Postfix Mail Configuration

February 23, 2021Debian, Sysadmin Standard
Read time < 1 minute

By default Linux distros ship with a internal MTA. If you send local mails they land in /var/mail/<user>.

If you want to send external mails you have to configure your MTA to use a relay server.

Exim was the default for quite some time but has been replaced with postfix since in many distros.

Install Postfix

Install required packages, libsasl2 is needed for SMTP authentication.

apt install postfix libsasl2-modules mailutils

Configure Postfix

Enable relay mode and TLS session cache.

sed -i "s/relayhost/#relayhost/g" /etc/postfix/main.cf
sed -i "s/smtp_tls_session_cache_database/#smtp_tls_session_cache_database/g" /etc/postfix/main.cf

Next configure the SMTP relay, replace the mail server FQDN “smtp.example.com”.

cat << 'EOF' >> /etc/postfix/main.cf
relayhost = [smtp.example.com]:587

smtp_use_tls=yes
smtp_sasl_auth_enable = yes
smtp_sasl_security_options =
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_tls_session_cache
smtp_tls_session_cache_timeout = 3600s
smtp_generic_maps = hash:/etc/postfix/generic
EOF

Configure user mapping. Replace “user@example.com” with your mail user.

cat << 'EOF' > /etc/postfix/generic
@hostname.domain.tld user@example.com
EOF

sed -i "s/hostname.domain.tld/$(hostname -f)/g" /etc/postfix/generic

Save your mail user credentials in sasl_passwd

cat << 'EOF' > /etc/postfix/sasl_passwd
smtp.example.com user@example.com:MyStrongRandomPassword
EOF

chmod 600 /etc/postfix/sasl_passwd

All that’s left is to run postmap to apply the config changes.

postmap /etc/postfix/generic
postmap /etc/postfix/sasl_passwd

systemctl restart postfix

Send Test Mail

Send a test mail using

echo "test" | mail -s "test" myuser@example.com

You should receive a mail from “user@example.com” at “myuser@example.com”.

If you receive no mail check the mail log.

tail -n 250 -f /var/log/mail.log

Most servers require “user@example.com” for authentication some just “user”.

If you use a public mail provider follow their SMTP setup instructions regarding username, server address and port.

For gmail you have to generate a app password.

Write a Reply or Comment

Your email address will not be published. Required fields are marked *

Recent Posts

Categories