Configure Postfix to Relay Mail to an External SMTP Server on CentOS 7

The benefit of having two Postfix servers relaying email to an external SMTP server is redundancy.

This article is part of the Homelab Project with KVM, Katello and Puppet series.

Homelab

We have two CentOS 7 (minimal) servers installed which we want to configure as follows:

admin1.hl.local (10.11.1.2) – will be configured as a Postfix relay
admin2.hl.local (10.11.1.3) – will be configured as a Postfix relay

Both servers have SELinux set to enforcing mode.

See the image below to identify the homelab part this article applies to.

Software

Software used in this article:

  1. CentOS 7
  2. Postfix 2.10

Install Postfix

Note that this section applies to both servers.

Install Postfix and ensure that the service is enabled:

# yum install postfix cyrus-sasl-plain
# systemctl enable postfix

In case Sendmail is installed, remove it:

# yum remove -y sendmail*

Allow inbount firewall traffic:

# iptables -A INPUT -s 10.11.1.0/24 -p tcp -m state --state NEW --dport 25 -j ACCEPT

Configure Postfix Server as a Relay

Note that this section applies to both servers. Open /etc/postfix/main.cf for editing and configure the following:

smtpd_banner = $myhostname ESMTP
inet_interfaces = all
inet_protocols = ipv4

mynetworks = 127.0.0.0/8, 10.11.1.0/24
relayhost = [mail.example.com]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_CApath = /etc/ssl/certs
smtp_use_tls = yes

Create a new file /etc/postfix/sasl_passwd and add the authentication details of the external SMTP server:

[mail.example.com]:587 [email protected]:passwd

Prevent non-root access:

# chmod 0600 /etc/postfix/sasl_passwd

Create a database file:

# postmap /etc/postfix/sasl_passwd

Check configuration and restart Postfix service:

# postfix check
# systemctl restart postfix

Configure Postfix on a Null Client

When we configure other homelab servers to us Postfix to relay emails via admin1 and admin2, we can have a fallback relay defined (taken from the Postfix configuration file /etc/postfix/main.cf that’s on the Katello server):

relayhost = [admin1.hl.local]
fallback_relay = [admin2.hl.local]

This gives us redundancy in a way so that if one of the SMTP relays is down, we can send emails out via the second one.

Here is an example taken from our Katello server when both relays are operational:

[katello]# echo test|mailx -s TEST [email protected]
Feb 18 18:09:52 katello postfix/pickup[23067]: 328C73D94: uid=0 from=<root>
Feb 18 18:09:52 katello postfix/cleanup[23089]: 328C73D94: message-id=<[email protected]>
Feb 18 18:09:52 katello postfix/qmgr[23068]: 328C73D94: from=<[email protected]>, size=421, nrcpt=1 (queue active)
Feb 18 18:09:52 katello postfix/smtp[23091]: 328C73D94: to=<[email protected]>, relay=admin1.hl.local[10.11.1.2]:25, delay=0.13, delays=0.04/0.02/0.03/0.03, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 4A557532)
Feb 18 18:09:52 katello postfix/qmgr[23068]: 328C73D94: removed

We see that email was relayed via admin1. Now, if the admin1 server was down, the email would get relayed via admin2:

Feb 18 18:11:17 katello postfix/pickup[23067]: A81993D96: uid=0 from=<root>
Feb 18 18:11:17 katello postfix/cleanup[23089]: A81993D96: message-id=<[email protected]>
Feb 18 18:11:17 katello postfix/qmgr[23068]: A81993D96: from=<[email protected]>, size=421, nrcpt=1 (queue active)
Feb 18 18:11:17 katello postfix/smtp[23091]: connect to admin1.hl.local[10.11.1.2]:25: Connection refused
Feb 18 18:11:17 katello postfix/smtp[23091]: A81993D96: to=<[email protected]>, relay=admin2.hl.local[10.11.1.3]:25, delay=0.2, delays=0.01/0/0.08/0.11, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as C9F614D6)
Feb 18 18:11:17 katello postfix/qmgr[23068]: A81993D96: removed

2 thoughts on “Configure Postfix to Relay Mail to an External SMTP Server on CentOS 7

  1. Hello,

    First of all, thank you for this article. I was wondering if you can help me out with one problem though?

    I have mada a cron.js file which is sending emails to the users, depending on server status. I have also configured postfix, as suggested here: https://sendgrid.com/docs/for-developers/sending-email/postfix/. When i execute file from
    command line, for example node cron.js , everything works fine. But when i put that file in crontab, i get authorization error.
    Do you know what the problem may be?

    All the best

    • A couple of things you can check. Make sure that you use the same user to run the script, also use the full path to the executables. If these don’t help, the run the script in the debug mode. It might also be environment variables that aren’t the same when you run it from a CLI and via cron.

Leave a Reply

Your e-mail address will not be published. Required fields are marked *