Relaying system emails using Postfix

Submitted by Shaun.Foulkes on Tue, 2017/01/10 - 14:28

There are a couple of situations where you may want your server to send email through a third party provider. A common case of this is when you run a server from home such as an Asterisk PBX for your home phone. The server is capable of sending an email when a voicemail is left. In many cases sending from a home connection will not work. As a result you may need to relay your servers email to allow delivery. In this example I will be using Postfix on Arch Linux and Zoho Mail will be the mail server I will relay through. I use Zoho for the free domain email hosting for 25 users and under.

First, make sure your system is up to date. Then install Postfix.

$ sudo pacman -Syu
$ sudo pacman -S postfix

Now we need to create a password file for authentication and a header check file to rewrite the sending email address. We will also set the TLS policy. Do this as root.

# vim /etc/postfix/password

add your account information in the format smtp_server:port email_address_to_send_from:password

smtp.zoho.com:587 noreply@example.com:somesecurepassword

now map the account

# postmap /etc/postfix/password

create a generic user map for root

# vim /etc/postfix/generic

at the bottom of the file add

root noreply@example.com

then use postmap on it

# postmap /etc/postfix/generic

continue with setup header checks

# vim /etc/postfix/smtp_header_checks

The replace strings takes on the format /^From:.user@hostname/ REPLACE From: A Display Name <noreply@example.com>

/^From:.shaun@shaun-pc/ REPLACE From: Asterisk PBX <asterisk@shaunpc.com>

Now we will create the TLS policy file and map it

# vim /etc/postfix/tls_policy

add the smtp server and port. 

smtp.zoho.com:587 encrypt

# postmap /etc/postfix/tls_policy

We need to tell Postfix where to look for things

# vim /etc/postfix/main.cf

Go to the bottom of this file and add the following

# TLS parameters
smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
smtpd_tls_CAfile=/etc/ssl/certs/ca-certificates.crt
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_header_checks = pcre:/etc/postfix/smtp_header_checks

myhostname = shaun-pc
mydestination =
relayhost = smtp.zoho.com:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/password
smtp_sasl_security_options = noanonymous
smtp_generic_maps = hash:/etc/postfix/generic

Now it is time to start Postfix and give it a test

# systemctl start postfix
# echo "A test message to send" | mail -s "A test subject" youremail@here.com

If all went well you should get an email in your inbox. 

If you want to have other users on the system send email then add a rule to the header checks for that user. For example, http may wish to send from noreply@example.com. I use a monitor tool called Netdata and have added the following to my /etc/postfix/smap_header_checks

/^From:.netdata@shaun-pc/ REPLACE From: Netdata shaun-pc <noreply@shaunpc.com>

The header rewrite could be done without the name and the <> around the email address, however, it could cause some smtp servers to bounce the message as they do not allow relaying. This happens with Zoho Mail.

Add new comment

Plain text

  • No HTML tags allowed.
  • Lines and paragraphs break automatically.
  • Web page addresses and email addresses turn into links automatically.