Postfix SMTP relay

For home servers I funnel all emails through a single Postfix SMTP relay via a Gmail account.

(On Debian 9 you need to install libsasl2-modules first.)


Create /etc/postfix/sasl_passwd file with following content (replace the obvious variables):

[]:587 $$PASS


Then generate Postfix map file. This will create /etc/postfix/sasl_passwd.db file.

postmap /etc/postfix/sasl_passwd


Change permissions on those two files.

chmod 0600 /etc/postfix/sasl_passwd*


Reconfigure /etc/postfix/ file with following content.

relayhost = []:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
#smtp_use_tls = yes
smtp_tls_security_level = may
header_size_limit = 4096000

Restart Postfix.


SMTP SSL authentication:

If you need to relay through a SMTP server that requires SSL authentication then you need to do additional steps. You will need to setup stunnel TLS proxy.


Install stunnel. On Debian 9 you run…

apt-get install stunnel4


Enable stunnel by modifying /etc/default/stunnel.



Make sure it’s enabled by default to start on reboot.

systemctl enable stunnel4


Create a custom stunnel configuration file, like /etc/stunnel/SMTPs.conf would do with following content. This spins up stunnel running on local port 22225.

($EXT_SMTP will be FQDN or IP of the external SMTP server.)

pid = /var/run/

accept = 22225
client = yes
connect = $EXT_SMTP:465


Modify your /etc/postfix/ file and change relayhost line to point to localhost on port 22225.

relayhost = [localhost]:22225

Restart both Postfix and stunnel.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.