How to configure Postfix to use an External SMTP Server

Last updated on

In this article we are going to configure Postfix to relay mail through an external SMTP server. This has its advantages if you are having spam issues sending mail directly from your server.

Prerequisites

You’ll need the address and port of your SMTP server, and the username and password of your email account.

Your SMTP port should be 587, though this may be different depending on your host.

1. Install Postfix

If you’ve already installed Postfix, skip to step 2.

Let’s update the package database first.

sudo apt-get update

Install mailutils, which will automatically install Postfix.

sudo apt install -y mailutils

On the first Postfix configuration screen, select OK by pressing TAB and ENTER

Select Internet Site and press ENTER.

System mail name should be your domain name eg. example.com, press ENTER.

Package should now be installed.

2. Configure Postfix

Edit the Postfix configuration file.

sudo nano /etc/postfix/main.cf

Find the following line relayhost = about 6 lines up from the bottom of the file and delete it.

Add the following to the end of the file. Make sure to replace smtp.example.com with your own SMTP server. The default SMTP port is 587, make sure you get the right one.

/etc/postfix/main.cf
relayhost = [smtp.example.com]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_CAfile = /etc/postfix/cacert.pem
smtp_use_tls = yes

Save file and exit. (Press CTRL + X, press Y and then press ENTER)

3. Create Password and DB Files

Create the sasl_passwd file which will store our credentials.

sudo nano /etc/postfix/sasl_passwd

Insert the following:

/etc/postfix/sasl_passwd
[smtp.example.com]:587 username:password

Make sure to replace smtp.example.com with your own SMTP server. The default SMTP port is 587. Replace username and password with your own. The username is sometimes the email address.

Save file and exit. (Press CTRL + X, press Y and then press ENTER)

Create a hash database file for Postfix with the postmap command.

sudo postmap /etc/postfix/sasl_passwd

There should now be a file called sasl_passwd.db in the /etc/postfix/ directory.

For added security, we will only allow root user to read and write to sasl_passwd and sasl_passwd.db

sudo chown root:root /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db
sudo chmod 0600 /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db

4. Sign Certificate

Now we are going to create the certificate.

cat /etc/ssl/certs/thawte_Primary_Root_CA.pem | sudo tee -a /etc/postfix/cacert.pem

There should now be a certificate file called cacert.pem in /etc/postfix

5. Send a Test Mail

We’ll now send a test email message. Make sure to replace [email protected] with your own email address.

echo "Test Email message body" | mail -s "Email test subject" [email protected]

Don’t forget to check your spam folder.

If you still haven’t received any mail, check the mail error log.

sudo tail /var/log/mail.log

If the mail log is empty or doesn’t exist, try parsing the syslog. This will return the last 50 entries for postfix.

sudo tail -f -n 50 /var/log/syslog | grep postfix

If the syslog is empty and you still haven’t received any test email, it’s possible that the test email was rejected by the recipient server. You should check to see if anything has bounced back to your mail folder.

sudo less /var/mail/$(whoami)

Press uppercase G to scroll to the bottom of the file and lowercase q to quit. The $(whoami) variable returns the currently logged in user.

Note: Sending Mail to Your Own Domain

If you ever intend to send email from postfix to your own domain, [email protected] for example, postfix may need some further configuration. Please see article Can’t send mail to own domain. Postfix: status=bounced (unknown user: “user”)

1 Star2 Stars3 Stars4 Stars5 Stars 4.71 (14 votes)

Let me know if this helped. Follow me on Twitter, Facebook and YouTube, or 🍊 buy me a smoothie.

p.s. I increased my AdSense revenue by 68% using AI 🤖. Read my Ezoic review to find out how.

17 replies

avatar
  Subscribe  
newest oldest
Notify of
Haseeb
Guest
Haseeb
Haseeb
1 year ago

[[email protected] ssl]# cat /etc/ssl/certs/thawte_Primary_Root_CA.pem | sudo tee -a /etc/postfix/cacert.pem
cat: /etc/ssl/certs/thawte_Primary_Root_CA.pem: No such file or directory

Robert Drummond
Guest
Robert Drummond
Robert Drummond
1 year ago

Awesome! Thank you so much for this. I’ve been trying to find a simple solution to allow my home server to email me via SMTP and this worked on the initial try.

Thean Heng
Guest
Thean Heng
Thean Heng
2 years ago

Cannot send email, the following error occur:
(Host or domain name not found. Name service error for name=mail.khmerdeliveryservices.com
type=AAAA: Host found)

I did set up A record and AAAA record for mail.khmerdeliveryservices.com correctly from my domain registrar.

Michael Japlin
Guest
Michael Japlin
Michael Japlin
2 years ago

I’ve set this up with Mailgun so that WordPress comments will be emailed to my Gmail, however, I get this error in the log when I post a reply to someone.

status=bounced (host smtp.mailgun.org[52.32.113.201] said: 550 5.1.0 Recipient rejected: <[email protected]_domain.co> (in reply to RCPT TO command))
Ahmed
Guest
Ahmed
Ahmed
2 years ago

The syslog shows this error when trying to send a test. Using mailgun.

status=bounced (host smtp.mailgun.org[34.237.7.101] said: 550 5.7.1 Relaying denied (in reply to RCPT TO command)
JJHef
Guest
JJHef
JJHef
2 years ago

When I do a test email, nothing comes in. The syslog says this:

postfix/smtp[19504]: 1EDFD41921: to=, relay=server81.web-hosting.com[192.64.118.70]:587, delay=1.9, delays=0.04/0.05/1.7/0.18, dsn=5.0.0, status=bounced (host server81.web-hosting.com[192.64.118.70] said: 550-Verification failed for 550-The mail server could not deliver mail to [email protected] The account or domain may not exist, they may be blacklisted, or missing the proper dns entries. 550 Sender verify failed (in reply to RCPT TO command))

JJHef
Guest
JJHef
JJHef
2 years ago

My host Namecheap says to use mail server server81.web-hosting.com and port 465, will this work?