How To Relay Email On A Postfix Server

Want to support HowtoForge? Become a subscriber!
 
Submitted by sjau (Contact Author) (Forums) on Wed, 2009-12-09 17:53. :: Postfix

How To Relay Email On A Postfix Server

Author: Stephan Jau
Revision: v1.0
Last Change: December 07 2009

Introduction

For two small businesses I set up a debian lenny installation on their "home" dsl connection. The problem is that they have dynamic ip addresses and most mailservers will not accept incoming mail from a server on a dynamic ip address. The solution is rather simple. Set up postfix in a way that it will relay the outgoing email through the actual ISP. In this short howto I'll show you how to do that.

 

1. Prerequisites

I assume that you already have set up a working postfix server and that you have an email account at your ISP which you can access. So you will need to have a login for your IPS's email account.

 

2. Edit the postfix config

First you need to edit your postfix config...

nano /etc/postfix/main.cf

... and add the following code at the end of your config:

smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous
smtp_sasl_password_maps = hash:/etc/postfix/saslpasswd
smtp_always_send_ehlo = yes
relayhost = smtp.yourisp.com

Of course replace smtp.yourisp.com with the actual smtp server of your ISP. Also SASL must be working. If you followed the perfect howtos for setting up a server as provided by Falko then you don't have to worry about it. Then save and close the file.

If your ISP requires you to use a special port for sending email, then use a line like this instead:

relayhost = [smtp.yourisp.com]:PORT

In one of the cases that I have used this, I had to enter this:

relayhost = [smtpauth.bluewin.ch]:587

 

3. Edit /etc/postfix/saslpasswd

After having extended the postfix config you'll still need to add the credentials to the /etc/postfix/saslpasswd file, so that you can authorize yourself at your ISP.

nano /etc/postfix/saslpasswd

and then add this:

smtp.yourisp.com     yourlogin:yourpassword

Of course replace yourlogin / yourpassword with the actual username and password provided by your ISP. You don't need to add the port there.

 

4. Hash /etc/postfix/saslpasswd

Before postfix can use that file, it needs to be hashed by postmap:

postmap /etc/postfix/saslpasswd

 

5. Restart postfix

Finally you need to restart postfix to use the new config:

/etc/init.d/postfix restart

 

6. Test it

When you send now an email using your email server to yourself (for example to a gmail account) and if you then check the full headers of that email, you will see, that the email was relayed through your ISP. That means it works now. As long as your ISP now isn't blacklisted, your dynamic IP won't hinder you to send email.


Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
Submitted by maxtorzito (registered user) on Wed, 2011-09-28 18:46.

 I cant send mail from my server to gmail or other "external" server, my log says :

connect to alt4.gmail-smtp-in.l.google.com[74.125.79.26]:25: Connection timed out...

 WHY??

 Log file:

Sep 28 12:20:33 localhost postfix/smtp[4339]: F3C6913FD3: to=, relay=none, delay=105, delays=0.06/0/105/0, dsn=4.4.1, status=deferred (connect to alt4.gmail-smtp-in.l.google.com[74.125.79.26]:25: Connection timed out) Sep 28 12:20:37 localhost postfix/smtpd[4596]: connect from unknown[127.0.0.1] Sep 28 12:20:37 localhost postfix/smtpd[4596]: 152F614112: client=unknown[127.0.0.1] Sep 28 12:20:37 localhost postfix/cleanup[4592]: 152F614112: message-id= Sep 28 12:20:37 localhost postfix/smtpd[4596]: disconnect from unknown[127.0.0.1] Sep 28 12:20:37 localhost postfix/qmgr[3129]: 152F614112: from=, size=244630, nrcpt=1 (queue active) Sep 28 12:20:37 localhost amavis[3166]: (03166-04) Passed CLEAN, [209.85.218.54] [189.148.128.185] -> , Message-ID: , mail_id: W-1OE2p22ixA, Hits: 2.77, size: 243816, queued_as: 152F614112, 11264 ms Sep 28 12:20:37 localhost postfix/smtp[4593]: 29A1513FCC: to=, relay=127.0.0.1[127.0.0.1]:10024, delay=12, delays=0.87/0/0/11, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=03166-04, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 152F614112) Sep 28 12:20:37 localhost postfix/qmgr[3129]: 29A1513FCC: removed Sep 28 12:20:37 localhost postfix/pipe[4721]: 152F614112: to=, relay=maildrop, delay=0.22, delays=0.12/0.01/0/0.1, dsn=2.0.0, status=sent (delivered via maildrop service) Sep 28 12:20:37 localhost postfix/qmgr[3129]: 152F614112: removed Sep 28 12:20:41 localhost postfix/smtp[4708]: connect to gmail-smtp-in.l.google.com[74.125.157.26]:25: Connection timed out Sep 28 12:20:41 localhost postfix/smtp[4709]: connect to mx3.hotmail.com[65.55.92.184]:25: Connection timed out Sep 28 12:20:56 localhost postfix/smtpd[4581]: disconnect from mail-yi0-f54.google.com[209.85.218.54] Sep 28 12:20:58 localhost imapd: Connection, ip=[::ffff:127.0.0.1] Sep 28 12:20:58 localhost imapd: LOGIN, user=contacto@revistakapix.com, ip=[::ffff:127.0.0.1], port=[55061], protocol=IMAP Sep 28 12:20:58 localhost imapd: LOGOUT, user=contacto@revistakapix.com, ip=[::ffff:127.0.0.1], headers=0, body=0, rcvd=52, sent=156, time=0

Submitted by Anonymous (not registered) on Sat, 2011-12-10 07:41.

Hi I have the same problem.

How did u resolve it?

Thx

Submitted by maxtorzito (registered user) on Wed, 2011-09-28 18:27.

I have a STATIC IP, i can send and recieve mail from mi own server, i can recieve mail from external to my server (ex: gmail to my server) but when i send mail from my server to external server (like gmail, hotmail) my mail "sends" but the contact from gmail or hotmail NEVER recieve my mail!!!

What i have to do? 

 

Submitted by Stephen (not registered) on Wed, 2011-04-20 10:27.

my main.cf seems to have the form

smtpd_...

not

smtp_...

Are both viable or something?

Submitted by Pedro (not registered) on Thu, 2013-04-04 15:21.

smtpd and smtp are diferente:

Compare them here.

Submitted by pinguinito (registered user) on Wed, 2010-12-15 23:32.

 This is my error after the how to:

server1 postfix/error[32447]: F2083A9FE9: to=, relay=none, delay=7.9, delays=0.26/7.4/0/0.27, dsn=4.7.0, status=deferred (delivery temporarily suspended: SASL authentication failed; cannot authenticate to server smtp.1and1.com[74.208.5.2]: no mechanism available)

Submitted by Alberto Guerrero (not registered) on Fri, 2010-12-17 09:06.

Hello,

" SASL authentication failed" Did you try to authenticate against your server without relay config? Are username / password for smtp.1and1.com correct? gen-auth.pl is a great tool for checking that. (http://jetmore.org/john/code/gen-auth)

Greets

Submitted by bluefoxox (registered user) on Sun, 2010-10-17 01:39.
If I am trying to send from a banned IP (in my case 24.92.180.59) is the inly solution either getting a static IP or finding offsite hosting?  I would really like to keep everything on the server in my house without spending anymore money.
Submitted by Russo (not registered) on Mon, 2010-02-15 01:22.

Send always to localhost:25, thus avoiding the DHCP problem.

By the way, I had to add a line:

smtp_use_tls = yes

in main.cf for this to work.

Submitted by Anonymous (not registered) on Wed, 2009-12-23 02:04.
What is the point of a local email server if it can only receive mail directly? The only object I can see of a local server is better privacy and control. Sending mail via the ISP defeats this, so what is the point of a receive-only local server?
Submitted by sjau (registered user) on Wed, 2009-12-23 13:20.
Benefits: - setup as you want to - unlimited emails/domains - "unlimited" diskspace - ... And if you care about security/privavcy anyway, then you'll encrypt everything. So relaying outgoing email through your ISP has no effect...
Submitted by Anonymous (not registered) on Wed, 2009-12-23 00:30.
Sending email is only half the problem. What about receiving email when you have DHCP?

Check the dynamic IP every 5 min and automatically update your MX DNS record ... which can take 24 hrs to propagate.

OR

Pay an email forwarding service

OR

some other answer?

Submitted by sjau (registered user) on Wed, 2009-12-23 13:25.
There are many options. You can setup multiple backup mail servers all on dhcp... IP won't change for them at the same time... or very unlikely Besides, if a server can't be reached now mailservers usually won't bounce the message but retry (up to 7 days IIRC) As for updating DNS, you can use everydns.net and have it updated like every 30min. I've run such a setup on several home servers without hearing complaints about email not having been received or delivered. Also the IP doesn't change all the time. On normal DSL here it's every 24h and on vdsl it's like every 30 days. But try this setup and check if mail doesn't get delivered...