Friday, November 15, 2024
Google search engine
HomeGuest BlogsHow to Configure Postfix to Use External SMTP

How to Configure Postfix to Use External SMTP

Introduction

Postfix is a free, open-source mail transfer agent (MTA) used for routing and delivering emails. The utility uses the Simple Mail Transfer Protocol (SMTP) to transfer emails between servers. The tool is a fast, secure, and light email service solution for Linux servers.

In this tutorial, you will learn how to configure Postfix to use an external SMTP provider.

How to configure Postfix to use an external SMTP - a tutorial.How to configure Postfix to use an external SMTP - a tutorial.

Prerequisites

  • A system running Linux.
  • An account with root privileges.
  • Access to the terminal (Ctrl+Alt+T).

Step 1: Install Postfix

Depending on which system you are using, run one of the following commands to install Postfix:

  • For Debian-based distributions:

Update the system package repository:

sudo apt update

Install Postfix on Ubuntu/Debian/LinuxMint by running:

sudo apt install postfix -y

The command installs Postfix, and the -y flag answers Yes to any prompts during the installation.

The configuration wizard appears after installation. Move on to step two to configure Postfix.

  • For RHEL-based distributions:

Update the system package repository:

sudo yum update

Install Postfix on CentOS/RHEL/Rocky Linux by running:

sudo yum install postfix -y

After installation, check the Postfix service status by running:

sudo service postfix status
Checking Postfix status in Ubuntu.Checking Postfix status in Ubuntu.

The output states that Postfix is active.

Step 2: Configure Postfix

Postfix uses the relay host configuration directive to send emails to external domains. The directive must contain the hostname or IP address of the remote SMTP server or SMTP service you want to use. For example, use SendGrid, Mandrill, Mailgun, or any other external SMTP provider.

Important: The latest update from some major providers (including Google, Microsoft, and Yahoo) complicates the setup as they no longer allow less secure apps to sign into the account. This update causes the mail delivery to fail.

The Postfix configuration files are main.cf and master.cf, located in the /etc/postfix/ directory.

After the installation, the Postfix configuration wizard appears. If it does not show up automatically, run the following command to start it:

sudo dpkg-reconfigure postfix

Follow the steps below to set up Postfix:

1. Select the configuration type:

Choose the Internet Site mail configuration type. Press TAB to select Ok and Enter to confirm.

Configuring Postfix after installation.Configuring Postfix after installation.

2. Enter the system mail name:

The system mail name is a fully qualified domain name (FQDN) that the system uses in banners, delivery status notifications, etc.

Enter the system mail name and press Tab to select Ok and Enter to confirm:

Entering the system mail name during Postfix configuration.Entering the system mail name during Postfix configuration.

Postfix is now set up with the default configuration. Then, you must edit the /etc/postfix/main.cf configuration file to get it to work with external SMTP.

Enable Authentication

Install the pluggable authentication modules within the libsasl2-modules package on Debian-based systems or the cyrus-sasl-plain package for RHEL systems. The packages enable authentication when using Postfix.

  • Run the following command on Debian-based systems:
sudo apt install libsasl2-modules postfix
  • For RHEL-based systems, run:
yum install cyrus-sasl-plain

Edit the Configuration Files

Use a text editor to edit the /etc/postfix/sasl_passwd and /etc/postfix/main.cf configuration files to complete the setup.

Follow the steps below:

1. Configure SMTP username and password:

The /etc/postfix/sasl_passwd file contains the usernames and passwords for the external SMTP server. Open the /etc/postfix/sasl_passwd file, and the text editor creates it if the file doesn’t exist:

sudo nano /etc/postfix/sasl_passwd

Add the following line to the file:

[mail.isp.example]:587 username:password

Replace [mail.isp.example] with the provider’s hostname.

Replace username and password with the SMTP provider credentials. You can also specify an API key if the provider allows it.

Save the changes and exit.

2. Create Hash Database File:

Create a Hash database sasl_passwd.db file in the /etc/postfix/ directory using the postmap command. This file is used for querying Postfix lookup tables.

Run the following command:

sudo postmap /etc/postfix/sasl_passwd

3. Set up Hostname:

Set up the hostname parameter and relay server in the /etc/postfix/main.cf configuration file. Run:

sudo nano /etc/postfix/main.cf

Find the myhostname parameter and ensure it is the FQDN you configured in the wizard after the installation.

4. Set up Relay Server:

The final edit in the /etc/postfix/main.cf file is related to the settings needed for Postfix to use the external SMTP server. The settings instruct Postfix to deliver emails via a relay host, which is an external SMTP server.

Find and update the following line of the configuration file as follows:

relayhost = [SMTP-SERVER-ADDRESS]:587
  • Replace SMTP-SERVER-ADDRESS with the SMTP server IP address or hostname.

Add the following lines to the end of the file:

smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_use_tls = yes
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt

Save the changes and exit the editor.

Secure the Credentials

Secure your email password and hash DB files to ensure only the root user can access them.

Run the following commands to change the file permissions for sasl_passwd and sasl_passwd.db:

sudo chown root:root /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db
sudo chmod 0600 /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db

Restart Postfix

Complete the configuration by restarting the Postfix service to make sure the changes take effect. Run:

sudo systemctl restart postfix

By default, the SMTP protocol runs at port number 25. Verify that TCP port 25 is in a listening state on 127.0.0.1. Use the netstat command:

sudo netstat -tulpn | grep :25
Checking if port 25 is in a listening state.Checking if port 25 is in a listening state.

The output shows that port 25 is in the listening state, which means the port is open.

Step 3: Test SMTP Server

Test the SMTP server by sending an email. Use the mail command, available as part of the mailutils package, or use Postfix’s sendmail utility. Both options include an interactive mode and accept piped input.

For example, the syntax for using the interactive sendmail utility is:

sendmail recipient@domain.com
From: youraddress@domain.com
Subject: Email subject
This is the email body.

To send the email and exit interactive mode, press Ctrl+D.

Alternatively, send an email by piping the echo command output to the mail command. Use the following syntax:

echo "This is the email body." | mail -s "Email subject" -a "From: youraddress@domain.com" recipient@domain.com

After sending the email, verify that it was sent by checking the mail log file with the tail command:

sudo tail -f /var/log/mail.log
Checking the email log file in Linux.Checking the email log file in Linux.

The output shows that the email was sent, which relay server was used, and the recipient and sender addresses.

Step 4: Set up Email Forwarding

Email forwarding is useful when aggregating messages from different mailboxes into a single account. Postfix allows users to set up email forwarding by making a few changes in the main configuration file.

Follow the steps below to set up email forwarding in Postfix:

1. Open the /etc/postfix/main.cf configuration file and paste the following lines at the end of the file:

virtual_alias_domains = domain.com
virtual_alias_maps = hash:/etc/postfix/virtual

Replace domain.com with the domain Postfix uses to receive emails. Specify multiple domains by separating them with a space.

The virtual_alias_maps parameter contains the path to the file that specifies the mapping for email forwarding.

2. Create the /etc/postfix/virtual file and add the emails you want to forward and the destination emails.

For example, to forward emails from address@domain.com to destination@domain.com, enter the following line in the file:

address@domain.com destination@domain.com

Save the file and exit.

3. Update the Postfix lookup table:

postmap /etc/postfix/virtual

4. Reload the Postfix service:

sudo systemctl restart postfix

Step 5: Enable SMTP Encryption

SMTP encryption involves the installation of a TLS certificate for your domain name. Depending on your preferences, use a paid certificate or a free one from Let’s Encrypt.

Important: Enforcing TLS encryption can cause mail delivery issues for SMTP hosts that don’t have TLS configured or don’t support TLS.

Follow the steps below to enable SMTP encryption:

1. Install the certbot client to configure the certificate:

  • On Debian-based distributions, run:
sudo apt install certbot -y

Wait for the installation to complete.

  • On RHEL-based distributions, certbot is not available in the default repository. First, enable the EPEL repository, and then install certbot:
yum install epel-release
yum install certbot python2-certbot-apache mod_ssl

2. Configure the firewall:

Allow port 80 and enable domain verification. If you are using the ufw firewall, run:

sudo ufw allow 80
Allowing port 80 in ufw.Allowing port 80 in ufw.

The output states that rules have been updated, which means HTTP is now allowed on port 80, and certbot can bind TCP to port 80.

3. Obtain the certificates:

When issuing certificates on a server that isn’t running as a web server, run certbot with the --standalone flag. The syntax is:

sudo certbot certonly --standalone --rsa-key-size 4096 --preferred-challenges http -d your.domain

Replace your.domain with your domain name.

An interactive configuration script starts.

4. Configure certbot:

The certbot configuration script prompts to provide the necessary information. Enter a contact email for the domain and agree to the Terms of Service.

Configuring certbot in Linux.Configuring certbot in Linux.

After the process completes, the certificates are stored under /etc/letsencrypt/live/<your.domain>/.

5. Add the new certificates to the Postfix configuration file:

Use the syntax below:

sudo postconf -e 'smtpd_tls_cert_file = /etc/letsencrypt/live/your.domain/fullchain.pem'
sudo postconf -e 'smtpd_tls_key_file = /etc/letsencrypt/live/your.domain/privkey.pem'

Replace your.domain in the commands with the email server’s domain name.

6. Apply the changes by restarting Postfix:

sudo systemctl restart postfix

7. Send an email to test the setup.

Follow the steps outlined in the Test SMTP Server section to send a test email. This time the email is less likely to end up in spam since it is no longer unencrypted.

Conclusion

This tutorial showed how to install and configure Postfix to use an external SMTP server to send and receive emails. You also learned how to add SMTP encryption and forward emails.

If you are using Office 365, check out our tutorial for backing up Office 365 emails, or learn why you should back up Office 365 data.

Was this article helpful?
YesNo

RELATED ARTICLES

Most Popular

Recent Comments