Using postfix to send mail via 1and1 or other authenticated SMTP

We recently wanted to set up postfix on web servers so that it could send messages generated by the website code. We’re using 1and1′s hosted email, and wanted to send the email from a user whose mailbox was hosted with 1and1, rather than relaying the email through 1and1′s mail servers. For us, this has the advantage of having our mailboxes hosted and managed by 1and1, and having a local postfix queue on each web server which will hold onto the mail if there’s a problem at 1and1.

Background over, here’s how we configured postfix on Debian 5 (lenny).

Install prerequisites

This bit’s important. Postfix will quietly fail to authenticate with the 1and1 servers with an extremely un-descriptive warning in /var/log/mail.log. Install these unless you want to spend loads of time trying to puzzle out what’s gone wrong!

sudo apt-get install postfix sasl2-bin libsasl2-2 libsasl2-modules

Configure postfix

Postfix configuration happens in /etc/postfix/main.cf. Essentially, any parameter starting smtp_ relates to postfix sending email. Any starting smtpd_ relates to it receiving mail for sending on. For this exercise we want to disable the receipt of mail (apart from over the loopback interface).

The sections below show you why to make changes, and the attached main.txt, which you should rename to main.cf, shows the finished file.

Error Notices

These notices will email postfix-errors@yourdomain.com when something goes wrong

delay_warning_time = 2h
bounce_notice_recipient = postfix-errors@yourdomain.com
delay_notice_recipient = postfix-errors@yourdomain.com
error_notice_recipient = postfix-errors@yourdomain.com

Only allow mail to be sent, not received

We only want to send mail from our mail servers, we don’t want to receive it. Here’s how:

myhostname = yourdomain.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydomain = yourdomain.com
myorigin = yourdomain.com
mydestination =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = 127.0.0.1
inet_protocols = ipv4

SSL

These lines enable SSL and set up the config:

smtp_use_tls=yes
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_sasl_tls_security_options = noanonymous
tls_random_source = dev:/dev/urandom

Authentication

Finally, we want to log in to 1and1′s servers to send the email. Here’s the configuration settings:

smtp_sasl_auth_enable = yes
relayhost=[auth.smtp.1and1.co.uk]:587
smtp_sasl_password_maps=hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous

Creating the password file

The “smtp_sasl_password_maps” configuration option above sets a file which will contain the username & password used to log on to 1and1. To do this, first of all, we create the file:

sudo su
echo '' > /etc/postfix/sasl_passwd
chown root.root /etc/postfix/sasl_passwd
chmod 600 /etc/postfix/sasl_passwd
vim /etc/postfix/sasl_passwd

Now we need to put the username & password in there. It’s of the form:

[auth.smtp.1and1.co.uk]:587 name@yourdomain.com:password

The email address (name@yourdomain.com) should be of one of your mailboxes, and the password of that mailbox too. Once you have authenticated, you do not need to use the same email address to send from.

You should then save the file, and encrypt it as follows:

sudo postmap sasl_passwd

And then check:

sudo postfix check

And restart postfix:

sudo /etc/init.d/postfix restart

Testing postfix

To test postfix is working, try:

echo "Subject: Test"| sendmail -f name@yourdomain.com -v youremail@yourdomain.com

And then:

sudo tail -f /var/log/mail.log

to check that the email has been sent ok.

Troubleshooting

If you ever have trouble with postfix, edit /etc/postfix/master.cf and change the line:

smtp      unix  -       -       -       -       -       smtp

to

smtp      unix  -       -       -       -       -       smtp -v

And restart postfix.

Useful Resources

Comments are closed.