Postfix config
Platforms:
any Linux distro
What You'll Need:
Postfix 2.2+
cyrus-sasl 2.1.19+
email account
A typical email scenario: you're a developer, and you've got a development Linux box at home. You need to be able to send emails from your code or cron jobs, but you're too lazy to set up a full fledged email server on your LAN. Or you just want to use your email account provided by your ISP.
Enter the Postfix.
Most Linux distros come with Sendmail already installed, and is usually the default mail client used by the running services. However, Postfix beats the crap out of Sendmail and is a complete, seamless replacement. Here's how I got it going on my CentOS box.
Install
Install Postfix and cyrus-sasl with your application manager of choice. If you're compiling from source, be sure to make Postfix with the -DUSE_SASL_AUTH flag for SASL support and -DUSE_TLS for TLS support.
$ yum install postfix cyrus-sasl
Stop the sendmail service
$ /etc/init.d/sendmail stop
Remove sendmail from the startup runlevels
$ chkconfig --del sendmail
Typical Setup
Edit /etc/postfix/main.cf
# Set this to your server's fully qualified domain name. # If you don't have a internet domain name, # use the default or your email addy's domain - it'll keep # postfix from generating warnings all the time in the logs mydomain = local.domain myhostname = host.local.domain # Set this to your email provider's smtp server. # A lot of ISP's (ie. Cox) block the default port 25 # to prevent spamming. So we'll use port 80 relayhost = yourisp.smtp.servername:80 smtpd_sasl_auth_enable = yes smtpd_sasl_path = smtpd smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_sasl_type = cyrus smtp_sasl_auth_enable = yes # optional: necessary if email provider uses load balancing and # forwards emails to another smtp server # for delivery (ie: smtp.yahoo.com --> smtp.phx.1.yahoo.com) smtp_cname_overrides_servername = no # optional: necessary if email provider # requires passwords sent in clear text smtp_sasl_security_options = noanonymous
There's roughly a 99.9% chance that your email provider's SMTP server requires authentication. We need to set that up with the username and password given by your email provider.
Add the following line to /etc/postfix/sasl_passwd
# The server info must exactly match the value # for "relayhost" in /etc/postfix/main.cf yourisp.smtp.servername:80 username:password
Generate a postfix lookup table from the previous file
$ postmap hash:/etc/postfix/sasl_passwd
Test the lookup table, if all is good then the following will return the specified username:password
$ postmap -q yourisp.smtp.servername:80 /etc/postfix/sasl_passwd
Get rid of the clear text password file
$ rm /etc/postfix/sasl_passwd
Add postfix to be started at boot
$ chkconfig --add postfix
Fire up Postfix
$ /etc/init.d/postfix start
Test it out using sendmail from the command prompt
$ sendmail email@example.com Postfix is all up in dis hizzle. .
Gmail Setup
If you're attempting to relay mail using Gmail, then it will be necessary to use TLS with Postfix. You'll have to point Postfix at your server's trusted CA root certificate bundle, but luckily "...client-side certificates are not required when relaying mail to GMail".
First, double-check that Postfix was configured with SSL support (ie. ldd should return at least one line starting with libssl):
$ whereis -b postfix postfix: /usr/sbin/postfix /etc/postfix /usr/libexec/postfix $ ldd /usr/sbin/postfix ... libssl.so.6 => /lib/libssl.so.6 (0x00111000) ...
Now we need to find your server's CA root certificate bundle, which is typically distributed with openssl. The bundle file is used by Postfix to verify Gmail's SSL certificate (signed by Thawte). On my CentOS server, this file was located at /etc/pki/tls/certs/ca-bundle.crt, but may be in a different location on your box (ie. /etc/ssl/certs).
$ locate ca-bundle.crt /etc/pki/tls/certs/ca-bundle.crt
Edit /etc/postfix/main.cf with the following values:
relayhost = smtp.gmail.com:587 # your FQDN, or default value below mydomain = local.domain # your local machine name, or default value below myhostname = host.local.domain myorigin = $myhostname # SASL smtpd_sasl_path = smtpd smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_sasl_type = cyrus smtp_sasl_auth_enable = yes smtp_sasl_security_options = noanonymous # TLS smtp_sasl_tls_security_options = noanonymous smtp_use_tls = yes smtp_tls_CAfile = /path/to/your/ca-bundle.crt smtp_sasl_tls_security_options = noanonymous
If you haven't already, add the following to /etc/postfix/sasl_passwd
# The server info must exactly match the value # for "relayhost" in /etc/postfix/main.cf smtp.gmail.com:587 username:password
Generate a postfix lookup table from the previous file
$ postmap hash:/etc/postfix/sasl_passwd
Get rid of the clear text password file
$ rm /etc/postfix/sasl_passwd
Restart postfix and send a test email
$ postfix reload $ sendmail email@example.com Test relay thru Gmail .
Troubleshooting
Monitor postfix mail log in a separate session with the following command
$ tail -f /var/log/maillog
If the log is displaying the following error
(Authentication failed: cannot SASL authenticate to server ...: no mechanism available)
then set this variable in /etc/postfix/main.cf
smtp_sasl_security_options = noanonymous
If the log is displaying this error
553 Sorry, that domain isn't in my list of allowed rcpthosts. (in reply to RCPT TO command)
check your username and password in /etc/postfix/sasl_passwd. Your user name is usually your full email address. If you have to fix it, don't forget to use postmap to generate a new lookup table.
Im getting the following response from smart host:
550 relaying mail to gmail.com is not allowed
What does that mean? I have asked my ISP to add my domain name to their list, what else could be the problem? Wrong local hostname? ...
Thanks.
@David Montalvo
Have you tried enabling TLS with Postfix? I just added a new section to the post on configuring Postfix to relay with Gmail.
I'm getting "said: 530 5.7.1 Client was not authenticated (in reply to MAIL FROM command)". When I manually email using telnet, it works.
# telnet smtp.x.com 25
Trying x.x.120.200...
Connected to smtp.x.com (x.x.120.200).
Escape character is '^]'.
220
EHLO
250-exchange.x.net Hello [x.x.108.226]
250-SIZE 52428800
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-XXXXXXXA
250-AUTH LOGIN
250-8BITMIME
250-BINARYMIME
250 XXXXXXXB
AUTH LOGIN
334 VXNlcm5hbWU6
ZW1pc3lzdGVtQGVtaW1wx
334 UGFzc3dvcmQ63
SW1lOTg3NjU0MzIx3
235 2.7.0 Authentication successful
mail from: x@x.com
250 2.1.0 Sender OK
rcpt to: y@y.com
250 2.1.5 Recipient OK
data
354 Start mail input; end with .
Test001a
.
250 2.6.0 Queued mail for delivery
@Ed - try enabling this in /etc/postfix/main.cf:
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous
And make sure you've exactly specified your smtp.x.com:80 username:password in /etc/postfix/sasl_passwd and generated a postfix lookup table from it. smtp.x.com:80 needs to match exactly what you've specified in /etc/postfix/main.cf:
$ postmap -q smtp.x.com:80 /etc/postfix/sasl_passwd
Also, check if your email provider's smtp server accepts connections over port 80 (or whichever port you're using above).
I did some more digging. It seems Postfix Client is not authenticating into my smtp server. It goes immediately into "MAIL FROM:". Do you know why this is so? I configured my main.cf and sasl_passwd similarly as you.
Dec 2 13:18:17 genre1 postfix/pickup[9038]: E231BE004D: uid=510 from=
Dec 2 13:18:17 genre1 postfix/cleanup[9082]: E231BE004D: message-id=
Dec 2 13:18:17 genre1 postfix/qmgr[9039]: E231BE004D: from=, size=496, nrcpt=1 (queue activex
Dec 2 13:18:18 genre1 postfix/smtp[9084]: exchange.x.net[165.212.120.200]:25: HELO x.com
Dec 2 13:18:18 genre1 postfix/smtp[9084]: exchange.x.net[165.212.120.200]:25: MAIL FROM:
Dec 2 13:18:23 genre1 postfix/smtp[9084]: < exchange.x.net[165.212.120.200]:25: 530 5.7.1 Client was not authenticated
I think I figured out my solution: postfix seems to insist on applying the Cisco PIX workaround. I added this line in main.cf:
smtp_pix_workarounds =
So now the smtp server is recognized as ESMTP and EHLO is used by default. Email started flowing!
@Ed - glad to hear you found a solution, thanks for posting it!
smart@smart:~$ sudo postfix stop
postfix: fatal: relayhost parameter setting must not contain multiple values: smtpout.servername.net:3535 name@isp.com:passwd
This is the correct information but, how should it be formatted?
Never mind. I put the wrong information in the wrong place. :D
@Wade - No problem, glad you got it working!
I totally screwed something up and had to reinstall just to get it working again. Im getting this error:
fatal: valid hostname or network address required in server description: [smtpout.secureserver.net:465]
The documentation says to put [ ] around it to keep mx lookup from happening. When I do not use [] I get this error:
to=, relay=none, delay=1164, delays=1144/0.01/20/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=smtpout.secureserver.net type=MX: Host not found, try again)
This is the setting I use in Thunderbird to connect.
@Wade - sounds like you may have a DNS issue. Can you telnet into that host from the server? ie. Try:
telnet smtpout.secureserver.net 465
Also, I don't wrap host names in the brackets with postfix, never had much luck with it either :)
I'm having the same issue with GoDaddy's smtpout server. DNS lookup of smtpout.secureserver.net works fine, type=MX fails. I can telnet directly to smtpout.secureserver.net 25, but get the same "Host or domain name not found" in the mail.log.
@Wade: Working on the TLS/SSL check for GoDaddy, but keep the port outside of the []'s works fine. For whatever reason, Godaddy/SecureServer doesn't maintain MX records in DNS. Encapsulated the smtpout.secureserver.net in []'s worked fine to start moving mail. Just don't make my mistake and put the wrong password in.. you'll get a 451 Internal Error
Great post - short and to the point. great work.
[...] provider. Here's what you need to do to get postfix setup to use another smtp server (Thanks to http://www.zulius.com/how-to/set-up-postfix-with-a-remote-smtp-relay-host/ The instructions on this site worked great for [...]
sorry people can anyone help me. i compiled and install postfix, and i using relayhost that point to my ISP. but my "DNS server" is on the same server where is installed postfix. and there is running apache with vhosts so i have domain that point to that server and in zonefiles of my domain i'm not using POP3 or IMAP on my server my MX records points to Google Apps, to google's MX servers. But when i try send E-mail via sendmail to mail@mydomainonsameserver.com it not deliver mail to Google Apps totally, if i try to send to another E-mail everything fine it deliver it. so finally i done research this problem in Internet. And find that need to disable deliver mail to localhost. as i think postfix understand that the domain point to the same server where postfix have itself. and try to deliver mail local. but zonefile MX recod even the domain on same server can point to another server outside. So i disabled localdelivery in postfix. and problem not fixed. Do anyone have eny ideas?