Configuring outgoing mail to port 587 on Ubuntu/Postfix

linux ubuntu postfix email-server

I'm configuring a backup server on a local network that has a cable connection. The Cable ISP is filtering all port 25 (smtp) traffic. 

uname -a

Linux myhost 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

As a result, my outgoing mail transactions are timing out because (I suspect) the default Postfix configuration is using port 25. (I'm basically using the sendmail command from the shell to send status reports from this server)

I have confirmed I can telnet to port 587 on my destination server:

# telnet myserver.net 587

Trying x.x.x.x...
Connected to myserver.net.
Escape character is '^]'.
EHLO 220 myserver.net ESMTP Sendmail 8.14.7/8.14.7; Mon, 7 May 2018 18:16:08 
-0500 (CDT)
myhost.net
250-myserver.net Hello hostname [x.x.x.x], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
250-DELIVERBY
250 HELP

How can I update my Postfix installation so that it uses port 587 AND is compatible with the protocols of the server above? (encryption not needed/required unless it's already supported - don't believe TLS is on this)

I've tried editing /etc/postfix/master.cf and uncommenting this line:

smtpd     pass  -       -       y       -       -       smtpd

But I'm still getting timeout errors indicating that it's not using 587. I do not have ufw enabled right now so that is probably not the problem.

I assume there's some additional configuration options I need to postfix?


Solution 1:

I think you are trying to relay all outbound mail through an external mailserver using submission (port 587). Anything else wouldn't make sense, because the submission is for providing authenticated SMTP to clients while the normal communication between MTAs is done using SMTP port 25.

The submission configuration in /etc/postfix/master.cf is for providing submission smtpd for your clients and doesn't alter the behaviour how Postfix sends the outbound mail.

Instead, you'd need to configure the next-hop destination of non-local mail i.e. relayhost in main.cf and the authentication for this connection, e.g.

smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = static:USERNAME:PASSWORD
smtp_sasl_security_options = noanonymous 
smtp_tls_security_level = encrypt

relayhost = [198.51.100.10]:587

While Postfix Standard Configuration Examples for a local network has this information, it may be hard to interpret. Luckily, there are many detailed tutorials for this specific intended usage, including:

  • HowtoForge Set Up Postfix For Relaying Emails Through Another Mailserver
  • nixCraft How to configure Postfix relayhost (smarthost) to send eMail using an external smptd
  • Bravi.org Postfix: Configure a SmartHost with SMTP Authentication and TLS

Solution 2:

Here's how I figure out how to do this. There are numerous pages out there that suggest editing /etc/postfix/master.cf but these don't solve the problem of re-routing smtp traffic over a non-filtered port for ISPs that do filtering.

So to configure postfix for that, you have to add to your /etc/postfix/main.cf

relayhost = [yourserver.com]:587

Then, configure out other server outside of the port 25 DMZ to forward off-host mail. (if necessary)

Related

Combined NFS, Samba server w users from Active Directory
Self-host an application or outsource it? [closed]
Can't ping multihomed Linux machine on non-default interface
How to restrict the users' shell allowing to execute shell programs
Cannot remove architecture i386 [duplicate]
Coding on VS code [closed]
mysql-server-8.0 error blocking apt installations
Is Ubuntu itself vulnerable to Log4shell?
How to install python3.8/3.7 on ubuntu 21.04
Completely stuck on install / service stop MYSQL
Restrict access to specific folder on samba
Make Symlink to folder on USB stick to be owned by www-data group