This guide explains how to configure Postfix to use the MXGuardian SMTP relay (smtp.mxguardian.net) as a smarthost. We cover two different configurations:
-
Routing All Outbound Mail through the Smarthost.
-
Routing Mail for Specific Sender Domains through the Smarthost.
The MXGuardian SMTP relay is available at smtp.mxguardian.net on port 587.
Prerequisites
-
Access to your server as a user with administrative privileges.
-
Postfix is installed and configured on your server.
-
Login credentials for the MXGuardian SMTP relay. Credentials can be generated by going to the Security page in MXGuardian. Alternatively, you can authenticate by adding your server's public IP address to the Trusted IP list, also found on the Security page in MXGuardian.
Note on Authentication
You can authenticate by using either SMTP authentication or by adding your server's IP address to the Trusted IP list in MXGuardian. If you choose to authenticate by IP, skip the steps related to creating the SASL password file and configuring SMTP authentication.
Configuration to Route All Outbound Mail Through the Smarthost
To configure Postfix to relay all outbound emails through the MXGuardian SMTP relay, follow these steps:
-
Edit the Postfix Configuration File
Open the main Postfix configuration file
/etc/postfix/main.cfusing your preferred text editor (e.g.,nanoorvim):sudo nano /etc/postfix/main.cf -
Set Up Relayhost
Add or modify the following lines in
main.cfto use the MXGuardian SMTP relay:relayhost = [smtp.mxguardian.net]:587 smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_sasl_security_options = noanonymous smtp_use_tls = yesThese settings do the following:
-
relayhost: Specifies the smarthost for relaying all outgoing email. -
smtp_sasl_auth_enable: Enables SASL authentication. -
smtp_sasl_password_maps: Points to the file containing credentials. -
smtp_sasl_security_options: Ensures only secure authentication is used. -
smtp_use_tls: Enables TLS encryption for secure communication.
-
-
Configure Authentication
Create or edit the
/etc/postfix/sasl_passwdfile to store the credentials for the MXGuardian SMTP relay:[smtp.mxguardian.net]:587 your_username:your_passwordReplace
your_usernameandyour_passwordwith your actual MXGuardian login credentials. -
Secure the Password File
Set appropriate permissions on the
sasl_passwdfile to prevent unauthorized access:sudo chmod 600 /etc/postfix/sasl_passwd -
Postmap the Password File
Use the
postmapcommand to generate the database file required by Postfix:sudo postmap /etc/postfix/sasl_passwd -
Restart Postfix
Finally, restart Postfix to apply the changes:
sudo systemctl restart postfixYour Postfix server should now route all outgoing mail through the MXGuardian smarthost.
Configuration to Route Mail for Specific Sender Domains Through the Smarthost
If you only want to use the MXGuardian smarthost for specific sender domains, follow these additional steps:
-
Edit the
main.cfFileOpen
/etc/postfix/main.cfagain:sudo nano /etc/postfix/main.cfAdd the following line to specify an override file for sender-dependent relay hosts:
sender_dependent_relayhost_maps = hash:/etc/postfix/sender_relay smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_sasl_security_options = noanonymous smtp_use_tls = yes -
Create the Sender Relay File
Create or edit the
/etc/postfix/sender_relayfile to specify which domains should use the MXGuardian smarthost:@example.com [smtp.mxguardian.net]:587Replace
@example.comwith the domain you want to relay through the MXGuardian smarthost. You can add multiple lines for different domains as needed. -
Create the SASL Password File
If you haven't already, create or edit the
/etc/postfix/sasl_passwdfile to store the credentials for the MXGuardian SMTP relay:[smtp.mxguardian.net]:587 your_username:your_passwordReplace
your_usernameandyour_passwordwith your actual MXGuardian login credentials. -
Secure the Password File
Set appropriate permissions on the
sasl_passwdfile to prevent unauthorized access:sudo chmod 600 /etc/postfix/sasl_passwd -
Postmap the SASL Password File
Use the
postmapcommand to generate the database file required by Postfix:sudo postmap /etc/postfix/sasl_passwd -
Postmap the Sender Relay File
Use the
postmapcommand to generate the database file required by Postfix:sudo postmap /etc/postfix/sender_relay -
Restart Postfix
Restart Postfix to apply the changes:
sudo systemctl restart postfixNow, only emails from specific domains (e.g.,
@example.com) will be relayed through the MXGuardian smarthost.
Troubleshooting
-
Authentication Failures: Ensure the credentials in
/etc/postfix/sasl_passwdare correct and that thesasl_passwd.dbfile has been generated usingpostmap. -
TLS Issues: Verify that port 587 is open and accessible. Also, ensure the
smtp_use_tlssetting is enabled for secure communication. -
Logs: Check
/var/log/mail.logor/var/log/maillogfor any error messages related to Postfix.
Summary
This article provided instructions to configure Postfix to route outbound mail through the MXGuardian smarthost (smtp.mxguardian.net on port 587). You can choose to route all outbound mail or only specific sender domains based on your requirements.
Comments
0 comments
Article is closed for comments.