Setup mail relay to smarthost (postfix-relay)

I have to monitor some crontabs and they support email notification on errors. I don't want to manage and maintain another mailserver, therefore I installed postfix and configured it as relay. So the system is able to send mails, but another mailserver is used. The new postfix setup accepts only local SMTP connections and port 25 is not accessible from the outside.

In this tutorial I will show how to configure Postfix as relay - so it will send all mails over a "real" mailserver. The "real" mailserver is called smarthost (in this tutorial mail.justrocketscience.com), the local mailserver is called relay and uses the hostname example.justrocketscience.com.

Attention: You have to replace the domains and passwords with your information

Configure Scraping

My Smarthost does not support unencrypted connections and uses port 587. Furthermore I avoid MX-Record lookups by surounding the hostname with square brackets.

mydestination = example.justrocketscience.com
relayhost = [mail.justrocketscience.com]:587

The mydestination is important to recognize mails addressed to local destinations (they would be relayed to mail-server if it's not properly set).

Setup Authentication

You can add the authentication information (the username is often the email itself or the first part of it) to a new file. In this case it's called sasl_passwd:

## /etc/postfix/sasl_passwd
[mail.justrocketscience.com]:587 username:password

Now you have to configure it in postfix (/etc/postfix/main.cf).

smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd

To convert the plaintext file to a db-format, the postmap command is used - you will have to restart your postfix service or reload the configuration to force the changes:

postmap /etc/postfix/sasl_passwd
sudo service postfix reload

Rewrite sender

Up to now, the system will try to redirect all mails to the smarthost, but most systems won't accept them, because the email-sender has to be rewritten.

smtp_generic_maps = hash:/etc/postfix/address_rewrite

Create a new file (e.g. /etc/postfix/address_rewrite). It will rewrite all outcoing Mails that only one sender-address is used.

@example.justrocketscience.com scraping@justrocketscience.com
postmap /etc/postfix/address_rewrite
sudo service postfix reload

Test:

echo "testmail " | mail -s "Test subject" test@example.com

Now your main.cf should look like this (with different domains):

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
append_dot_mydomain = no
readme_directory = no
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

## some changes
sender_canonical_maps = hash:/etc/postfix/canonical
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = example.justrocketscience.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = loopback-only
inet_protocols = all
compatibility_level = 2

mydestination = example.justrocketscience.com
relayhost = [mail.cloudhipsters.com]:587
smtp_use_tls=yes
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd