Set up Postfix to Relay Mail to an External SMTP Server on CentOS 6

Part 5 of setting up a Linux home lab environment with VirtualBox. Check this blog post for more info.

Postfix is a free and open-source mail transfer agent (MTA) that routes and delivers electronic mail.

Software

Software used in this article:

  1. CentOS 6
  2. Postfix 2.6

Install Postfix

Install Postfix:

# yum install -y postfix cyrus-sasl-plain

In case Sendmail is installed, erase it:

# yum erase -y sendmail*

Open /etc/postfix/main.cf for editing and configure the following:

smtpd_banner = $myhostname ESMTP
inet_interfaces = all
inet_protocols = ipv4

relayhost = [mail.example.com]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_CApath = /etc/ssl/certs
smtp_use_tls = yes

mynetworks = 127.0.0.0/8, 10.8.8.0/24
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases

queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
mail_owner = postfix
#mydestination = $myhostname, localhost.$mydomain, localhost
unknown_local_recipient_reject_code = 550
debug_peer_level = 2
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no

Create /etc/postfix/sasl_passwd file and add the authentication details of the external SMTP server:

[mail.example.com]:587 [email protected]:passwd

Prevent non-root access:

# chmod 0600 /etc/postfix/sasl_passwd

Create a database file:

# postmap /etc/postfix/sasl_passwd

Restart Postfix service:

# /etc/init.d/postfix restart

Iptables will be configured via Puppet. The line below is used for the time being only:

# iptables -A INPUT -s 10.0.0.0/8 -p tcp -m state --state NEW --dport 25 -j ACCEPT

Troubleshooting

Check logs:

# tail /var/log/messages
# tail /var/log/maillog

20 thoughts on “Set up Postfix to Relay Mail to an External SMTP Server on CentOS 6

  1. I would like to get some idea about what is the relation between postfix and dovecot, which function they serve regarding mail server setup? any thought?

    • Postfix is a mail transport agent (MTA), it sends email to your desired destination. Dovecot is a delivery agent (MDA), meaning it’s not responsible for receiving email from other servers (that’s Postfix’s job). Dovecot only handles email messages coming out of the local message store.

  2. So let me see if i understand this correctly ….Postfix (an mta) is responsible for receiving and delivering email messages between server to servers.
    Once they arrives at a server , Dovecot (an mda) distributing them in local mailboxes according to the intended recipient.

    And from there, its a mail clients’ job (like roundcube) to help user get his mail from his mailbox.
    Correct me if i am wrong.

    • Yes, in general. Dovecot stores emails on a server and lets you fetch messages using POP3 and IMAP protocols. Roundcube is a webmail interface so that you can read emails using a web browser. Roundcube uses IMAP which is provided by Dovecot.

  3. Hi.
    Great post, i have a question , i configured postfix in my rhel server, when i tried to send mail the remote relay mail server display this in my mailog.
    “(host smtp.host.com[19x.1xx.xx.xx] said: 530 Authentication required (in reply to MAIL FROM command))

    I put the user and passwd in sasl_passwd in this format:

    [smtp.host.com]:25 [email protected]:user_password

    Any idea …

    Regards,

    • I’d say that something is still wrong with SMTP credentials. You may want to try SSMTP first and see if you can send an email out (use mailx) as it’s easier to configure it compared to Postfix.

      I don’t know your level of experience, but you can also try sending an email out via telnet. That’s what I usually do when I have to troubleshoot SMTP issues.

  4. Hi. Hope you can give me a hand with this… im going a little crazy…

    This is the desing:

    local network
    (zimbra (192.168.1.5)) ——— (postfix (192.168.1.20))
    in different machines (yes i know that zimbra have postfix, but i want
    config postfix in a different machine), so i dont have users in the postfix
    machine for receive mails.

    The idea is using postfix for send the mails from zimbra, and take the mails that people send to user in zimbra (from the world).
    this is all my config:
    main.cf

    command_directory = /usr/sbin
    config_directory = /etc/postfix
    daemon_directory = /usr/libexec/postfix
    data_directory = /var/lib/postfix
    debug_peer_level = 2
    debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd
    $daemon_directory/$process_name $process_id & sleep 5
    html_directory = no
    inet_interfaces = all
    inet_protocols = all
    mail_owner = postfix
    mailq_path = /usr/bin/mailq.postfix
    manpage_directory = /usr/share/man
    mydomain = mydomain.org.ar
    myhostname = postfix.mydomain.org.ar
    myorigin = $mydomain
    relayhost = email.$mydomain
    relay_domains = mydomain.org.ar
    newaliases_path = /usr/bin/newaliases.postfix
    queue_directory = /var/spool/postfix
    readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
    sample_directory = /usr/share/doc/postfix-2.10.1/samples
    sendmail_path = /usr/sbin/sendmail.postfix
    setgid_group = postdrop
    smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
    smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
    smtpd_sasl_auth_enable = yes
    smtpd_sasl_local_domain = mydomain.org.ar
    smtpd_sasl_path = /etc/sasl2/smtpd.conf
    smtpd_sasl_security_options = noanonymous
    broken_sasl_auth_clients = yes
    unknown_local_recipient_reject_code = 550

    —————————————————————-

    master.cf

    smtp inet n – n – – smtpd
    pickup unix n – n 60 1 pickup
    cleanup unix n – n – 0 cleanup
    qmgr unix n – n 300 1 qmgr
    tlsmgr unix – – n 1000? 1 tlsmgr
    rewrite unix – – n – – trivial-rewrite
    bounce unix – – n – 0 bounce
    defer unix – – n – 0 bounce
    trace unix – – n – 0 bounce
    verify unix – – n – 1 verify
    flush unix n – n 1000? 0 flush
    proxymap unix – – n – – proxymap
    proxywrite unix – – n – 1 proxymap
    smtp unix – – n – – smtp
    relay unix – – n – – smtp
    showq unix n – n – – showq
    error unix – – n – – error
    retry unix – – n – – error
    discard unix – – n – – discard
    local unix – n n – – local
    virtual unix – n n – – virtual
    lmtp unix – – n – – lmtp
    anvil unix – – n – 1 anvil
    scache unix – – n – 1 scache

    I receive mails that i send from my gmail account to mails in zimbra, but if i want reply i got this error.
    I mean zimbra is receiving mails to [email protected] but from [email protected] i got this error

    Nov 2 13:19:16 postfix postfix/smtp[3575]: B963BAFC0D: to=, relay=email.mydomain.org.ar[190.2.120.196]:25, delay=0.05, delays=0.01/0.01/0.01/0.01, dsn=5.7.1, status=bounced (host email.mydomain.org.ar[190.2.120.196] said: 554 5.7.1 : Relay access denied (in reply to RCPT TO command))

    Can you give me a hand?? what im doing wrong??
    Thanks

    • The way I understand it is that you try to send an email from mydomain.org.ar to mydomain.org.ar and it bounces back because it’s not allowed on your relay server.

      Is the server email.mydomain.org.ar configured to relay emails for the domain mydomain.org.ar?

  5. Hi, I’m new with postfix here, I want to configure my local server to relay mail to our external mail server. Could you advise me please, what are the CA certificate used on the smtp_tls_CApath = /etc/ssl/certs ?
    Is it the smtp server’s cert or generate one from my local server?

    Thanks.

    • The smtp_tls_CApath is a directory with CA certificates that the Postfix client uses to verify a remote SMTP server certificate. You can also store your own imported trusted CAs in the same folder if you wish.

Leave a Reply to nuansa Cancel reply

Your email address will not be published. Required fields are marked *