Smarthost with SMTP/TLS authentication with postfix

Posted on by Andy

Hi all. If you have for example an email server in your basement it is often blocked due to your dynamic ip address. Well, there is a relatively easy way to get around this. The only thing you have to do is set up an smarthost in your mta (e.g. sendmail, postfix, exim…).

What is a smarthost? A smarthost is an external email server, normally a well known one, where you have an email account, e.g. yahoo or hotmail. So as you guessed from the article title we are doing this now with postfix. Why postfix? Because postfix is really easy to configure and gets the job done like sendmail. This howto only describes how to set up the smarthost not how to install postfix. So here we go.

Let's say you want to configure the smarthost with postfix on a CentOS machine and send email over port 587, so open the config file and add some lines to your /etc/postfix/main.cf: 

# vim /etc/postfix/main.cf

 

add: 

relayhost = smarthost.domain.com:587
smtp_sasl_auth_enable = yes
smtp_use_tls = yes
smtp_sasl_password_maps = hash:/etc/postfix/smtp_auth
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous

 

then we create /etc/postfix/smtp_auth and make the file only readable by root and postfix. 

# touch /etc/postfix/smtp_auth && chown root:postfix /etc/postfix/smtp_auth && chmod 640 /etc/postfix/smtp_auth

 

open the previously created file and add some lines: 

# vim /etc/postfix/smtp_auth

 

add: 

smarthost.firma.zz       senduser:supersecret

 

now we have to create a lookup file from that file with 

# postmap /etc/postfix/smtp_auth (this will create smtp_auth.db)

 

The postmap command has to be executed after every change to the smtp_auth file, please remember. If you do not so, postfix will never get notified about the changed file.

If you want your postfix server relay from outside to non-local domains add one of these lines: 

smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination (postfix < 2.10)
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination (postfix >= 2.10)

 

The last step is to restart postfix, done! 

# /etc/init.d/postfix restart

 

have fun with your private mailserver! 🙂