Skip to main content

How to Configure Postfix SMTP Relay on CWP CentOS 7 with Relay Provider ?

If you are using Google Cloud, Then you are not able to send email directly using SMTP 25 port. So You can configure your Postfix  to send email via relay using SASL authentication. Simple Authentication and Security Layer (SASL) is a standard authentication framework supported by many services including Postfix. 

CASE A: I am using a VM on Google Cloud which is my Application server where multiple domain is hosted. I want to send email from specific domain using specific relay. You can use multiple relay for multiple domain. Another Domain will not able send email directly because GCP block SMTP 25 port for outgoing.
Make sure the SASL authentication framework, and mailx are all installed
# yum -y install cyrus-sasl-plain mailx 
In /etc/postfix/main.cf , Add the following lines
#Relay
smtp_sasl_security_options = noanonymous
smtp_sender_dependent_authentication = yes
sender_dependent_relayhost_maps = hash:/etc/postfix/sender_relay
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
header_size_limit = 4096000 
In /etc/postfix/sender_relay, add domain that must go through a relay.
@aaa.com                   smtp-relay.sendinblue.com:587 
@bbb.com                   smtp-relay.mailjet.com:587
@ccc.com                   smtp-relay.mailgun.com:587
In /etc/postfix/sasl_passwd, provide credentials that listed in /etc/postfix/sender_relay.
smtp-relay.sendinblue.com:587   postmaster@aaa.com:3Ba4password0nrTg 
smtp-relay.mailjet.com:587      postmaster@bbb.com:3Ba4pass0nrTg
smtp-relay.mailgun.com:587      postmaster@ccc.com:Upass0nrTg
Don't forget the following commands.
# postmap sasl_passwd sender_relay
# postfix reload 
Now you can flush the email queue (attempt to deliver the previous emails).
# postqueue -f 
Access to the sasl_passwd files should be restricted. ( If needed )
# chown root:postfix /etc/postfix/sasl_passwd*
# chmod 640 /etc/postfix/sasl_passwd*

OR 

# chmod 600 sasl_passwd
# chown root:root sasl_passwd 
CASE B: If you use another service provider VM where SMTP 25 port is open, Then the scenario would be as below . In this case, Domain ddd.com & rest of the domain will route directly . You must create an user name and password on Service Provider's VM, So that Credentials will be used on GCP VM. That setup same as Sendingblue, Mailjet & Mailgun.

CASE C: In This Case, We introduced another smtp server from another VM provider. So rest of the domain will send email where our hosted is in another place and it also can send email.

Troubleshoot Delivery Issues

The maillog can be reviewed if the test message is not successfully delivered. Open another shell and run tail while performing another test.
 tail -f /var/log/maillog 
If there are not enough details in the maillog to determine the problem, then the debug level can be increased by adding the following lines to the /etc/postfix/main.cf.
debug_peer_list=smtp-relay.rubel.com
debug_peer_level=3 
The Postfix configuration must be reloaded after updating the main.cf file.
systemctl reload postfix 
Remember to remove the debug settings when testing is complete. The verbose logs can have a negative impact on server performance. In case the problem is still persist , install the following packages :
 # yum install cyrus-sasl cyrus-sasl-plain -y 

Comments