Relaying system emails using Postfix

Submitted by Shaun.Foulkes on Tue, 2017/01/10 - 14:28

There are a couple of situations where you may want your server to send email through a third party provider. A common case of this is when you run a server from home such as an Asterisk PBX for your home phone. The server is capable of sending an email when a voicemail is left. In many cases sending from a home connection will not work. As a result you may need to relay your servers email to allow delivery. In this example I will be using Postfix on Arch Linux and Zoho Mail will be the mail server I will relay through. I use Zoho for the free domain email hosting for 25 users and under.

First, make sure your system is up to date. Then install Postfix.

$ sudo pacman -Syu
$ sudo pacman -S postfix

Now we need to create a password file for authentication and a header check file to rewrite the sending email address. We will also set the TLS policy. Do this as root.

# vim /etc/postfix/password

add your account information in the format smtp_server:port email_address_to_send_from:password

smtp.zoho.com:587 noreply@example.com:somesecurepassword

now map the account

# postmap /etc/postfix/password

create a generic user map for root

# vim /etc/postfix/generic

at the bottom of the file add

root noreply@example.com

then use postmap on it

# postmap /etc/postfix/generic

continue with setup header checks

# vim /etc/postfix/smtp_header_checks

The replace strings takes on the format /^From:.user@hostname/ REPLACE From: A Display Name <noreply@example.com>

/^From:.shaun@shaun-pc/ REPLACE From: Asterisk PBX <asterisk@shaunpc.com>

Now we will create the TLS policy file and map it

# vim /etc/postfix/tls_policy

add the smtp server and port. 

smtp.zoho.com:587 encrypt

# postmap /etc/postfix/tls_policy

We need to tell Postfix where to look for things

# vim /etc/postfix/main.cf

Go to the bottom of this file and add the following

# TLS parameters
smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
smtpd_tls_CAfile=/etc/ssl/certs/ca-certificates.crt
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_header_checks = pcre:/etc/postfix/smtp_header_checks

myhostname = shaun-pc
mydestination =
relayhost = smtp.zoho.com:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/password
smtp_sasl_security_options = noanonymous
smtp_generic_maps = hash:/etc/postfix/generic

Now it is time to start Postfix and give it a test

# systemctl start postfix
# echo "A test message to send" | mail -s "A test subject" youremail@here.com

If all went well you should get an email in your inbox. 

If you want to have other users on the system send email then add a rule to the header checks for that user. For example, http may wish to send from noreply@example.com. I use a monitor tool called Netdata and have added the following to my /etc/postfix/smap_header_checks

/^From:.netdata@shaun-pc/ REPLACE From: Netdata shaun-pc <noreply@shaunpc.com>

The header rewrite could be done without the name and the <> around the email address, however, it could cause some smtp servers to bounce the message as they do not allow relaying. This happens with Zoho Mail.