How to Configure Postfix Using External SMTP Servers
Postfix is a widely used tool for routing and delivering emails. Known for its adaptability, reliability, and easy setup, it's essential to email systems. It ensures smooth message delivery and allows administrators to manage email traffic efficiently.
To install Postfix, you will need to install the software, configure it with an external SMTP server, and set up verifications. Follow these guidelines for a seamless setup.
Before moving to the main process, ensure you have:
-
sudoprivileges orrootaccess on a Linux server -
An external SMTP server (like Gmail)
Installing Postfix Copy link
Employ the instructions below to install Postfix across several Linux distros:
On Debian-based Linux Distros (like Ubuntu)
sudo apt install postfixOn Red Hat-based Linux Distros (like CentOS)
sudo yum install postfixOn Fedora
sudo dnf install postfixOn Arch Linux
sudo pacman -S postfixDuring installation, users will see a setup window.

This window will ask for basic setup settings.

After finalizing, complete the installation.

Configuring Postfix Copy link
Correctly configuring Postfix is crucial for successful email delivery. This involves updating configuration files, activating authentication, and setting methods for processing and delivering mails. Here's the process:
Step 1: Configuration File Modification Copy link
The main.cf (Postfix configuration) contains principal settings, and to tweak them, open the file using:
sudo nano /etc/postfix/main.cfNote: By default, new virtual servers have ports 465 and 587 blocked. To unblock these ports, reach out to technical support.
Step 2: Configuration with an External SMTP Server Copy link
Set up the relay host and enable security protocols by adding the provided lines to the file:
relayhost = [smtp.example.com]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_security_level = encrypt
smtp_tls_note_starttls_offer = yesHere:
-
The initial line configures the Postfix relay host. This line sets the SMTP and port (587 for TLS); if you’re using Gmail, replace "smtp.example.com" with "smtp.gmail.com."
-
The second line enables SASL authentication.
-
The third line points to the file containing your SMTP credentials (an essential file that helps setup Postfix map
sasl_password. -
The fourth line prevents anonymous connections.
-
The fifth line causes the utility to utilize TLS encryption.
-
The sixth line reports the server's STARTTLS offer.
Save the file once you’ve adjusted the necessary settings.
Step 3: Construct the SASL Credentials File Copy link
Create a SASL password file via your SMTP credentials:
sudo nano /etc/postfix/sasl_passwdInsert the credentials in the specified format within the file:
[smtp.example.com]:587 email@example.com:passwordSubstitute [smtp.example.com] with your chosen server (e.g., smtp.gmail.com). Swap out password and email@example.com with your real email address and corresponding password. Produce an app-specific password in Gmail by accessing the App Passwords segment of your account settings.
Step 4: Protect the SASL Credentials Copy link
Once done, protect your credentials via provided commands:
sudo chmod 600 /etc/postfix/sasl_passwd
sudo postmap /etc/postfix/sasl_passwd-
The first command restricts access to the credentials file, permitting read access solely to the
rootuser. -
The application will authenticate via the hash database file generated by the second command.
Step 5: Restart Postfix Copy link
Restart to apply the changes:
sudo systemctl restart postfixNote: If encountering an error like "fatal: the Postfix mail system is not running," double-check that the server is configured correctly and that all processes have been exactly followed.
Testing the SMTP Server Copy link
Now that everything has been modified, you can send mail.
Before sending, install mailutils on your Linux PC using:
sudo apt install mailutilsPost-installation, check the configuration by sending a test mail using the specified format below:
echo "Test email from Postfix" | mail -s "Test Postfix" recipient@example.com
-
The first part displays the beginning part of the text intended for the mail body.
-
Second is the pipe symbol (|) which directs the echo command’s output straight into the mail command.
-
Third is the mail command that establishes the email’s subject when used with
-soption. -
The last part indicates the email address of the test message's recipient.
To make sure everything is functioning and that the test mail was delivered correctly, delve into the mail logs using:
sudo tail -f /var/log/mail.log
This log file provides a snapshot of recent activities. If the test mail logs successful, your setup is complete.
Note: If experiencing difficulties receiving Gmail messages, use below guidelines:
-
Enter your current login details to access Gmail through a web browser.
-
Locate the gear icon at the top right, click it and select "See all settings."
-
In the Gmail menu, pick "Forwarding and POP/IMAP."
-
Go with "IMAP access" and activate "Enable IMAP."
-
Continue scrolling down, and hit "Save Changes.
By adhering to these guidelines, you'll activate IMAP in Gmail and improve the message delivery system.
Setting Up Email Forwarding Copy link
Email forwarding configuration ensures seamless redirection of incoming mails from one address to another, guaranteeing you never miss a message. This functionality is useful to centralize email management or direct system alerts to an external email address. Take the following action to configure forwarding:
Step 1: Modify Aliases File Copy link
Begin by adding modifications to the aliases file, which can be accessed using:
sudo nano /etc/aliasesTo specify forwarding addresses, they must be detailed in the aliases file. For instance:
root: email@example.comThis command ensures mails destined for the root are passed along to email@example.com. Users can establish extra forwarding rules as required.

Step 2: Refresh the Aliases Database Copy link
Refresh the aliases database to apply the modification using:
sudo newaliases
Step 3: Restart Postfix Copy link
Lastly, restart again via:
sudo systemctl restart postfixBy sticking to these instructions, you may smoothly establish email forwarding, guaranteeing that mails intended for certain addresses are quickly forwarded to the selected account.
Enabling SMTP Encryption Copy link
Encrypting SMTP is a must to preserve the security and privacy of emails as they travel over the internet. Activating Transport Layer Security (TLS) strengthens the integrity of the communication path between the server and the mail client. Adhere to the below instructions to enable encryption:
Step 1: Install Certbot Copy link
First, the Certbot program needs to be installed to get a free TLS certificate from Let's Encrypt. The process of obtaining and renewing these certifications is made easier by Certbot, which can be installed on Ubuntu using:
sudo apt install certbotStep 2: Allow HTTP Traffic Copy link
Next, update the firewall settings to enable HTTP traffic on port 80 using the command provided below:
sudo ufw allow 80
Step 3: Obtain a TLS Certificate Copy link
Proceed by employing Certbot to acquire a TLS certificate for your domain. To achieve this, swap out your_domain with your real domain name in the command below:
sudo certbot certonly --standalone --rsa-key-size 4096 --agree-tos --preferred-challenges http -d your_domainThis command directs Certbot to:
-
Use a 4096-bit RSA key to enhance security.
-
Deploy a temporary independent server to carry out domain verification.
-
Conduct the verification process through port 80.
Adhere to the on-screen instructions and add your email address when prompted. After the process is finalized, Certbot will securely place your SSL certificate and private key within the /etc/letsencrypt/live/your_domain directory.
Step 4: Postfix Configuration for TLS Copy link
With the certificate in hand, update the settings to implement it by opening the configuration file via:
sudo nano /etc/postfix/main.cfFind the TLS parameters part and update it to include these lines:
# TLS parameters
smtpd_tls_cert_file=/etc/letsencrypt/live/your_domain/fullchain.pem
smtpd_tls_key_file=/etc/letsencrypt/live/your_domain/privkey.pem
smtpd_tls_security_level=may
smtp_tls_CApath=/etc/ssl/certs
smtp_tls_security_level=may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scacheAlter your_domain to your real domain's name; subsequently, the tool will be able to use the TLS certificate to safeguard email exchanges.
Step 5: Restart Postfix Copy link
To implement the modified settings, restart again using:
sudo systemctl restart postfixSend the mail after finishing that, then check the recipient's mailbox. Unencrypted mails are more prone to being flagged as spam by email providers so the message might appear almost instantly.
Following these guidelines can help you send mails safely and reduce the likelihood that email providers may mark them as spam.
Conclusion Copy link
Setting up Postfix through external SMTP servers is a simple process that enhances your server's email capabilities. This guide has thoroughly covered the installation, configuration, and testing phases of Postfix, including the setup of email forwarding and the activation of SMTP encryption. By adhering to these steps, users can ensure their mails are delivered securely.