tips:postfix_authenticated

Original Content
- Only the important stuff
- Original Content

Original Content

The original content was found here on 2019-06-21.

Only the important stuff

Here are the postfix settings I found to be important:

/etc/postfix/server.cred

[mail.server.com]:587 USERNAME:PASSWORD

/etc/postfix/main.cf

inet_protocols = ipv4
local_transport = error:local mail delivery is disabled
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous
smtp_use_tls = yes
smtp_sasl_password_maps = hash:/etc/postfix/server.cred
smtp_tls_security_level = encrypt

Then postmap and restart

postmap /etc/postfix/server.cred
service postfix restart

There are many reasons why you would want to configure Postfix to send email using an external SMTP provider such as Mandrill, SendGrid, Amazon SES, or any other SMTP server. One reason is to avoid getting your mail flagged as spam if your current server’s IP has been added to a spam list.

In this tutorial, you will learn how to install and configure a Postfix server to send email through Mandrill, or SendGrid. Updated Guide for Gmail and Google AppsPermalink

Before starting this tutorial, you should have:

Your fully qualified domain name (FQDN)
All updates installed

sudo apt-get update

A valid username and password for the SMTP mail provider
Make sure the libsasl2-modules package is installed and up to date:

apt-get install libsasl2-modules

Installing Postfix

In this section, you will install Postfix and set the domain and hostname.

Install Postfix with the following command:

sudo apt-get install postfix

During the installation, a prompt will appear asking for your General type of mail configuration.

  Select Internet Site.

Enter the fully qualified name of your domain, fqdn.example.com.
Once the installation is finished, open the /etc/postfix/main.cf file with your favorite text editor:

  sudo nano /etc/postfix/main.cf

Make sure that the myhostname parameter is configured with your server’s FQDN:

  myhostname = fqdn.example.com

Configuring SMTP Usernames and Passwords

Usernames and passwords are generally stored in a file called sasl_passwd in the /etc/postfix/ directory. In this section, you’ll add your external mail provider credentials to this file and to Postfix.

If you want to use Mandrill, or SendGrid as your SMTP provider, you may want to reference the appropriate example while working on this section. For Google Apps and Gmail-specific settings, check out our Configure Postfix to Send Mail Using Gmail and Google Apps on Debian or Ubuntu guide.

Open or create the /etc/postfix/sasl_passwd file, using your favorite text editor:

sudo nano /etc/postfix/sasl_passwd

Add your destination (SMTP Host), username, and password in the following format:

[mail.isp.example] username:password

Note: If you want to specify a non-default TCP Port (such as 587), then use the following format:

[mail.isp.example]:587 username:password

Create the hash db file for Postfix by running the postmap command:

sudo postmap /etc/postfix/sasl_passwd

If all went well, you should have a new file named sasl_passwd.db in the /etc/postfix/ directory. Securing Your Password and Hash Database FilesPermalink

The /etc/postfix/sasl_passwd and the /etc/postfix/sasl_passwd.db files created in the previous steps contain your SMTP credentials in plain text.

For security reasons, you should change their permissions so that only the root user can read or write to the file. Run the following commands to change the ownership to root and update the permissions for the two files:

sudo chown root:root /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db
sudo chmod 0600 /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db

Configuring the Relay Server

In this section, you will configure the /etc/postfix/main.cf file to use the external SMTP server.

Open the /etc/postfix/main.cf file with your favorite text editor:

sudo nano /etc/postfix/main.cf

Update the relayhost parameter to show your external SMTP relay host. Important: If you specified a non-default TCP port in the sasl_passwd file, then you must use the same port when configuring the relayhost parameter.

# specify SMTP relay host

relayhost = [mail.isp.example]:587
* Note: Check the appropriate Google Apps, Mandrill, or SendGrid section for the details to enter here.
* At the end of the file, add the following parameters to enable authentication:
# enable SASL authentication
smtp_sasl_auth_enable = yes
# disallow methods that allow anonymous authentication.
smtp_sasl_security_options = noanonymous
# where to find sasl_passwd
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
# Enable STARTTLS encryption
smtp_use_tls = yes
# where to find CA certificates
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
* Save your changes.
* Restart Postfix:
sudo service postfix restart