How To Relay Email On A Postfix Server

Author: Stephan Jau
Revision: v1.0
Last Change: December 07 2009


For two small businesses I set up a debian lenny installation on their "home" dsl connection. The problem is that they have dynamic ip addresses and most mailservers will not accept incoming mail from a server on a dynamic ip address. The solution is rather simple. Set up postfix in a way that it will relay the outgoing email through the actual ISP. In this short howto I'll show you how to do that.


1. Prerequisites

I assume that you already have set up a working postfix server and that you have an email account at your ISP which you can access. So you will need to have a login for your IPS's email account.


2. Edit the postfix config

First you need to edit your postfix config...

nano /etc/postfix/

... and add the following code at the end of your config:

smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous
smtp_sasl_password_maps = hash:/etc/postfix/saslpasswd
smtp_always_send_ehlo = yes
relayhost =

Of course replace with the actual smtp server of your ISP. Also SASL must be working. If you followed the perfect howtos for setting up a server as provided by Falko then you don't have to worry about it. Then save and close the file.

If your ISP requires you to use a special port for sending email, then use a line like this instead:

relayhost = []:PORT

In one of the cases that I have used this, I had to enter this:

relayhost = []:587


3. Edit /etc/postfix/saslpasswd

After having extended the postfix config you'll still need to add the credentials to the /etc/postfix/saslpasswd file, so that you can authorize yourself at your ISP.

nano /etc/postfix/saslpasswd

and then add this:     yourlogin:yourpassword

Of course replace yourlogin / yourpassword with the actual username and password provided by your ISP. You don't need to add the port there.


4. Hash /etc/postfix/saslpasswd

Before postfix can use that file, it needs to be hashed by postmap:

postmap /etc/postfix/saslpasswd


5. Restart postfix

Finally you need to restart postfix to use the new config:

/etc/init.d/postfix restart


6. Test it

When you send now an email using your email server to yourself (for example to a gmail account) and if you then check the full headers of that email, you will see, that the email was relayed through your ISP. That means it works now. As long as your ISP now isn't blacklisted, your dynamic IP won't hinder you to send email.

Share this page:

14 Comment(s)

Add comment

Please register in our forum first to comment.



There are many options. You can setup multiple backup mail servers all on dhcp... IP won't change for them at the same time... or very unlikely Besides, if a server can't be reached now mailservers usually won't bounce the message but retry (up to 7 days IIRC) As for updating DNS, you can use and have it updated like every 30min. I've run such a setup on several home servers without hearing complaints about email not having been received or delivered. Also the IP doesn't change all the time. On normal DSL here it's every 24h and on vdsl it's like every 30 days. But try this setup and check if mail doesn't get delivered...


Benefits: - setup as you want to - unlimited emails/domains - "unlimited" diskspace - ... And if you care about security/privavcy anyway, then you'll encrypt everything. So relaying outgoing email through your ISP has no effect...

By: Anonymous

Sending email is only half the problem. What about receiving email when you have DHCP?

Check the dynamic IP every 5 min and automatically update your MX DNS record ... which can take 24 hrs to propagate.


Pay an email forwarding service


some other answer?

By: Anonymous

What is the point of a local email server if it can only receive mail directly? The only object I can see of a local server is better privacy and control. Sending mail via the ISP defeats this, so what is the point of a receive-only local server?

By: Russo

Send always to localhost:25, thus avoiding the DHCP problem.

By the way, I had to add a line:

smtp_use_tls = yes

in for this to work.


If I am trying to send from a banned IP (in my case is the inly solution either getting a static IP or finding offsite hosting?  I would really like to keep everything on the server in my house without spending anymore money.


 This is my error after the how to:

server1 postfix/error[32447]: F2083A9FE9: to=, relay=none, delay=7.9, delays=0.26/7.4/0/0.27, dsn=4.7.0, status=deferred (delivery temporarily suspended: SASL authentication failed; cannot authenticate to server[]: no mechanism available)

By: Alberto Guerrero


" SASL authentication failed" Did you try to authenticate against your server without relay config? Are username / password for correct? is a great tool for checking that. (


By: Stephen

my seems to have the form




Are both viable or something?

By: Pedro

smtpd and smtp are diferente:

Compare them here.


I have a STATIC IP, i can send and recieve mail from mi own server, i can recieve mail from external to my server (ex: gmail to my server) but when i send mail from my server to external server (like gmail, hotmail) my mail "sends" but the contact from gmail or hotmail NEVER recieve my mail!!!

What i have to do? 



 I cant send mail from my server to gmail or other "external" server, my log says :

connect to[]:25: Connection timed out...


 Log file:

Sep 28 12:20:33 localhost postfix/smtp[4339]: F3C6913FD3: to=, relay=none, delay=105, delays=0.06/0/105/0, dsn=4.4.1, status=deferred (connect to[]:25: Connection timed out) Sep 28 12:20:37 localhost postfix/smtpd[4596]: connect from unknown[] Sep 28 12:20:37 localhost postfix/smtpd[4596]: 152F614112: client=unknown[] Sep 28 12:20:37 localhost postfix/cleanup[4592]: 152F614112: message-id= Sep 28 12:20:37 localhost postfix/smtpd[4596]: disconnect from unknown[] Sep 28 12:20:37 localhost postfix/qmgr[3129]: 152F614112: from=, size=244630, nrcpt=1 (queue active) Sep 28 12:20:37 localhost amavis[3166]: (03166-04) Passed CLEAN, [] [] -> , Message-ID: , mail_id: W-1OE2p22ixA, Hits: 2.77, size: 243816, queued_as: 152F614112, 11264 ms Sep 28 12:20:37 localhost postfix/smtp[4593]: 29A1513FCC: to=, relay=[]:10024, delay=12, delays=0.87/0/0/11, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=03166-04, from MTA([]:10025): 250 2.0.0 Ok: queued as 152F614112) Sep 28 12:20:37 localhost postfix/qmgr[3129]: 29A1513FCC: removed Sep 28 12:20:37 localhost postfix/pipe[4721]: 152F614112: to=, relay=maildrop, delay=0.22, delays=0.12/0.01/0/0.1, dsn=2.0.0, status=sent (delivered via maildrop service) Sep 28 12:20:37 localhost postfix/qmgr[3129]: 152F614112: removed Sep 28 12:20:41 localhost postfix/smtp[4708]: connect to[]:25: Connection timed out Sep 28 12:20:41 localhost postfix/smtp[4709]: connect to[]:25: Connection timed out Sep 28 12:20:56 localhost postfix/smtpd[4581]: disconnect from[] Sep 28 12:20:58 localhost imapd: Connection, ip=[::ffff:] Sep 28 12:20:58 localhost imapd: LOGIN, [email protected], ip=[::ffff:], port=[55061], protocol=IMAP Sep 28 12:20:58 localhost imapd: LOGOUT, [email protected], ip=[::ffff:], headers=0, body=0, rcvd=52, sent=156, time=0

By: Anonymous

Hi I have the same problem.

How did u resolve it?


By: DJ Substance

This article is good. however its hard to find open relays anymore.. your best bet if your looking is script something to telnet to <25> of any server with mail running and do it the old way!