Set Up Postfix For Relaying Emails Through Another Mailserver

Version 1.0
Author: Falko Timme

This short guide shows how you can set up Postfix to relay emails through another mailserver. This can be useful if you run a Postfix mailserver in your local network and have a dynamic IP address because most dynamic IP addresses are blacklisted today. By relaying your emails through another mailserver that is hosted on a static IP address in a data center (e.g. your ISP's mailserver) you can prevent your emails from being categorized as spam.

There are many ways of achieving this goal but this is the way I take. I do not issue any guarantee that this will work for you!


1 Preliminary Note

To configure relaying on your Postfix mailserver, you need a valid email account (with username and password) on another mailserver (provided that this mailserver makes use of SMTP-AUTH (which it should do)). This other mailserver should be hosted on a static IP address in some data center (e.g. your ISP's mailserver).

In this guide I use as the remote mailserver on which I have a valid email account with the username someuser and the password howtoforge.

I assume you have already installed Postfix as I won't go into the details of installing Postfix here.


2 Configure Postfix For Relaying

To configure our Postfix server for relaying emails through, we run

postconf -e 'relayhost ='
postconf -e 'smtp_sasl_auth_enable = yes'
postconf -e 'smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd'
postconf -e 'smtp_sasl_security_options ='

Our username (someuser) and password (howtoforge) for must be stored in /etc/postfix/sasl_passwd, therefore we do this:

echo "   someuser:howtoforge" > /etc/postfix/sasl_passwd 

/etc/postfix/sasl_passwd must be owned by root, and noone else should have read access to that file, so we do this:

chown root:root /etc/postfix/sasl_passwd
chmod 600 /etc/postfix/sasl_passwd

Now we must convert /etc/postfix/sasl_passwd into a format that Postfix can read:

postmap /etc/postfix/sasl_passwd

This will create the file /etc/postfix/sasl_passwd.db.

All that is left to do is restart Postfix:

/etc/init.d/postfix restart 

That's it. You can now test by sending emails over your mailserver and having a look at your mail log. You should see that all your emails are now passed on to (except the ones that have a local recipient).


Share this page:

Suggested articles

18 Comment(s)

Add comment



Hi! If you are interested in allowing relay based on verfied tls client certificate, you could look at page

By: nandelbosc

I've  a question...

My postfix installation uses as relay host, when I send an email using this server, the field "from" appears my gmail address instead of [email protected]

 It's possible to avoid this, and appears in field from the email of a user in my domain?


Thank you for this excellent guide.  I used this method to set up a pair of external SMTP relays (one as fallback_relay).


By: neutrinodust

Thank you so much. Your post saved me countless hours of head banging.

By: Martin

This did it , followed your guide to the letter and now it work perfectly thru my (previously) blocked port 25 connection.

 Keep up the good work

By: Desp


I am having same problem with Relay access denied . I can send and recive local and recive external but I cant send external from the box getting the error Relay access denied . I tried many times to fix it but still cant please give some help and advice! 

This is how my looks like :

 smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = /usr/share/doc/postfix
# TLS parameters
smtpd_tls_cert_file = /etc/ssl/certs/smtpd.crt
smtpd_tls_key_file = /etc/ssl/private/smtpd.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
myhostname =
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination =, localhost
relayhost =
mynetworks = [::ffff:]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
html_directory = /usr/share/doc/postfix/html
home_mailbox = Maildir/
mailbox_command =
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reje$
smtp_tls_security_level = may
smtpd_tls_security_level = may
smtpd_tls_auth_only = no
smtp_tls_note_starttls_offer = yes
smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options =

and this is my logs from the mail server :

Jan 15 11:51:42 trinity postfix/smtpd[17995]: connect from[]
Jan 15 11:51:42 trinity postfix/smtpd[17995]: NOQUEUE: reject: RCPT from[]: 554 5.7.1 <[email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<>
Jan 15 11:51:42 trinity postfix/smtpd[17995]: lost connection after RCPT from[]
Jan 15 11:51:42 trinity postfix/smtpd[17995]: disconnect from[]

Thats what I have in /etc/hosts:       trinity    # Added by NetworkManager    localhost.localdomain    localhost
::1    trinity    localhost6.localdomain6    localhost6    trinity
# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts


Ports for mail are open ! and in my domain DNS I have set :




imap: # cant run squirrelmail if I set to


By: Willem

Thank you very much for this explication. It worked fine for me. My mails finally [email protected] Before I read this wonderful advice, I read in the logs that my mails where refused by (pratically) all email providers.

By: supermanwah

After hamming around with multiple other mail clients and threads, this worked its magic quickly.  My only suggestion for others is to make sure sendmail is un-installed first if it was enabled prior to your postfix install.  


By: Carlitos

check this out also very good tutorial with ldap check and content filter..

By: Eddlinux

Falko Timme,

Thank you so much. It's working very well on my local network.




By: Roslyn Scott

How To Setup Postfix With Zoho Mail On Ubuntu

Postfix SMTP client doesn’t work out of box with SSL/TLS (port 465), but with only the rather securer STARTTLS (port 587). Unfortunately Zoho email server doesn’t support STARTTLS. That’s the reason if you set “relayhost= in your Postfix file, you’ll get this error in /var/log/mail.log:

CLIENT wrappermode (port smtps/465) is unimplemented instead, send to (port submission/587) with STARTTLS 1 2 CLIENT wrappermode (port smtps/465) is unimplemented instead, send to (port submission/587) with STARTTLS

By: tudor

Is it possible to configure postfix to use amazon ses and sendgrid (for specified domains/email addresses ) - BOTH on the same server? For example when seeing email from domain to use relayhost amazon ses and when seeing email from domain to use relayhost sendgrid and for local localhost?


By: Sandeep


which domain & smtp used here for above configuration the local mail server or outsider mail servers.


I configured local mail server but I unable to send mail outsider domain ids.


By: Peter

Unless you don't set:

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination

within "/etc/postfix/" you'll have an open relay for eMails....

See here:

By: Nils

Very helpfull!

How to make this work for more than one local user with the same ISP (=same relay host)?

By: Rafiek

This looks like something I can use. One question.I have multiple email adresses from which to send mails. Can I use [email protected], [email protected] (all valid users on once I've done this relay? Or is everything being send from [email protected]??

By: Wendell Murray

Mr. Timme always does an excellent job. Still I have a problem with blockage of port 25 for incoming messages to Postfix by my ISP, Comcast/XFINITY in USA. I have not been able to figure out a solution to this problem, despite reading Postfix documentation and websites, such as this. If Mr. Timme has any ideas, please let me know.

By: jim

Thanks for the tutorial.  In order for this to work for me :

if the relayhost you are forwarding your messages to is not listed as a MX for the domain then there should be brackets around the relayhost.  IE:  postconf -e 'relayhost = []'