Mail relaying made simple with Postfix - gHacks Tech News

Mail relaying made simple with Postfix

Have you installed the Postfix as an easier to use, more secure alternative to Sendmail only to find yourself having trouble with the old "unable to relay" errors? This can be very frustrating and have you pulling out your hair in no time.

MTAs (Mail Transfer Agents) can be a tricky lot to set up. Add in to the mix something like relaying and you have all the ingredients for an installation NOT working. Fortunately Postfix isn't nearly as complicated as Sendmail, so relaying isn't something you need guru-level access to solve. In this tutorial I am going to show you how to set up Postfix for easy relaying. You can always add this to the Ubuntu Server series that started with the article "Installing Ubuntu Server 9.04".

Installing Postfix

Just in case you haven't already, you can install Postfix on your already running Ubuntu Server install with the command:

sudo apt-get install postfix

But I am going to assume you already have Postfix up and running already. And if you're looking into relaying with Postfix, your problem is that you can receive mail, you just can't send it. Let's fix that problem.

Configure Postfix

The file you need to first take care of is /etc/postfix/main.cf. You will need sudo access so open this file with the command:

sudo nano /etc/postfix/main.cf

Now add this to the bottom of that file:

# SMTP Authentication
smtp_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination smtp_sasl_password_maps = hash:/etc/postfix/sasl/sasl_passwd

NOTE: The portion starting with "smtpd_recipient_restrictions" and ending with "reject_unauth_destination" is actually one line.

NOTE: The portion starting with "reject_unauth" and ending with "sasl_passwd" is also only one line.

NOTE: The above assumes you are using Dovecot as your IMAP server.

The last line of the above should give you a hint as to what is next. Yes, you have to create a file, sasl_passwd, for Postfix to use as a password file. This file will be located in /etc/postfix/sasl/ and will look like the following:

address.for.relaying   username:password

Where:

  • address.for.relaying is the actual mail server you will use for relaying.
  • username is the username for authentication on the relaying mail server.
  • password is the password for authentication on the relaying mail server.

The next step is to create the the sasl_passwd DB file so that Postfix has something it can read. To do this, issue the command:

sudo postmap hash:/etc/postfix/sasl/sasl_passwd

You should now see a new file in the /etc/postfix/sasl directory called sasl_passwd.db.

One file step before restarting Postfix. Because the password file is plaintext it should be secured so that it can not be read by just any user. Say, for instance, you want Postfix to only be read by the root user. For this issue the command:

sudo chown root:root /etc/postfix/sasl/sasl_passwd && chmod 600 /etc/postfix/sasl/sasl_passwd

Do the same thing with the sasl_passwd.db file like so:

sudo chown root:root /etc/postfix/sasl/sasl_passwd.db && chmod 600 /etc/postfix/sasl/sasl_passwd.db

NOTE: If you have need for a different user, you can chown the file to whatever user you want...just make sure it is a secure user.

You're finished. All that is left is to restart Postfix with the command:

sudo /etc/init.d/postfix restart

Open up your mail client and text to see if relaying is now working for you.

Final thoughts

Gone are the days of the overly complicated (and insecure) Sendmail configurations. Setting up relaying is simple when you are using Postfix.

Advertisement

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:


Previous Post: «
Next Post: »

Comments

    Leave a Reply

    Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

    Please note that your comment may not appear immediately after you post it.