Learning Center
Mail

How to Configure Postfix Using External SMTP Servers

9 Dec 2024
Awais Khan
Awais Khan

Postfix is a widely used tool for routing and delivering emails. Known for its adaptability, reliability, and easy setup, it's essential to email systems. It ensures smooth message delivery and allows administrators to manage email traffic efficiently.

To install Postfix, you will need to install the software, configure it with an external SMTP server, and set up verifications. Follow these guidelines for a seamless setup.

Before moving to the main process, ensure you have:

  • sudo privileges or root access on a Linux server 

  • An external SMTP server (like Gmail) 

Installing Postfix
Copy link

Employ the instructions below to install Postfix across several Linux distros:

On Debian-based Linux Distros (like Ubuntu)

sudo apt install postfix

On Red Hat-based Linux Distros (like CentOS)

sudo yum install postfix

On Fedora

sudo dnf install postfix

On Arch Linux

sudo pacman -S postfix

During installation, users will see a setup window.

Image2

This window will ask for basic setup settings.

Image1

After finalizing, complete the installation.

Image4

Configuring Postfix
Copy link

Correctly configuring Postfix is crucial for successful email delivery. This involves updating configuration files, activating authentication, and setting methods for processing and delivering mails. Here's the process:

Step 1: Configuration File Modification
Copy link

The main.cf (Postfix configuration) contains principal settings, and to tweak them, open the file using:

sudo nano /etc/postfix/main.cf

Note: By default, new virtual servers have ports 465 and 587 blocked. To unblock these ports, reach out to technical support.

Step 2: Configuration with an External SMTP Server
Copy link

Set up the relay host and enable security protocols by adding the provided lines to the file:

relayhost = [smtp.example.com]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_security_level = encrypt
smtp_tls_note_starttls_offer = yes

Here:

  • The initial line configures the Postfix relay host. This line sets the SMTP and port (587 for TLS); if you’re using Gmail, replace "smtp.example.com" with "smtp.gmail.com."

  • The second line enables SASL authentication.

  • The third line points to the file containing your SMTP credentials (an essential file that helps setup Postfix map sasl_password.

  • The fourth line prevents anonymous connections.

  • The fifth line causes the utility to utilize TLS encryption.

  • The sixth line reports the server's STARTTLS offer.

Save the file once you’ve adjusted the necessary settings.

Step 3: Construct the SASL Credentials File
Copy link

Create a SASL password file via your SMTP credentials:

sudo nano /etc/postfix/sasl_passwd

Insert the credentials in the specified format within the file:

[smtp.example.com]:587 email@example.com:password

Substitute [smtp.example.com] with your chosen server (e.g., smtp.gmail.com). Swap out password and email@example.com with your real email address and corresponding password. Produce an app-specific password in Gmail by accessing the App Passwords segment of your account settings.

Step 4: Protect the SASL Credentials
Copy link

Once done, protect your credentials via provided commands:

sudo chmod 600 /etc/postfix/sasl_passwd 
sudo postmap /etc/postfix/sasl_passwd
  • The first command restricts access to the credentials file, permitting read access solely to the root user.

  • The application will authenticate via the hash database file generated by the second command.

Step 5: Restart Postfix
Copy link

Restart to apply the changes:

sudo systemctl restart postfix

Note: If encountering an error like "fatal: the Postfix mail system is not running," double-check that the server is configured correctly and that all processes have been exactly followed.

Testing the SMTP Server
Copy link

Now that everything has been modified, you can send mail.

Before sending, install mailutils on your Linux PC using:

sudo apt install mailutils

Post-installation, check the configuration by sending a test mail using the specified format below:

echo "Test email from Postfix" | mail -s "Test Postfix" recipient@example.com

Image5

  • The first part displays the beginning part of the text intended for the mail body.

  • Second is the pipe symbol (|) which directs the echo command’s output straight into the mail command.

  • Third is the mail command that establishes the email’s subject when used with -s option.

  • The last part indicates the email address of the test message's recipient.

To make sure everything is functioning and that the test mail was delivered correctly, delve into the mail logs using:

sudo tail -f /var/log/mail.log

Image8

This log file provides a snapshot of recent activities. If the test mail logs successful, your setup is complete.

Note: If experiencing difficulties receiving Gmail messages, use below guidelines:

  • Enter your current login details to access Gmail through a web browser.

  • Locate the gear icon at the top right, click it and select "See all settings."

  • In the Gmail menu, pick "Forwarding and POP/IMAP."

  • Go with "IMAP access" and activate "Enable IMAP."

  • Continue scrolling down, and hit "Save Changes.

By adhering to these guidelines, you'll activate IMAP in Gmail and improve the message delivery system.

Setting Up Email Forwarding
Copy link

Email forwarding configuration ensures seamless redirection of incoming mails from one address to another, guaranteeing you never miss a message. This functionality is useful to centralize email management or direct system alerts to an external email address. Take the following action to configure forwarding:

Step 1: Modify Aliases File
Copy link

Begin by adding modifications to the aliases file, which can be accessed using:

sudo nano /etc/aliases

To specify forwarding addresses, they must be detailed in the aliases file. For instance:

root:    email@example.com

This command ensures mails destined for the root are passed along to email@example.com. Users can establish extra forwarding rules as required.

Image7

Step 2: Refresh the Aliases Database
Copy link

Refresh the aliases database to apply the modification using:

sudo newaliases

Image10

Step 3: Restart Postfix
Copy link

Lastly, restart again via:

sudo systemctl restart postfix

By sticking to these instructions, you may smoothly establish email forwarding, guaranteeing that mails intended for certain addresses are quickly forwarded to the selected account.

Enabling SMTP Encryption
Copy link

Encrypting SMTP is a must to preserve the security and privacy of emails as they travel over the internet. Activating Transport Layer Security (TLS) strengthens the integrity of the communication path between the server and the mail client. Adhere to the below instructions to enable encryption:

Step 1: Install Certbot
Copy link

First, the Certbot program needs to be installed to get a free TLS certificate from Let's Encrypt. The process of obtaining and renewing these certifications is made easier by Certbot, which can be installed on Ubuntu using:

sudo apt install certbot

Step 2: Allow HTTP Traffic
Copy link

Next, update the firewall settings to enable HTTP traffic on port 80 using the command provided below:

sudo ufw allow 80

Image11

Step 3: Obtain a TLS Certificate
Copy link

Proceed by employing Certbot to acquire a TLS certificate for your domain. To achieve this, swap out your_domain with your real domain name in the command below:

sudo certbot certonly --standalone --rsa-key-size 4096 --agree-tos --preferred-challenges http -d your_domain

This command directs Certbot to:

  • Use a 4096-bit RSA key to enhance security.

  • Deploy a temporary independent server to carry out domain verification.

  • Conduct the verification process through port 80.

Adhere to the on-screen instructions and add your email address when prompted. After the process is finalized, Certbot will securely place your SSL certificate and private key within the /etc/letsencrypt/live/your_domain directory.

Step 4: Postfix Configuration for TLS
Copy link

With the certificate in hand, update the settings to implement it by opening the configuration file via:

sudo nano /etc/postfix/main.cf

Find the TLS parameters part and update it to include these lines:

# TLS parameters
smtpd_tls_cert_file=/etc/letsencrypt/live/your_domain/fullchain.pem
smtpd_tls_key_file=/etc/letsencrypt/live/your_domain/privkey.pem
smtpd_tls_security_level=may

smtp_tls_CApath=/etc/ssl/certs
smtp_tls_security_level=may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

Alter your_domain to your real domain's name; subsequently, the tool will be able to use the TLS certificate to safeguard email exchanges.

Step 5: Restart Postfix
Copy link

To implement the modified settings, restart again using:

sudo systemctl restart postfix

Send the mail after finishing that, then check the recipient's mailbox. Unencrypted mails are more prone to being flagged as spam by email providers so the message might appear almost instantly.

Following these guidelines can help you send mails safely and reduce the likelihood that email providers may mark them as spam.

Conclusion
Copy link

Setting up Postfix through external SMTP servers is a simple process that enhances your server's email capabilities. This guide has thoroughly covered the installation, configuration, and testing phases of Postfix, including the setup of email forwarding and the activation of SMTP encryption. By adhering to these steps, users can ensure their mails are delivered securely.