bounced (host smtp.mailgun.org[52.32.113.201] said: 550 5.1.0 Recipient rejected: <root@your_domain.co> (in reply to RCPT TO command))
    Reply

    1. What is the email address in Mailgun? I assume it’s not root@your_domain.com and that’s why Mailgun is rejecting it. In that case, you will need to add a canonical map for postfix.

      For example, if your Mailgun email address is info@your_domain.com, your canonical map would be:

      root@your_domain.co info@your_domain.co

      Please see below comment on how to set up a canonical map.

      Reply

  9. The syslog shows this error when trying to send a test. Using mailgun.

    status=bounced (host smtp.mailgun.org[34.237.7.101] said: 550 5.7.1 Relaying denied (in reply to RCPT TO command)
    Reply

  10. When I do a test email, nothing comes in. The syslog says this:

    postfix/smtp[19504]: 1EDFD41921: to=, relay=server81.web-hosting.com[192.64.118.70]:587, delay=1.9, delays=0.04/0.05/1.7/0.18, dsn=5.0.0, status=bounced (host server81.web-hosting.com[192.64.118.70] said: 550-Verification failed for 550-The mail server could not deliver mail to myname@linuxserver. The account or domain may not exist, they may be blacklisted, or missing the proper dns entries. 550 Sender verify failed (in reply to RCPT TO command))

    Reply

    1. The problem is the from email address myname@linuxserver is invalid and the SMTP server is rejecting it.

      You will need to use a valid email address here, the same one you set up in sasl_passwd.

      To do this, we must do Postfix Address Rewriting.

      sudo nano /etc/postfix/main.cf

      Paste this to the bottom, save and exit.

      sender_canonical_maps = hash:/etc/postfix/canonical

      Edit this file

      sudo nano /etc/postfix/canonical

      Add in this file:

      myname@linuxserver [email protected]

      Where myname@linuxserver is what’s showing in the error log, and [email protected] is the email address of the account you’re trying to send email through.

      Save file and close.

      Now create the db file.

      sudo postmap hash:/etc/postfix/canonical

      Restart postfix service

      sudo service postfix restart

      Now try send another test email

      echo "Test Email message body" | mail -s "Email test subject" [email protected]
      Reply

      1. This works, I can send that test message. But when I try to send via PHP, nothing is received. Here is a new error.

        postfix/qmgr[20768]: 8AF5C41923: from=, size=1252, nrcpt=1 (queue active)
postfix/local[20955]: 8AF5C41923: to=, relay=local, delay=0.04, delays=0.03/0.01/0/0.01, dsn=5.1.1, status=bounced (unknown user: "webmaster")
        Reply

          1. OK I did that, now I have a different error when trying to send PHP mail.

            status=bounced (host server81.web-hosting.com[192.64.118.70] said: 550-Verification failed for  550-No Such User Here" 550 Sender verify failed (in reply to RCPT TO command))

          2. This address: [email protected] is being rejected by the SMTP server because it doesn’t exist. Remember, this SMTP server will only except mail if the From email matches the account you are trying to send mail through.

            You will need to add another canonical map for [email protected].

            sudo nano /etc/postfix/canonical

            Add

            [email protected] [email protected]

            Where [email protected] is what’s showing in the error log, and [email protected] is the email address of the account you’re trying to send email through.

            Save file and close.

            Now create the db file.

            sudo postmap hash:/etc/postfix/canonical

            Restart postfix service

            sudo service postfix restart

            Now try send another test email