postfix_config_for_outgoing_smarthost

no way to compare when less than two revisions

Differences

This shows you the differences between two versions of the page.


Previous revision
postfix_config_for_outgoing_smarthost [14.10.2020 18:31] (current) Pascal Suter
Line 1: Line 1:
 +====== postfix config for outgoing smarthost with TLS authentication ======
 +this is a short how-to, to get your postfix mailserver to send outgoing mail via a smarthost that requires TLS authenticatin: 
 +
 +create a password file with the following contents: 
 +  echo "mail.server.com username:password" > /etc/postfix/smarthost_password
 +  chmod 600 /etc/postfix/smarthost_password
 +  postmap /etc/postfix/smarthost_password
 +edit main.cf 
 +  nano /etc/postfix/main.cf
 +and add / modify these lines: 
 +<code>
 +relayhost = mail.w3design.ch:587
 +smtp_use_tls=yes
 +smtp_sasl_auth_enable = yes
 +smtp_sasl_password_maps = hash:/etc/postfix/smarthost_password
 +smtp_sasl_security_options = noanonymous
 +smtp_tls_security_level = encrypt
 +</code>
 +also make sure you're not creating an open realy server for everybody to use. for example limit your accetpable mail networks to localhost only is a good starting point (in main.cf as well): 
 +  mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
 +make sure the necessary encryption libraries are installed
 +  apt install libsasl2-modules
 +now check your neew config and reload it: 
 +  postfix check 
 +  postfix reload 
 +montior your mail logs and send a test message to see what happens: 
 +  tail -f /var/log/mail.* 
 +in another terminal: 
 +  echo "this is a test " | mail mail@psuter.ch -s test
 +
 +===== rewrite from-addresses =====
 +in many cases, the sender domain of such a system is an internal domain and will be rejected by many spam filters. for that reason it may be necessary to rewrite the ''from'' address to an actual valid email address 
 +
 +to do that we can use ''sender_canonical_maps'' on postfix. Add the following line to ''/etc/postfix/main.cf'': 
 +  sender_canonical_maps = hash:/etc/postfix/canonical
 +and create a map in ''/etc/postfix/canonical'' that looks something like this: 
 +  @myserver.local   valid@email.address
 +
 +instead of ''@myserver.local'' which will basically rewrite any local email address, we can also use a username like ''root'' if that better suits our needs. 
 +
 +finally use postmap to create the hash map and reload the config once more: 
 +  postmap /etc/postfix/canonical
 +  postfix check 
 +  postfix reload  
  
  • postfix_config_for_outgoing_smarthost.txt
  • Last modified: 14.10.2020 18:31
  • by Pascal Suter