Logo

Setup and Configure a Postfix SMTP Server: A Step-by-Step Guide

Try this guide with our instant dedicated server for as low as 40 Euros

Whether you’re a seasoned sysadmin or new to mail server management, understanding Postfix is essential for ensuring reliable email communication in your organization.

The Postfix SMTP server is a popular, open-source mail transfer agent (MTA) for routing and delivering email. Known for its robustness, security, and performance, Postfix is a favored choice for managing email traffic on Linux and other Unix-like systems. 

In this tutorial, we will discuss how to set up and configure a Postfix SMTP server. We will start with an introduction to the Postfix SMTP server and then go into the details of setting up and configuring the various operations.

Table Of Contents

  1. What is a Postfix SMTP Server?
  2. How to Install and Configure Postfix SMTP Server
    1. Step #1: Install Postfix on the Server
    2. Step #2: Configure Postfix
    3. Step #3: Install libsasl2-modules
    4. Step #4: Configure Postfix for External SMTP
    5. Step #5: Set Up SASL Password File
    6. Step #6: Secure the SASL Password File
    7. Step #7: Restart Postfix
    8. Step #8: Test the Configuration
    9. Step #9: Check Logs
  3. Configure Email Forwarding
    1. Step #1: Edit Aliases File
    2. Step #2: Add Forwarding Rules
    3. Step #3: Apply Changes
  4. Forwarding Emails for Virtual Domains
    1. Step #1: Edit Virtual Aliases File
    2. Step #2: Add Forwarding Rules
    3. Step #3: Map Virtual Aliases
    4. Step #4: Apply the Changes
  5. SMTP Encryption
    1. Step #1: Obtain SSL/TLS Certificates
    2. Step #2: Configure Postfix to Use SSL/TLS
    3. Step #3: Restart Postfix
    4. Step #4: Test SMTP Encryption
    5. Step #5: Review Logs for Errors
  6. Conclusion
  7. FAQs

What is a Postfix SMTP Server?

The Postfix SMTP server is a widely used open-source mail transfer agent (MTA) designed to route and deliver email. The Postfix SMTP server is a popular choice for both small and large email systems because of its simple operations, robustness, and proven performance in a wide range of corporate scenarios.

The Key Features

Some of the key features of the Postfix SMTP server are as follows:

Security

Postfix SMTP server enhances security by randomizing the memory addresses used by system processes, encrypting email traffic using TLS and SSL, and allowing SASL authentication. 

Performance

Postfix SMTP server can manage high volumes of email efficiently through optimized queue handling. In addition, the server employs multi-core processors to improve performance.

Ease of Use

Postfix SMTP server uses a straightforward configuration file format, making it easy to set up and maintain in custom environments. Its modular architecture allows for easy integration with additional tools and services for functionalities like spam filtering or virus scanning.

Reliability

Postfix’s detailed logging and diagnostics help users troubleshoot and resolve issues. In addition, the server ensures reliable operations resulting in sustained email service without any interruptions.

Now that you have a basic understanding of the Postfix SMTP server, let us discuss how to install and configure it. However, before that, let us take a quick look at the prerequisites. 

The Prerequisites 

Before diving into the installation and configuration, ensure you have the following.

  • A system running a popular Linux distribution
  • A user account with sudo or administrative privilege
  • Terminal or command line access

How to Install and Configure Postfix SMTP Server

Postfix is a powerful mail transfer agent (MTA) used for routing and delivering emails. However, before you can get the benefits we mentioned earlier, it is important to understand how to install and configure Postfix on your Linux server to relay emails through an external SMTP service like Gmail.

Step #1: Install Postfix on the Server

Before installing Postfix on your Linux server, update the repository package list through your distribution’s package manager. 

For Debian-based distributions, execute the following command in the terminal:

# sudo apt update

Alternatively, for RHEL/CentOS-based distributions, run this command:

# sudo yum update

Next, install the Postfix package.

If you are on a Debian-based distribution, run this command:

# sudo apt install postfix -y

Similarly, run this command for RHEL/CentOS-based distributions:

# sudo yum install postfix -y

Here, The -y flag ensures automatic acceptance of prompts during installation.

Once the installation finishes, you should check the status of the Postfix service with this command:.

# sudo service postfix status

sudo service postfix status

Note that you will see a configuration wizard after the installation:

postfix configuration

Step #2: Configure Postfix

Postfix uses the relay host configuration option to send emails to remote domains. 

The hostname or IP address of the remote SMTP server or SMTP service you wish to utilize must be included in the directive. Note that you can use Mailgun or any third-party SMTP provider here. 

The /etc/postfix/ directory contains the main.cf and master.cf Postfix configuration files.

In some rare cases, you may not see the configuration wizard for Postfix. In this case, run the following command to view the wizard:

# sudo dpkg-reconfigure postfix

Once the configuration wizard appears, you’ll be prompted to choose the mail configuration type.

Select Internet Site as this is the most common setup.

Next, The wizard will prompt you to specify the name of the system mail. This is the hostname used in email banners, delivery notifications, and other communications.

Enter the fully qualified domain name (FQDN) of your server.

Click OK and press Enter to confirm.

Note: Using an external SMTP service often requires authentication. Ensure you have the necessary credentials (username and password) for your chosen service.

Step #3: Install libsasl2-modules

Before installing libsasl2-modules, let us understand why you need it for the Postfix SMTP server.

Why Install libsasl2-modules?

We recommend installing libsasl2-modules for the following reasons. 

Authentication Support

libsasl2-modules provides the necessary modules for SASL authentication, which is required when using an external SMTP server that requires authentication.

Security

It supports various authentication mechanisms (e.g., PLAIN, LOGIN, CRAM-MD5), enhancing the security of your email server by ensuring that credentials are handled securely.

Compatibility

Many email servers and clients depend on SASL for authentication. Installing libsasl2-modules ensures compatibility with these systems.

Now that you know the necessity of libsasl2-modules, let us discuss how to install it on various distributions. 

If you are on a Debian-based distribution, run the following command:

# sudo apt install libsasl2-modules

Alternatively, for RHEL-based distributions, execute the following command:

# yum install cyrus-sasl-plain

Step #4: Configure Postfix for External SMTP

Once you have installed libsasl2-modules, edit the Postfix config file in your preferred editor. We will use Nano for this step:

# sudo nano /etc/postfix/main.cf 

Add or modify the following lines to configure Postfix to allow emails through your external SMTP server: 

relayhost = [smtp.example.com]:587

smtp_sasl_auth_enable = yes

smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd

smtp_sasl_security_options = noanonymous

smtp_tls_security_level = may

smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt

relay host 587

Replace smtp.example.com with your external SMTP server’s address and port (e.g., smtp.gmail.com:587 for Gmail).

Here, 

relayhost: Specify the hostname and port of your external SMTP server.

smtp_sasl_auth_enable = yes, and smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd: Enable SASL authentication and define the location of the password file containing your credentials.

smtp_sasl_security_options = noanonymous: Disallows anonymous connections.

smtp_tls_security_level = may: Attempts to establish a TLS encrypted connection (recommended).

smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt: Specifies the trusted certificate authority (CA) file for verifying server certificates.

Step #5: Set Up SASL Password File

We recommend using the following command to invoke Nano and create or edit the SASL password file:

# sudo nano /etc/postfix/sasl_passwd

Next, add your SMTP server credentials in the following format: 

[smtp.example.com]:587 [email protected]:password

Replace smtp.example.com, [email protected], and password with your actual SMTP server address, username, and password. 

Save and exit the file. 

Step #6: Secure the SASL Password File

For security reasons, we recommend restricting access to the password file. This requires setting the ownership to the root and adjusting permissions. Start by securing the SASL password file and changing the file permissions for sasl_passwd and sasl_passwd.db. Run the following two commands:

# sudo chown root:root /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db
# sudo chmod 0600 /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db

Step #7: Restart Postfix

Finally, restart Postfix to apply these changes:

# sudo systemctl restart postfix

sudo systemctl restart postfix

The port at which the SMTP protocol operates by default is 25. Check if 127.0.0.1’s TCP port 25 is in the listening mode by executing the netstat command:

# netstat -nlap | grep :25

netstat -nlap

Step #8: Test the Configuration

Send a test email to ensure that Postfix is accurately configured to use the external SMTP server.

Send an email by piping the echo command output to the mail command. Use the following command syntax:

echo "Test email from Postfix" | mail -s "Test Postfix" [email protected]

test postfix

Alternatively, you can also use the sendmail utility for testing the emails or use Postfix’s sendmail utility or the mail command with the mailutils package. Both options support interactive mode and accept piped input. 

The syntax for using the interactive sendmail utility is:

sendmail destination email [email protected]
From: [email protected]
Subject: subject
email body.

Press Ctrl+D to send the email and end the interactive mode.

Step #9: Check Logs

If the email does not arrive, check the Postfix logs for any errors. We recommend the following tail command to view the recent log entries:

# sudo tail -f /var/log/mail.log

This log will provide information about any issues preventing Postfix from sending emails via the external SMTP server.

Now that you have understood how to configure Postfix, let us see how you can add two more functionalities: email forwarding and SMTP encryption.

Configure Email Forwarding

Postfix allows users to forward emails sent to specific addresses to other destinations. 

We recommend the following steps to configure Postfix to allow email forwarding:

Step #1: Edit Aliases File

The aliases file manages local email aliases. Postfix uses the /etc/aliases file for local email aliases.

Start the process by opening this file in your preferred editor. We will run the following command to open this file in Nano:

# sudo nano /etc/aliases

Step #2: Add Forwarding Rules

Add a forwarding rule to redirect emails from one address to another. 

For example, to forward emails sent to [email protected] to [email protected], add the following line:

user: [email protected]

You can add multiple forwarding rules by adding more lines in the same format.

cat etc aliases

Step #3: Apply Changes

After editing the /etc/aliases aliases file, run the newaliases command to update the internal database used for alias lookups. 

# sudo newaliases

Forwarding Emails for Virtual Domains

If you’re managing virtual domains on your server, you’ll need to configure Postfix differently for email forwarding. In this case, we recommend the following steps:

Step #1: Edit Virtual Aliases File

Create or edit the virtual aliases file (/etc/postfix/virtual) to define forwarding rules for virtual domains. We recommend using text editors like Vim or Nano (Here we use Nano).

# sudo nano /etc/postfix/virtual

Step #2: Add Forwarding Rules

Add lines specifying forwarding rules for virtual domains. Each line follows the format [email protected] [email protected] 

[email protected] [email protected]

Step #3: Map Virtual Aliases

Map the virtual alias file to Postfix by adding or modifying the following line in /etc/postfix/main.cf.

virtual_alias_maps = hash:/etc/postfix/virtual

Step #4: Apply the Changes

Generate the hash database file and restart Postfix with these commands:

# sudo postmap /etc/postfix/virtual
# sudo systemctl restart postfix

SMTP Encryption

Enabling SMTP encryption on a Postfix server is essential for securing email communications. Postfix supports TLS (Transport Layer Security) and SSL (Secure Sockets Layer) to encrypt email traffic.

Here are the steps to enable SMTP encryption using TLS on a Postfix server.

Step #1: Obtain SSL/TLS Certificates

You need a valid SSL/TLS certificate and private key for your domain. You can obtain these from a Certificate Authority (CA) like Let’s Encrypt or use self-signed certificates for testing purposes.

Using a self-signed certificate for testing is possible, but we do not recommend it for production environments due to security concerns.

Use Let’s Encrypt (Recommended)

You can use the Certbot tool to obtain and automatically renew Let’s Encrypt certificates.

Start by updating your repository package with this command:

# sudo apt update

Next, install Certbot with the following command:

# sudo apt install certbot

sudo apt install certbot

Now, obtain an SSL/TLS certificate by executing the command:

# sudo certbot certonly --standalone -d yourdomain.com

Note that the certificates will be saved in /etc/letsencrypt/live/yourdomain.com/.

Step #2: Configure Postfix to Use SSL/TLS

Once you have the SSL/TLS certificate, edit the Postfix main configuration file using a text editor like Vim or Nano:

# sudo nano /etc/postfix/main.cf

Add the following lines to enable TLS for both incoming and outgoing emails:

# TLS parameters

smtpd_tls_cert_file = /etc/letsencrypt/live/yourdomain.com/fullchain.pem

smtpd_tls_key_file = /etc/letsencrypt/live/yourdomain.com/privkey.pem

smtpd_use_tls = yes

smtpd_tls_auth_only = yes

TLS parameters

# Enforce TLS for outgoing mail

smtp_tls_security_level = may

smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt

# Enable opportunistic TLS for incoming connections

smtpd_tls_security_level = may

smtpd_tls_loglevel = 1

smtpd_tls_received_header = yes

Step #3: Restart Postfix

Once you have added the lines, restart the Postfix service to apply the changes.

# systemctl restart postfix

Step #4: Test SMTP Encryption

To ensure that SMTP encryption works, you can use tools like openssl to test the connection. You can run the following commands to test the encryption.

To test SMTP encryption for incoming mail: 

openssl s_client -connect yourdomain.com:25 -starttls smtp

To test SMTP encryption for outgoing mail:

openssl s_client -connect smtp.gmail.com:587 -starttls smtp

Replace yourdomain.com and smtp.gmail.com with your actual domain and the external SMTP provider you use.

Step #5: Review Logs for Errors

Next, check the Postfix logs to verify that TLS is being used and to troubleshoot any potential issues.

# sudo tail -f /var/log/mail.log

Conclusion

Installing and configuring Postfix as an SMTP server involves several key steps that ensure secure and efficient email handling. 

The installation process, typically initiated by the root user, is straightforward and can be accomplished using package managers on most Linux distributions. Configuring Postfix to handle email forwarding requires careful mapping, ensuring emails are accurately routed to their intended destinations. Additionally, enabling SMTP authentication is crucial for securing email communications, preventing unauthorized access, and ensuring that only legitimate users can send emails through your server. Following these guidelines, you can establish a robust Postfix setup that effectively manages and secures your email traffic.

FAQs

Q. What is the default option for the Internet Site mail configuration during Postfix installation?

The default option for the Internet Site mail configuration is to set the server to handle email delivery directly over the Internet, using the server’s hostname as the mail name.

Q. How do I configure Postfix to forward emails to an external email address?

To configure Postfix to forward emails to an external email address, you need to set up email alias mappings in the /etc/aliases File or use virtual alias mappings in the /etc/postfix/virtual File. After editing these files, run sudo newaliases and sudo postmap /etc/postfix/virtual (if using virtual aliases), followed by restarting Postfix.

Q. How do I verify that Postfix uses the correct configuration values?

You can verify Postfix configuration values by inspecting the main.cf file located in the Postfix directory, usually /etc/postfix/main.cf. You can also use the command prompt to run postconf to view current configuration parameters.

Q. Which DNS record is important for Postfix mail delivery?

The MX (Mail Exchange) DNS record is crucial for Postfix mail delivery. It specifies the mail servers responsible for receiving email on behalf of your domain.

Q. What is the default SMTP port used by Postfix?

The default SMTP port used by Postfix is port 25. For secure SMTP connections, ports 587 and 465 are commonly used.

Q. How can I configure Postfix to use SMTP authentication?

To configure SMTP authentication, install the necessary pluggable authentication modules (libsasl2-modules), and update the main.cf file with parameters such as smtp_sasl_auth_enable, smtp_sasl_password_maps, and smtp_sasl_security_options. Ensure that your password maps file is created and hashed correctly.

Q. How do I set up Postfix for a single domain?

For a single domain setup, configure the myhostname, mydomain, myorigin, and mydestination parameters in the main.cf file to reflect your domain settings.

Q. Where can I find the Postfix mail log file?

The Postfix mail log file is typically located at /var/log/mail.log. You can monitor this file to troubleshoot mail delivery issues and other errors.

Q. What should I do if I encounter delivery issues or undeliverable mail?

Check the mail log file (/var/log/mail.log) for error messages. Verify your configuration parameters in the main.cf, ensure your DNS records are correctly set up, and confirm that your SMTP authentication is configured properly.

Q. How can I allow SMTP clients to relay mail through my Postfix server?

To allow SMTP clients to relay mail through your Postfix server, configure a permissive mail relay policy by setting mynetworks in the main.cf file to include the IP addresses or subnets of your trusted clients. Ensure proper SMTP authentication is also in place to prevent unauthorized use.

Q. How do I configure an active interface for Postfix to listen to incoming email messages?

In the main.cf file set the inet_interfaces Parameter to specify which interfaces Postfix should listen on for incoming email messages. Use all To listen on all interfaces or specify individual IP addresses.

Try this guide with our instant dedicated server for as low as 40 Euros