Home Wiki

User Tools

Site Tools

Trace: configure_postfix_relay
configure_postfix_relay

Table of Contents

Configure Postfix Mail Relay

It is assumed that following has been configured:

  • You have a primary mail Server. Click here to configure a Mail Server
  • You have a Postfix mail relay Server. Click here to configure a Postfix mail relay

Relay Server Tasks

First install the following: 

apt-get install libsasl2-modules
apt-get install sasl2-bin

Create a file /etc/postfix/sasl/smtpd.conf: 

pwcheck_method: auxprop
auxprop_plugin: sasldb
mech_list: plain login

Add an user to sasldb2 

saslpasswd2 -c -u domain user
sasldblistusers2

Postfix needs /etc/sasldb2 in his chroot environment. One solution is to change init script to copy sasldb2 at startup.

In /usr/lib/postfix/configure-instance.sh, add etc/sasldb2 in the variable FILES : 

        FILES="etc/localtime etc/services etc/resolv.conf etc/hosts \
            etc/host.conf etc/nsswitch.conf etc/nss_mdns.config etc/sasldb2"

Edit Postfix configuration:

Type the following at the terminal: 

postconf -e 'smtpd_sasl_local_domain = $myhostname'
postconf -e 'smtpd_sasl_auth_enable = yes'
postconf -e 'smtpd_sasl_security_options = noanonymous'

Restart (reloading is not enough) postfix: 

service postfix restart
systemctl daemon-reload

Main.cf modifications

Edit /etc/postfix/main.cf

Ensure that mynetworks includes the Primary mail Server's IP address: such as 82.68.17.190/32 

mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128, localhost, 82.68.17.190/32, 185.195.232.168/32, 185.195.232.148/32

Also check:

mydestination should include the domain that this relay Server will be servicing. Such as: flakie.org etc 

mydestination = $myhostname, flakie.org, localhost, localhost.localdomain, localhost

smtpd_recipient_restrictions should be added or set as below: 

smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination

relay_domains should be added as below: 

relay_domains = $mydestination

Save /etc/postfix/main.cf

Master.cf Modifications

Edit /etc/postfix/master.cf

Ensure the line: “50070 inet n - y - - smtpd”is added. It allows smtpd traffic on port 50070. This will be the communication between the primary email Server and the relay Server. 

#
# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: "man 5 master" or
# on-line: http://www.postfix.org/master.5.html).
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (no)    (never) (100)
# ==========================================================================
50070      inet  n       -       y       -       -       smtpd

Add the following underneath the line above: 

submission inet n       -       y       -       -       smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_sasl_type=dovecot
  -o smtpd_sasl_path=private/auth
  -o smtpd_reject_unlisted_recipient=no
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING

Add the following underneath the line above: 

smtps     inet  n       -       y       -       -       smtpd
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_sasl_type=dovecot
  -o smtpd_sasl_path=private/auth
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING

Save /etc/postfix/master.cf

Primary Mail Server Tasks

Main.cf modifications

Edit /etc/postfix/main.cf

Ensure the following is added underneath mydestination. This is the IP of the relay Server and the port expressed in the master.cf file. 

relayhost = 212.71.234.106:50070

Add the following at the bottom of the file: 

# outbound relay configurations
smtpd_sasl_auth_enable = yes
smtpd_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtpd_sasl_security_options = noanonymous
smtpd_tls_security_level = may
header_size_limit = 4096000

Save /etc/postfix/main.cf

Other Modifications

Create the following file:

/etc/postfix/sasl_passwd

Enter the following to the top line of the file: 

[212.71.234.106]:50070           root:compu1er

The above is the IP of the relay Server along with the port. Additionally add the username and password as created in the 3rd of the relay tasks

Save the file.

Finally type the following command: 

postmap /etc/postfix/sasl_passwd

The above creates a database-like file so postfix can read it

configure_postfix_relay.txt · Last modified: by 127.0.0.1