Setup Postfix to Send to an External SMTP Server

Setup Postfix to Send to an External SMTP Server
Photo by Tiffany Tertipes / Unsplash

Setting up a local Postfix instance to forward traffic to an external SMTP server can save you hours of setting up an individual Postfix config on each system you have. Each system can send to this instance which then forwards it out to your external SMTP server of choice. A popular choice is Google's SMTP server.

Prerequisites

Setup a Debian system, the requirements don't need to be anything crazy. A core or two and 512MB of RAM will suffice.

apt update
apt dist-upgrade -y
apt install postfix sasl2-bin libsasl2-modules -y

Config

Edit the config file at /etc/postfix/main.cf

Add in the following, making sure to change the values where needed...

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = *domain.tld*
#alias_maps = hash:/etc/aliases
#alias_database = hash:/etc/aliases
mydestination = $mydomain, localhost.$mydomain, localhost
relayhost = *SMTP Server*
mynetworks = 127.0.0.0/8 *Local IP Range*
inet_interfaces = *IP of Postfix server*
inet_protocols = ipv4
recipient_delimiter =

smtp_sasl_auth_enable = yes
smtp_sasl_password_maps =  hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous 
smtp_use_tls = yes
  • Swap domain.tld for your email domain such as gmail.com or jdbnet.co.uk
  • Swap SMTP Server for the SMTP server to forward to such as smtp.gmail.com
  • Swap Local IP Range for your actual local IP range such as 10.0.0.0/24 or 192.168.0.0/24

Credentials

Create the file /etc/postfix/sasl_passwd and add in the following...

smtp.server [email protected]:plain-text-password

If you're wanting to use Google's SMTP server, then it would look like this...

smtp.gmail.com [email protected]:reallysecurepassword

In some instances, you'll need to generate what Google calls an 'App Password' and use this instead of your usual password.

Now you should change the access rights so that only the root user can view and edit the file...

chmod 600 /etc/postfix/sasl_passwd

You then need to convert the sasl_passwd file to a database format used by Postfix...

postmap /etc/postfix/sasl_passwd

Then restart postfix

systemctl restart postfix

You should now be able to point whatever service you are running that requires an SMTP server to forward to. I use mine with Proxmox VE, Proxmox Backup Server, Pterodactyl and OneDev just to name a few.