Azimout's Linux weblog

Configure Postfix to use an SMTP relay

with one comment


If the relay is a modern mail server, i.e. one that supports STARTTLS (e.g. Gmail), then you can configure Postfix to use that relay for all email with external destinations like this:

  1. Required packages: postfix, libsasl2-2, ca-certificates, libsasl2-modules
  2. Add to /etc/postfix/ (if it doesn’t exist, create it):
    relayhost = []:587
    smtp_sasl_auth_enable = yes
    smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
    smtp_sasl_security_options = noanonymous
    smtp_tls_CAfile = /etc/postfix/cacert.pem
    smtp_use_tls = yes
  3. Create /etc/postfix/sasl_passwd with the following line in it, set permissions to 400, run postmap on it (sudo postmap sasl_passwd):
  4. Copy the certificate:
    sudo cp /etc/ssl/certs/Thawte_Premium_Server_CA.pem /etc/postfix/cacert.pem
  5. Restart postfix:
    sudo service postfix restart


If, instead, it’s some legacy mail server that only supports SMPTS (a.k.a. TLS wrapper mode), you’ll need to use an SSL tunnel as described here.

  1. Required packages: postfix, libsasl2-2, ca-certificates, libsasl2-modules, stunnel4
  2. Add the following to /etc/stunnel/stunnel.conf, and set the cert and key values to the same snakeoil certificates used by postfix:
    accept = 11125
    client = yes
    connect = legacy.smtp.relay:smtps
  3. Set the relayhost in /etc/postfix/ as follows:
    relayhost = []:11125
  4. Start stunnel, restart postfix. To have stunnel startup automatically at boot time, edit /etc/default/stunnel4


(you’ll need the package ‘mailutils’ for this)

To test your configuration, type the following in a terminal: mail -s my_subject my_real_email_address, then type the message body, and end by typing a single dot in a line. The message should be delivered to your real (i.e. external) email address through the GMail servers. You might also want to monitor the log file /var/log/mail.log (tail -f /var/log/mail.log)

Forwarding root mail

Some servers send their notifications to root@localhost. You might want to forward that to your “real email address” in order to be notified when server maintenance is needed.

To do this, add the following line to /etc/aliases, and then run the newaliases command:

root: my_real_email_address

Written by azimout

20/05/2011 at 14:15

Posted in Howto

One Response

Subscribe to comments with RSS.

  1. Works fine on Ubuntu 11.04! Tanks…

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: