Configure Postfix – Relay only!

Posted on by sandeep

Did not want to use any SMTP plugin in the WordPress installation. Reading through the posts on the net to achieve mails being sent from WordPress the wp_mail() is used and it attempts to delivery the mail to port 25 of localhost. So decided to configure Postfix to accepts mails for delivery to be relayed to my actual SMTP server. (Note : Debian Buster)

Install required packages (mailutils – helpful to send mail from command line)

#apt install postfix libsasl2-modules mailutils

During installation when prompted for “type of mail configuration” choose “Internet site” and for “System mail name” just selected the default value (vm hostname). Note : my /etc/hosts had entry for the value though it was not in proper FQDN format.

Create /etc/postfix/sasl_passwd file and provide the authentication credentials to access the actual SMTP server

[mail.isp.example] username:password

Create the hash db file for Postfix by running the postmap command

#postmap /etc/postfix/sasl_passwd

The /etc/postfix/sasl_passwd and the /etc/postfix/sasl_passwd.db files created in the previous steps contain your SMTP credentials in plain text.

For security reasons, you should change their permissions so that only the root user can read or write to the file. Run the following commands to change the ownership to root and update the permissions for the two files

#chown root:root /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db
#chmod 0600 /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db

Edit /etc/postfix/main.cf and update the relayhost configuration as follows (Note : in my case 587 was the port so had to specifically configure) :

relayhost = [mail.isp.example]:587

Configure the authentication details – Add the following lines at the end of the file

# Enable SASL authentication
smtp_sasl_auth_enable = yes
# Disable anonymous authentication
smtp_sasl_security_options = noanonymous 
# Provide the password hash file location
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd 
# Enable STARTTLS encryption 
smtp_use_tls = yes 
# Location of CA certificates 
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt

Finally restart postfix service

service postfix restart

Send a test mail from command line

echo "Test email" | mail -s "Test subject" -a "From: admin@wpsite.net" recipeint@email.com

Test from WP – Just access wp-admin and select “Lost password” option.