For home servers I funnel all emails through a single Postfix SMTP relay via a Gmail account.
(On Debian 9 you need to install libsasl2-modules first.)
Create /etc/postfix/sasl_passwd file with following content (replace the obvious variables):
[smtp.gmail.com]:587 $USER@gmail.com:$PASS
Then generate Postfix map file. This will create /etc/postfix/sasl_passwd.db file.
postmap /etc/postfix/sasl_passwd
Change permissions on those two files.
chmod 0600 /etc/postfix/sasl_passwd*
Reconfigure /etc/postfix/main.cf file with following content.
relayhost = [smtp.gmail.com]:587 smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_sasl_security_options = noanonymous #smtp_use_tls = yes smtp_tls_security_level = may header_size_limit = 4096000
Restart Postfix.
SMTP SSL authentication:
If you need to relay through a SMTP server that requires SSL authentication then you need to do additional steps. You will need to setup stunnel TLS proxy.
Install stunnel. On Debian 9 you run…
apt-get install stunnel4
Enable stunnel by modifying /etc/default/stunnel.
ENABLED=1
Make sure it’s enabled by default to start on reboot.
systemctl enable stunnel4
Create a custom stunnel configuration file, like /etc/stunnel/SMTPs.conf would do with following content. This spins up stunnel running on local port 22225.
($EXT_SMTP will be FQDN or IP of the external SMTP server.)
pid = /var/run/stunnel-SMTPs.pid [smtp-tls-wrapper] accept = 22225 client = yes connect = $EXT_SMTP:465
Modify your /etc/postfix/main.cf file and change relayhost line to point to localhost on port 22225.
relayhost = [localhost]:22225
Restart both Postfix and stunnel.