Mail relaying made simple with Postfix

Jack Wallen
Sep 23, 2009
Updated • Nov 28, 2012

Have you installed the Postfix as an easier to use, more secure alternative to Sendmail only to find yourself having trouble with the old "unable to relay" errors? This can be very frustrating and have you pulling out your hair in no time.

MTAs (Mail Transfer Agents) can be a tricky lot to set up. Add in to the mix something like relaying and you have all the ingredients for an installation NOT working. Fortunately Postfix isn't nearly as complicated as Sendmail, so relaying isn't something you need guru-level access to solve. In this tutorial I am going to show you how to set up Postfix for easy relaying. You can always add this to the Ubuntu Server series that started with the article "Installing Ubuntu Server 9.04".

Installing Postfix

Just in case you haven't already, you can install Postfix on your already running Ubuntu Server install with the command:

sudo apt-get install postfix

But I am going to assume you already have Postfix up and running already. And if you're looking into relaying with Postfix, your problem is that you can receive mail, you just can't send it. Let's fix that problem.

Configure Postfix

The file you need to first take care of is /etc/postfix/ You will need sudo access so open this file with the command:

sudo nano /etc/postfix/

Now add this to the bottom of that file:

# SMTP Authentication
smtp_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination smtp_sasl_password_maps = hash:/etc/postfix/sasl/sasl_passwd

NOTE: The portion starting with "smtpd_recipient_restrictions" and ending with "reject_unauth_destination" is actually one line.

NOTE: The portion starting with "reject_unauth" and ending with "sasl_passwd" is also only one line.

NOTE: The above assumes you are using Dovecot as your IMAP server.

The last line of the above should give you a hint as to what is next. Yes, you have to create a file, sasl_passwd, for Postfix to use as a password file. This file will be located in /etc/postfix/sasl/ and will look like the following:

address.for.relaying   username:password


  • address.for.relaying is the actual mail server you will use for relaying.
  • username is the username for authentication on the relaying mail server.
  • password is the password for authentication on the relaying mail server.

The next step is to create the the sasl_passwd DB file so that Postfix has something it can read. To do this, issue the command:

sudo postmap hash:/etc/postfix/sasl/sasl_passwd

You should now see a new file in the /etc/postfix/sasl directory called sasl_passwd.db.

One file step before restarting Postfix. Because the password file is plaintext it should be secured so that it can not be read by just any user. Say, for instance, you want Postfix to only be read by the root user. For this issue the command:

sudo chown root:root /etc/postfix/sasl/sasl_passwd && chmod 600 /etc/postfix/sasl/sasl_passwd

Do the same thing with the sasl_passwd.db file like so:

sudo chown root:root /etc/postfix/sasl/sasl_passwd.db && chmod 600 /etc/postfix/sasl/sasl_passwd.db

NOTE: If you have need for a different user, you can chown the file to whatever user you want...just make sure it is a secure user.

You're finished. All that is left is to restart Postfix with the command:

sudo /etc/init.d/postfix restart

Open up your mail client and text to see if relaying is now working for you.

Final thoughts

Gone are the days of the overly complicated (and insecure) Sendmail configurations. Setting up relaying is simple when you are using Postfix.


Previous Post: «
Next Post: «


Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.