Using Postfix as Mail Relay
So, postfix is a fairly full-featured, backend mailserver software, that, to be honest, the reason I’m using it is because the most recent, up to date how-to’s all use postfix. Which, I’m assuming that means its probably one of the easier mail systems to configure.
But, we will be using it to forward all of the system emails to our personal email address. I use gmail, so my examples will be more geared towards gmails smtp address and port.
This was lifted - quite almost literally - from HowToForge. [POSTFIX-HowTo]
sudo apt-get install postfix mailutils
Now, during this installation, the system will prompt you with Configuration Option’s. Since we will be using an outside service to send our mail - aka
smtp.gmail.com - we will select
If we were to use postfix in other ways, we’d pick another option.
Then, it will continue on with
System Mail Name, which, technically you would normally want a
FQDN address listed here. But, using your systems basic hostname is also fine, especially if you have just a couple of machines.
We will be setting the system to process emails only from “the server on which it is running,” aka the
loopback interface. That way, when postfix “receives” an email from the system - for say, root - it will use Postfix to forward the email off through our specified smtp server. Thus, using the loopback as the “catch-all” for the emails.
You’ll want to create a
generic file inside of the postfix configuration directory. This should contain your systems hostname and then your email address, aka:
ubuntu-server [email protected]
First, we’re going to make a seperate, locked down password file that Postfix will use to authenticate with gmail.
sudo nano /etc/postfix/sasl_passwd
And add the line:
smtp.gmail.com:587 [email protected]:password
Which, of course, if you use a different mail service, input their info and it should work just the same. And, also,
email@example.com:password needs to be replaced with your info.
Now, lock that file down so only root can view it.
sudo chmod 600 /etc/postfix/sasl_passwd sudo chown root:root /etc/postfix/sasl_passwd
Process Password and Generic File
Remember when you installed
mailutils? That was for
postmap, which compiles and hashes the contents of our
generic files, and creates a new file in the same spot, with
.db added to the end, making it a database file easier to parse as it runs.
sudo postmap /etc/postfix/sasl_passwd sudo postmap /etc/postfix/generic
Main Configure File
main.cf file, there are 6 specific parameters we will be using for the relay setup:
relayhostwhich specifies the mail relay host and port number. The host name will be enclosed in brackets to specify that no MX lookup is required.
smtp_use_tlswhich enables (or disables) transport layer security.
smtp_sasl_auth_enablewhich enables (or disables) SASL authentication.
smtp_sasl_security_optionswhich in the following configuration will be set to empty, to ensure that no Gmail-incompatible security options are used.
smtp_sasl_password_mapswhich specifies the password file to use. This file will be compiled and hashed by postmap in a later step.
smtp_tls_CAfilewhich specifies the list of certificate authorities to use when verifying server identity.
smtp_generic_mapstells postfix to read your system name and email address from your generic file
sudo nano /etc/postfix/main.cf
main.cf is postfix’s config file.
You will most likely have to add most of the above options, possibly deleting one or two in order to clump them all together in one, single block of text.
relayhost = smtp.gmail.com:587 smtp_use_tls = yes smtp_sasl_auth_enable = yes smtp_sasl_security_options = smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt smtp_generic_maps = hash:/etc/postfix/generic
smtp_sasl_security_options is left empty.
Restart postfix, enabling our various changes:
sudo systemctl restart postfix.service
– or –
sudo service postfix restart
Send Test Emails
This is testing if the actual forwarding part works, as you’re able to send emails through the command line.
To send a test email over the command line:
echo "This is the body of the email" | mail -s "This is the subject line" [email protected]
Making sure to put your email address in place of
firstname.lastname@example.org. You should receive the email within a few seconds if its successful.