====== postfix config for outgoing smarthost with TLS authentication ====== this is a short how-to, to get your postfix mailserver to send outgoing mail via a smarthost that requires TLS authenticatin: create a password file with the following contents: echo "mail.server.com username:password" > /etc/postfix/smarthost_password chmod 600 /etc/postfix/smarthost_password postmap /etc/postfix/smarthost_password edit main.cf nano /etc/postfix/main.cf and add / modify these lines: relayhost = mail.w3design.ch:587 smtp_use_tls=yes smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/smarthost_password smtp_sasl_security_options = noanonymous smtp_tls_security_level = encrypt also make sure you're not creating an open realy server for everybody to use. for example limit your accetpable mail networks to localhost only is a good starting point (in main.cf as well): mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 make sure the necessary encryption libraries are installed apt install libsasl2-modules now check your neew config and reload it: postfix check postfix reload montior your mail logs and send a test message to see what happens: tail -f /var/log/mail.* in another terminal: echo "this is a test " | mail mail@psuter.ch -s test ===== rewrite from-addresses ===== in many cases, the sender domain of such a system is an internal domain and will be rejected by many spam filters. for that reason it may be necessary to rewrite the ''from'' address to an actual valid email address to do that we can use ''sender_canonical_maps'' on postfix. Add the following line to ''/etc/postfix/main.cf'': sender_canonical_maps = hash:/etc/postfix/canonical and create a map in ''/etc/postfix/canonical'' that looks something like this: @myserver.local valid@email.address instead of ''@myserver.local'' which will basically rewrite any local email address, we can also use a username like ''root'' if that better suits our needs. finally use postmap to create the hash map and reload the config once more: postmap /etc/postfix/canonical postfix check postfix reload