How Postfix Relays Incoming and Outgoing SMTP Mail
For this article, we will show you how to configure a Postfix server as an SMTP mail relay for incoming and outgoing mail. You can use any third party email service provider as a smarthost. Companies like Comodo, Proofpoint, Mailgun are all great examples of such companies.
How Outbound SMTP Mail is Handled using Postfix as a Mail Relay
• Internal Mail servers sends outbound mail to Postfix server • Postfix server hands off mail to external smarthost for delivery • Smarthost delivers mail or rejects it
How Inbound SMTP Mail is Handled using Postfix as a Mail Relay
• Inbound SMTP mail is received by Postfix • Postfix checks the mail domain the email is addressed to • If the mail domain matches an internal mail domain then the mail is handed off to the internal mail server • If there is no match then Postfix will reject it and will not process it any further
The solution to set up Postfix as a mail relay only server for inbound and outbound SMTP mail is actually quite simple. When we tried to find documentation that clearly explains how to do this it was no easy task. There are so many configurable options for Postfix that it sometimes can be difficult to find the correct options for your particular scenario.
Linux Platforms Supported and the Flexibility When Using this Configuration
For the purposes of this article we installed Postfix on Ubuntu 20.04. However, the configuration should work on any Linux flavor including Debian, SUSE, CentOS, RHEL, Fedora, etc….
With this configuration you can support multiple internal mail domains. You can also use it to relay the mail to a different internal mail server depending on the mail domain. The below configuration supports any number of internal mail domains. You can also specify an SMTP Authenticated service such as a Google Mail server as your outgoing smarthost.
For simplicity sake and to make this article Linux flavor agnostic, we are not going to go into the details on how you install and setup Postfix itself. There are thousands of articles and videos that will help you do that. So, let’s jump right into how to modify a working Postfix server configuration to support this new environment. Use your favorite editor to edit and save your files.
Create the Transport, Relay Files and Modify the Main.cf file for Postfix
You only need to create or modify 3 files for this scenario to work. Please note that you should first backup your Postfix folder before making any changes. Also, our recommended changes are to be followed at your own risk. We are not responsible for changes adversely affecting your mail environment. If you modify files that already exist then please do so with caution. You might cause your current Postfix configuration to stop working. Finally, you need root or sudo rights to modify/create any of the files below.
We are assuming that Postfix is installed in the /etc/postfix folder.
Configure the /etc/postfix/transport File to Specify which Relay each Domain is Using
your-mail-domain.com relay:[X.X.X.X]:port * relay:[Y.Y.Y.Y]:port
Configure the /etc/postfix/relay File to Specify which Domains are being Relayed
your-mail-domain.com OK * OK
Run Postmap on the Transport and Relay Files to Prepare them to be used by Postfix
postmap /etc/postfix/transport postmap /etc/postfix/relay
Edit the Main.cf File to Add Transport and Relay Settings to the Postfix Configuration
transport_maps = hash:/etc/postfix/transport relay_domains = $mydestination, hash:/etc/postfix/relay
Remove All References to your Internal Mail Domains from mydestination in the Main.cf file
You must remove any references to your-mail-domain.com in the mydestination entry in the main.cf file. It is possible that your mydestination may just have localhost defined as shown below:
mydestination = localhost
If you don’t remove those references then the inbound relay will not work. Entries in mydestination tell Postfix that the your-mail-domain.com addressed mail is to be processed by Postfix. You just want Postfix to relay it and not reject it. You may also get an error that Postfix is not authorized to relay mail for your-mail-domain.com.
After you’ve made the above changes, makes sure to reload or restart your Postfix service. If it reloads/restarts successfully then test it out by to ensure it is working as expected.
Some Other Useful Sample Configurations for Postfix
Here are some other sample configurations that you may find useful. The below are slight modifications of what we described above. We are only going to show you the differences between the transport and relay files since the changes made to the main.cf will be the same.
Multiple mail domains relaying inbound mail to the same internal mail server
/etc/postfix/transport your-1st-mail-domain.com relay:[X.X.X.X]:port your-2nd-mail-domain.com relay:[X.X.X.X]:port your-3rd-mail-domain.com relay:[X.X.X.X]:port * relay:[Y.Y.Y.Y]:port /etc/postfix/relay your-1st-mail-domain.com OK your-2nd-mail-domain.com OK your-1st-mail-domain.com OK * OK
Relay Inbound Mail for Multiple mail domains to Different Internal Mail Servers
/etc/postfix/transport your-1st-mail-domain.com relay:[W.W.W.W]:port your-2nd-mail-domain.com relay:[X.X.X.X]:port your-3rd-mail-domain.com relay:[Y.Y.Y.Y]:port * relay:[Z.Z.Z.Z]:port /etc/postfix/relay your-1st-mail-domain.com OK your-2nd-mail-domain.com OK your-1st-mail-domain.com OK * OK
Support outbound mail relay through a secure SMTP Authenticated service such as Gmail
If you want to relay through a secure email provider such as Gmail using SMTP Authentication then keep on reading. Please note that we not going to explain how to configure your Gmail account and Postfix to use SMTP Authentication. If you want to authenticate securely connect Gmail to Postfix there are many resources available elsewhere to give you that information. Here’s how you can configure Postfix to use Gmail as an outbound relay:
Hopefully you find the above information useful and you are ready to configure Postfix to function as a mail relay only server for inbound and outbound SMTP mail. If you need assistance by experienced professionals to install, configure and deploy secure mail for your environment please do not hesitate to contact us.