This guide explains how to configure Postfix to use the MXGuardian SMTP relay (smtp.mxguardian.net) as a smarthost. We cover two different configurations:
-
Routing All Outbound Mail through the Smarthost.
-
Routing Mail for Specific Sender Domains through the Smarthost.
The MXGuardian SMTP relay is available at smtp.mxguardian.net
on port 587.
Prerequisites
-
Access to your server as a user with administrative privileges.
-
Postfix is installed and configured on your server.
-
Login credentials for the MXGuardian SMTP relay. Credentials can be generated by going to the Security page in MXGuardian. Alternatively, you can authenticate by adding your server's public IP address to the Trusted IP list, also found on the Security page in MXGuardian.
Note on Authentication
You can authenticate by using either SMTP authentication or by adding your server's IP address to the Trusted IP list in MXGuardian. If you choose to authenticate by IP, skip the steps related to creating the SASL password file and configuring SMTP authentication.
Configuration to Route All Outbound Mail Through the Smarthost
To configure Postfix to relay all outbound emails through the MXGuardian SMTP relay, follow these steps:
-
Edit the Postfix Configuration File
Open the main Postfix configuration file
/etc/postfix/main.cf
using your preferred text editor (e.g.,nano
orvim
):sudo nano /etc/postfix/main.cf
-
Set Up Relayhost
Add or modify the following lines in
main.cf
to use the MXGuardian SMTP relay:relayhost = [smtp.mxguardian.net]:587 smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_sasl_security_options = noanonymous smtp_use_tls = yes
These settings do the following:
-
relayhost
: Specifies the smarthost for relaying all outgoing email. -
smtp_sasl_auth_enable
: Enables SASL authentication. -
smtp_sasl_password_maps
: Points to the file containing credentials. -
smtp_sasl_security_options
: Ensures only secure authentication is used. -
smtp_use_tls
: Enables TLS encryption for secure communication.
-
-
Configure Authentication
Create or edit the
/etc/postfix/sasl_passwd
file to store the credentials for the MXGuardian SMTP relay:[smtp.mxguardian.net]:587 your_username:your_password
Replace
your_username
andyour_password
with your actual MXGuardian login credentials. -
Secure the Password File
Set appropriate permissions on the
sasl_passwd
file to prevent unauthorized access:sudo chmod 600 /etc/postfix/sasl_passwd
-
Postmap the Password File
Use the
postmap
command to generate the database file required by Postfix:sudo postmap /etc/postfix/sasl_passwd
-
Restart Postfix
Finally, restart Postfix to apply the changes:
sudo systemctl restart postfix
Your Postfix server should now route all outgoing mail through the MXGuardian smarthost.
Configuration to Route Mail for Specific Sender Domains Through the Smarthost
If you only want to use the MXGuardian smarthost for specific sender domains, follow these additional steps:
-
Edit the
main.cf
FileOpen
/etc/postfix/main.cf
again:sudo nano /etc/postfix/main.cf
Add the following line to specify an override file for sender-dependent relay hosts:
sender_dependent_relayhost_maps = hash:/etc/postfix/sender_relay smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_sasl_security_options = noanonymous smtp_use_tls = yes
-
Create the Sender Relay File
Create or edit the
/etc/postfix/sender_relay
file to specify which domains should use the MXGuardian smarthost:@example.com [smtp.mxguardian.net]:587
Replace
@example.com
with the domain you want to relay through the MXGuardian smarthost. You can add multiple lines for different domains as needed. -
Create the SASL Password File
If you haven't already, create or edit the
/etc/postfix/sasl_passwd
file to store the credentials for the MXGuardian SMTP relay:[smtp.mxguardian.net]:587 your_username:your_password
Replace
your_username
andyour_password
with your actual MXGuardian login credentials. -
Secure the Password File
Set appropriate permissions on the
sasl_passwd
file to prevent unauthorized access:sudo chmod 600 /etc/postfix/sasl_passwd
-
Postmap the SASL Password File
Use the
postmap
command to generate the database file required by Postfix:sudo postmap /etc/postfix/sasl_passwd
-
Postmap the Sender Relay File
Use the
postmap
command to generate the database file required by Postfix:sudo postmap /etc/postfix/sender_relay
-
Restart Postfix
Restart Postfix to apply the changes:
sudo systemctl restart postfix
Now, only emails from specific domains (e.g.,
@example.com
) will be relayed through the MXGuardian smarthost.
Troubleshooting
-
Authentication Failures: Ensure the credentials in
/etc/postfix/sasl_passwd
are correct and that thesasl_passwd.db
file has been generated usingpostmap
. -
TLS Issues: Verify that port 587 is open and accessible. Also, ensure the
smtp_use_tls
setting is enabled for secure communication. -
Logs: Check
/var/log/mail.log
or/var/log/maillog
for any error messages related to Postfix.
Summary
This article provided instructions to configure Postfix to route outbound mail through the MXGuardian smarthost (smtp.mxguardian.net
on port 587). You can choose to route all outbound mail or only specific sender domains based on your requirements.
Comments
0 comments
Article is closed for comments.