Set Up Postfix For Relaying Emails Through Another Mailserver

Version 1.0
Author: Falko Timme
Last edited 01/10/2007

This short guide shows how you can set up Postfix to relay emails through another mailserver. This can be useful if you run a Postfix mailserver in your local network and have a dynamic IP address because most dynamic IP addresses are blacklisted today. By relaying your emails through another mailserver that is hosted on a static IP address in a data center (e.g. your ISP's mailserver) you can prevent your emails from being categorized as spam.

There are many ways of achieving this goal but this is the way I take. I do not issue any guarantee that this will work for you!


1 Preliminary Note

To configure relaying on your Postfix mailserver, you need a valid email account (with username and password) on another mailserver (provided that this mailserver makes use of SMTP-AUTH (which it should do)). This other mailserver should be hosted on a static IP address in some data center (e.g. your ISP's mailserver).

In this guide I use as the remote mailserver on which I have a valid email account with the username someuser and the password howtoforge.

I assume you have already installed Postfix as I won't go into the details of installing Postfix here.


2 Configure Postfix For Relaying

To configure our Postfix server for relaying emails through, we run

postconf -e 'relayhost ='
postconf -e 'smtp_sasl_auth_enable = yes'
postconf -e 'smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd'
postconf -e 'smtp_sasl_security_options ='

Our username (someuser) and password (howtoforge) for must be stored in /etc/postfix/sasl_passwd, therefore we do this:

echo "   someuser:howtoforge" > /etc/postfix/sasl_passwd

/etc/postfix/sasl_passwd must be owned by root, and noone else should have read access to that file, so we do this:

chown root:root /etc/postfix/sasl_passwd
chmod 600 /etc/postfix/sasl_passwd

Now we must convert /etc/postfix/sasl_passwd into a format that Postfix can read:

postmap /etc/postfix/sasl_passwd

This will create the file /etc/postfix/sasl_passwd.db.

All that is left to do is restart Postfix:

/etc/init.d/postfix restart

That's it. You can now test by sending emails over your mailserver and having a look at your mail log. You should see that all your emails are now passed on to (except the ones that have a local recipient).


3 Links

Share this page:

11 Comment(s)

Add comment


From: at: 2007-01-25 14:30:14

Hi! If you are interested in allowing relay based on verfied tls client certificate, you could look at page

From: nandelbosc at: 2009-12-03 15:17:26

I've  a question...

My postfix installation uses as relay host, when I send an email using this server, the field "from" appears my gmail address instead of [email protected]

 It's possible to avoid this, and appears in field from the email of a user in my domain?

From: at: 2009-09-03 21:03:58

Thank you for this excellent guide.  I used this method to set up a pair of external SMTP relays (one as fallback_relay).


From: neutrinodust at: 2010-01-12 01:17:14

Thank you so much. Your post saved me countless hours of head banging.

From: Martin at: 2010-04-04 16:51:37

This did it , followed your guide to the letter and now it work perfectly thru my (previously) blocked port 25 connection.

 Keep up the good work

From: Desp at: 2011-01-15 10:57:29


I am having same problem with Relay access denied . I can send and recive local and recive external but I cant send external from the box getting the error Relay access denied . I tried many times to fix it but still cant please give some help and advice! 

This is how my looks like :

 smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = /usr/share/doc/postfix
# TLS parameters
smtpd_tls_cert_file = /etc/ssl/certs/smtpd.crt
smtpd_tls_key_file = /etc/ssl/private/smtpd.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
myhostname =
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination =, localhost
relayhost =
mynetworks = [::ffff:]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
html_directory = /usr/share/doc/postfix/html
home_mailbox = Maildir/
mailbox_command =
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reje$
smtp_tls_security_level = may
smtpd_tls_security_level = may
smtpd_tls_auth_only = no
smtp_tls_note_starttls_offer = yes
smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options =

and this is my logs from the mail server :

Jan 15 11:51:42 trinity postfix/smtpd[17995]: connect from[]
Jan 15 11:51:42 trinity postfix/smtpd[17995]: NOQUEUE: reject: RCPT from[]: 554 5.7.1 <[email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<>
Jan 15 11:51:42 trinity postfix/smtpd[17995]: lost connection after RCPT from[]
Jan 15 11:51:42 trinity postfix/smtpd[17995]: disconnect from[]

Thats what I have in /etc/hosts:       trinity    # Added by NetworkManager    localhost.localdomain    localhost
::1    trinity    localhost6.localdomain6    localhost6    trinity
# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts


Ports for mail are open ! and in my domain DNS I have set :




imap: # cant run squirrelmail if I set to


From: Willem at: 2011-07-12 11:44:56

Thank you very much for this explication. It worked fine for me. My mails finally arrive@destination. Before I read this wonderful advice, I read in the logs that my mails where refused by (pratically) all email providers.

From: supermanwah at: 2012-08-13 20:03:45

After hamming around with multiple other mail clients and threads, this worked its magic quickly.  My only suggestion for others is to make sure sendmail is un-installed first if it was enabled prior to your postfix install.  


From: Carlitos at: 2013-07-05 08:50:05

check this out also very good tutorial with ldap check and content filter..

From: Eddlinux at: 2013-11-19 02:33:31

Falko Timme,

Thank you so much. It's working very well on my local network.




From: Roslyn Scott at: 2015-01-08 14:27:41

How To Setup Postfix With Zoho Mail On Ubuntu

Postfix SMTP client doesn’t work out of box with SSL/TLS (port 465), but with only the rather securer STARTTLS (port 587). Unfortunately Zoho email server doesn’t support STARTTLS. That’s the reason if you set “relayhost= in your Postfix file, you’ll get this error in /var/log/mail.log:

CLIENT wrappermode (port smtps/465) is unimplemented instead, send to (port submission/587) with STARTTLS 1 2 CLIENT wrappermode (port smtps/465) is unimplemented instead, send to (port submission/587) with STARTTLS