Postfix SMTP relay

For home servers I funnel all emails through a single Postfix SMTP relay via a Gmail account.

(On Debian 9 you need to install libsasl2-modules first.)

 

Create /etc/postfix/sasl_passwd file with following content (replace the obvious variables):

[smtp.gmail.com]:587 $USER@gmail.com:$PASS

 

Then generate Postfix map file. This will create /etc/postfix/sasl_passwd.db file.

postmap /etc/postfix/sasl_passwd

 

Change permissions on those two files.

chmod 0600 /etc/postfix/sasl_passwd*

 

Reconfigure /etc/postfix/main.cf file with following content.

relayhost = [smtp.gmail.com]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
#smtp_use_tls = yes
smtp_tls_security_level = may
header_size_limit = 4096000

Restart Postfix.

 

SMTP SSL authentication:

If you need to relay through a SMTP server that requires SSL authentication then you need to do additional steps. You will need to setup stunnel TLS proxy.

 

Install stunnel. On Debian 9 you run…

apt-get install stunnel4

 

Enable stunnel by modifying /etc/default/stunnel.

ENABLED=1

 

Make sure it’s enabled by default to start on reboot.

systemctl enable stunnel4

 

Create a custom stunnel configuration file, like /etc/stunnel/SMTPs.conf would do with following content. This spins up stunnel running on local port 22225.

($EXT_SMTP will be FQDN or IP of the external SMTP server.)

pid = /var/run/stunnel-SMTPs.pid

[smtp-tls-wrapper]
accept = 22225
client = yes
connect = $EXT_SMTP:465

 

Modify your /etc/postfix/main.cf file and change relayhost line to point to localhost on port 22225.

relayhost = [localhost]:22225

Restart both Postfix and stunnel.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.