1 I spent some time today configuring [Postfix][] so I could send mail
2 from home via [[SMTPS|STMP]].
7 Verizon, our ISP, blocks port 25 to external domains, forcing all
8 outgoing mail through their `outgoing.verizon.net` exchange server.
9 In order to accept mail, they also require you authenticate with your
10 Verizon username and password, so I wanted to use an encrypted
13 For the purpose of this example, our Verizon username is `jdoe`, our
14 Verizon password is `YOURPASS`, you're running a local Postfix server
15 on `mail.example.com` for your site at `example.com`, and `12345` is a
18 # cat /etc/postfix/main.cf
19 myhostname = mail.example.com
20 relayhost = [127.0.0.1]:12345
21 smtp_sasl_auth_enable = yes
22 smtp_sasl_password_maps = hash:/etc/postfix/saslpass
23 sender_canonical_maps = hash:/etc/postfix/sender_canonical
24 # cat /etc/postfix/saslpass
25 [127.0.0.1]:12345 jdoe@verizon.net:YOURPASS
26 # postmap /etc/postfix/saslpass
27 # cat /etc/postfix/sender_canonical
28 root@mail.example.com jdoe@example.com
29 root@example.com jdoe@example.com
30 root@localhost jdoe@example.com
31 jdoe@mail.example.com jdoe@example.com
32 jdoe@localhost jdoe@example.com
33 # postmap /etc/postfix/sender_canonical
34 # cat /etc/stunnel/stunnel.conf
38 connect = outgoing.verizon.net:465
39 # /etc/init.d/stunnel restart
44 $ echo 'testing 1 2' | sendmail you@somewhere.com
46 Here's what's going on:
48 * You hand an outgoing message to your local Postfix, which decides to
49 send it via port `12345` on your localhost (`127.0.0.1`) (`relayhost`).
50 * Stunnel picks up the connection from Postfix, encrypts everything,
51 and forwards the connection to port 465 on `outgoing.verizon.net`
53 * Postfix identifies itself as `mail.example.com` (`myhostname`), and
54 authenticates using your Verizon credentials (`smtp_sasl_…`).
55 * Because Verizon is picky about the `From` addresses it will accept,
56 we use `sender_canonical` to map addresses to something simple that
59 And that's it :p. If you're curious, there's more detail about all
60 the Postfix config options in the [postconf][] man page, and there's
61 good SASL information in the [SASL_README][].
63 There's also a [blog post by Tim White][TW] which I found useful.
64 Because Verizon lacks [STARTTLS][] support, his approach didn't work
65 for me out of the box.
70 In case you have trouble with someone blocking your incoming mail, things are a bit trickier. You can always accept mail on different ports (e.g. the submission port 587), with an entry like
72 submission inet n - n - - smtpd
74 in `/etc/postfix/master.cf`. However, others will not know which port
75 you selected, because [MX records][MX] do not allow you to specify
76 alternate ports. The more modern [SRV record][SRV] allows this, but
77 mail systems are old-school and don't support SRV. If you have access
78 to another external server (whose port 25 isn't blocked), you can
79 point your MX record at that server, and have it forward mail to you
82 For the purpose of this example, the remote host has a public IP of
83 `1.2.3.4`, and your local site is `example.com`, recieving mail on
84 port 587. All of the following config files are on the remote host.
86 # cat /etc/postfix/main.cf
88 proxy_interfaces = 1.2.3.4
89 relay_domains = example.com
90 relay_transport = relay:[example.com]:587
93 For futher details (e.g. if you are relaying to more than one target),
94 see the [Postfix suggestions for being an MX host for a remote
97 [Postfix]: http://www.postfix.org/
98 [postconf]: http://www.postfix.org/postconf.5.html
99 [SASL_README]: http://www.postfix.org/SASL_README.html
100 [TW]: http://www.zulius.com/how-to/set-up-postfix-with-a-remote-smtp-relay-host/
101 [STARTTLS]: http://en.wikipedia.org/wiki/STARTTLS
102 [MX]: http://en.wikipedia.org/wiki/MX_record
103 [SRV]: http://en.wikipedia.org/wiki/SRV_record
104 [relay_domains]: http://www.postfix.org/postconf.5.html#relay_domains
105 [host]: http://www.postfix.org/STANDARD_CONFIGURATION_README.html#backup
projects / blog.git / blob