Introduction
In this article we are going to configure Postfix to relay mail through an external SMTP server. This has its advantages if you are having spam issues sending mail directly from your own server.
Sending mail via Postifx has become increasingly more difficult due to the spam filters and restrictions put in place by email providers over the past few years.
My recommendation now is to relay all Postfix/PHP mail() email via an external, trusted email provider in order to guarantee delivery.
Prerequisites
You’ll need the address and port of your SMTP server, and the username and password of your email account.
Your SMTP port should be 587
, though this may be different depending on your host.
1. Install Postfix
If you’ve already installed Postfix, skip to Step 2.
Let’s update the package database first.
sudo apt-get update
Install mailutils
, which will automatically install Postfix.
sudo apt install -y mailutils
On the first Postfix configuration screen, select OK by pressing TAB
and ENTER
Select Internet Site and press ENTER
.
System mail name should be your domain name eg. example.com
, press ENTER
.
Package should now be installed.
2. Configure Postfix
Edit the Postfix configuration file.
sudo nano /etc/postfix/main.cf
Find the following line relayhost =
about 6 lines up from the bottom of the file and delete it.
Add the following to the end of the file. Make sure to replace smtp.example.com
with your own SMTP server. The default SMTP port is 587
, make sure you get the right one.
relayhost = [smtp.example.com]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_CAfile = /etc/postfix/cacert.pem
smtp_use_tls = yes
Save file and exit. (Press CTRL
+ X
, press Y
and then press ENTER
)
3. Create Password and DB Files
Create the sasl_passwd
file which will store our credentials.
sudo nano /etc/postfix/sasl_passwd
Insert the following:
[smtp.example.com]:587 username:password
Make sure to replace smtp.example.com
with your own SMTP server. The default SMTP port is 587
. Replace username
and password
with your own. The username is sometimes the email address.
Save file and exit. (Press CTRL
+ X
, press Y
and then press ENTER
)
Create a hash database file for Postfix with the postmap
command.
sudo postmap /etc/postfix/sasl_passwd
There should now be a file called sasl_passwd.db
in the /etc/postfix/
directory.
For added security, we will only allow root user to read and write to sasl_passwd
and sasl_passwd.db
sudo chown root:root /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db
sudo chmod 0600 /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db
4. Sign Certificate
Now we are going to create the certificate.
cat /etc/ssl/certs/thawte_Primary_Root_CA.pem | sudo tee -a /etc/postfix/cacert.pem
There should now be a certificate file called cacert.pem
in /etc/postfix
5. Send a Test Mail
We’ll now send a test email message. Make sure to replace [email protected]
with your own email address.
echo "Test Email message body" | mail -s "Email test subject" [email protected]
Don’t forget to check your spam folder.
If you still haven’t received any mail, check the mail error log.
sudo tail /var/log/mail.log
If the mail log is empty or doesn’t exist, try parsing the syslog. This will return the last 50 entries for postfix.
sudo tail -f -n 50 /var/log/syslog | grep postfix
If the syslog is empty and you still haven’t received any test email, it’s possible that the test email was rejected by the recipient server. You should check to see if anything has bounced back to your mail folder.
sudo less /var/mail/$(whoami)
Press uppercase G
to scroll to the bottom of the file and lowercase q
to quit. The $(whoami)
variable returns the currently logged in user.
Note: Sending Mail to Your Own Domain
If you ever intend to send email from postfix to your own domain, [email protected] for example, postfix may need some further configuration. Please see article Can’t send mail to own domain. Postfix: status=bounced (unknown user: “user”)
Let me know if this helped. Follow me on Twitter, Facebook and YouTube, or 🍊 buy me a smoothie.
[root@mailserver postfix]# cat /etc/ssl/certs/thawte_Primary_Root_CA.pem | sudo tee -a /etc/postfix/cacert.pem
cat: /etc/ssl/certs/thawte_Primary_Root_CA.pem: No such file or directory
Was this issue resolved? I am facing the same problem.
Mar 25 12:47:27 ubuntu postfix/smtp[5794]: E0DADC51F5: to=, relay=none, delay=2.1, delays=0.01/0.01/2.1/0, dsn=4.4.1, status=deferred (connect to smtp.gmail.com[2404:6800:4003:c03::6c]:587: Network is unreachable)
WOW, it works perfectly!
Thanks heaps!
Worked like a charm. Thank You!
[root@mantisbt ssl]# cat /etc/ssl/certs/thawte_Primary_Root_CA.pem | sudo tee -a /etc/postfix/cacert.pem
cat: /etc/ssl/certs/thawte_Primary_Root_CA.pem: No such file or directory
What is your distribution of Linux?
Also see if you can locate the cert
locate thawte_Primary_Root_CA.pem
I have the same issue, i.e. 257 certs in /etc/ssl/certs but no thawte_Primary_Root_CA.pem:
“cat: /etc/ssl/certs/thawte_Primary_Root_CA.pem: No such file or directory.”
I’m on Raspbian Buster, deritive of Debian 10. Locate drew a blank on “thawte_Primary_Root_CA.pem” as did find.
Can I substitute another cert?
sudo wget https://www.thawte.com/roots/thawte_Primary_Root_CA.pem
thank you doctor.
Awesome! Thank you so much for this. I’ve been trying to find a simple solution to allow my home server to email me via SMTP and this worked on the initial try.
Great! 🙂
Cannot send email, the following error occur:
(Host or domain name not found. Name service error for name=mail.khmerdeliveryservices.com
type=AAAA: Host found)
I did set up A record and AAAA record for mail.khmerdeliveryservices.com correctly from my domain registrar.
What have you got for
relayhost
in/etc/postfix/main.cf
?According to a DNS scan for you domain, you are using Namecheap for mail, is that right?
I’ve set this up with Mailgun so that WordPress comments will be emailed to my Gmail, however, I get this error in the log when I post a reply to someone.
What is the email address in Mailgun? I assume it’s not
root@your_domain.com
and that’s why Mailgun is rejecting it. In that case, you will need to add a canonical map for postfix.For example, if your Mailgun email address is
info@your_domain.com
, your canonical map would be:Please see below comment on how to set up a canonical map.
The syslog shows this error when trying to send a test. Using mailgun.
When I do a test email, nothing comes in. The syslog says this:
The problem is the from email address
myname@linuxserver
is invalid and the SMTP server is rejecting it.You will need to use a valid email address here, the same one you set up in
sasl_passwd
.To do this, we must do Postfix Address Rewriting.
Paste this to the bottom, save and exit.
Edit this file
Add in this file:
Where
myname@linuxserver
is what’s showing in the error log, and[email protected]
is the email address of the account you’re trying to send email through.Save file and close.
Now create the db file.
Restart postfix service
Now try send another test email
This works, I can send that test message. But when I try to send via PHP, nothing is received. Here is a new error.
It’s because you are trying to send mail to your own domain so the mail never leaves your server – it never reaches the external SMTP server at all. It’s telling you that it can’t find the account [email protected] on your server.
You need to make some changes to
/etc/postfix/main.cf
.Please see Can’t send mail to own domain. Postfix: status=bounced (unknown user: “user”)
OK I did that, now I have a different error when trying to send PHP mail.
This address:
[email protected]
is being rejected by the SMTP server because it doesn’t exist. Remember, this SMTP server will only except mail if the From email matches the account you are trying to send mail through.You will need to add another canonical map for
[email protected]
.Add
Where [email protected] is what’s showing in the error log, and [email protected] is the email address of the account you’re trying to send email through.
Save file and close.
Now create the db file.
Restart postfix service
Now try send another test email
My host Namecheap says to use mail server
server81.web-hosting.com
and port465
, will this work?There’s no reason to use port
465
. That mail server servers responds to port587
so I recommend using that.