User Tools
This is an old revision of the document!
Table of Contents
Postfix Authenticated Smarthost
See also SSMTP
http://www.mechanicalfish.net/classic-blog/posts/92-configuring-postfix-relay-mail-secure-host/
http://www.stefanolocati.it/blog/?p=737
Gmail: http://www.stevemccann.net/2012/12/changing-freepbx-smtp-server-to-gmail.html
From Address: http://www.cyberciti.biz/tips/howto-postfix-masquerade-change-email-mail-address.html
There are various reasons that you may want to configure Postfix to relay all mail to a 'smarthost'.
- Spam filtering
- Port blocking by your ISP
- SPF DNS record doesn't permit your IP to send mail
- Blacklisted IP address
- Etc.
You can copy and paste the following into an editor, then adjust the $SMTPHOST and $USERPASS variables for your needs. Then, as root, paste it to the command line:
FILE=/etc/postfix/password SMTPHOST=your.mailserver.domain #SMTPHOST=your.mailserver.domain:587 #SMTPHOST=[123.123.123.123]:587 USERPASS=user:pass # This will overwrite any existing contents cat << EOF > $FILE #smtp.isp.com username:password $SMTPHOST $USERPASS EOF chown root:root $FILE chmod 0600 $FILE postmap hash:$FILE postconf -e "relayhost = $SMTPHOST" postconf -e 'smtp_sasl_auth_enable = yes' postconf -e 'smtp_sasl_password_maps = hash:/etc/postfix/password' postconf -e 'smtp_sasl_security_options =' /etc/init.d/postfix reload
TLS
Additionally, you may be forced to use TLS which may authenticate differently. Here are some additional steps to implement TLS.
Prerequisites
Debian/Ubuntu:
apt-get install libsasl2-modules
Redhat/CentOS:
yum install cyrus-sasl-plain
Postfix Configuration
First we configure the authentication credentials for Postfix.
Newer FreePBX machines create and maintain /etc/postfix/sasl_passwd for you.
Edit /etc/postfix/password to point to a TLS capable host:port:
SMTPHOST=your.mailserver.domain:587
postmap hash:/etc/postfix/password
Here we enable TLS in Postfix:
postconf -e 'smtp_use_tls=yes' /etc/init.d/postfix reload
Envelope-From
Envelope-From: http://serverfault.com/questions/533912/how-do-i-change-the-envelope-from-in-postfix
Some servers require the envelope-from header to be a valid user in order to accept mail via authenticated SMTP.
vim /etc/postfix/canonical
This is not a best practice…it's something you might use on a PBX just to get it to send mail.
Append something like this to force all mail to have the specified envelope-from.
# Use the empty regexp to map *any* address to the desired envelope sender. // pbx@yourdomain.tld
postmap /etc/postfix/canonical postconf -e "canonical_classes = envelope_sender" postconf -e "canonical_maps = regexp:/etc/postfix/canonical" postfix reload
