While I haven't tried to relay through a provider using the submission port (587) it should be possible. To enable Postfix to relay you'll need to setup a file with the authenticated credentials to use and make some modifications to your /etc/postfix/main.cf
config file.
The first is the authentication credentials. For this I simply use /etc/postfix/sasl_passwd
which I add the appropriate line using the template:
smtp.provider.com smtp_user:smtp_passwd
You'll want to be sure this file is protected so I recommend root:root
ownership and 0600
permissions be set on it. You'll then want to run the following to create the hash mapped version as root.
postmap hash:/etc/postfix/sasl_passwd
With this out of the way turn your attention go the /etc/postfix/main.cf
you may find some of the values already set so you will need to change them accordingly but the important details are as follows:
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options =
smtp_tls_security_level = may
These will enable Postfix to be able to use the sasl_passwd file to authenticate when sending mail. You'll then need to tell Postfix it should use the provider to send the mail by adding the configuration
relayhost = smtp.provider.com:port
By default Postfix assumes port 25 if you don't specify and this has worked for me in the past. With your requested setup you'll need to specify 587 as the port. With that said I'm not sure if you'll need to modify the sasl_passwd entry to be smtp.provider.com:587
instead of simply smtp.provider.com
as I've not tried doing this over a non-default port before so you'll have to try it for yourself.
These configuration steps alone are handling mail forwarding on several servers I maintain through a central mail server.
Updated to include fully working example
It actually turns out I'd configured my Ubuntu (Debian-based) laptop to use port 587 on my email provider (not-Gmail) as my DSL provider blocks outbound port 25 traffic. I updated to use one of my Gmail accounts to send mail out instead. The only change I needed to make
I'm obscuring the private data but otherwise pasting as-is working configuration for Postfix.
First we have /etc/postfix/main.cf
:
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
# TLS parameters
#smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
#smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
#smtpd_use_tls=yes
#smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_tls_security_level = may
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
myhostname = example.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination = solitare, localhost.localdomain, , localhost
relayhost = smtp.gmail.com:587
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options =
Next we have /etc/postfix/sasl_passwd
:
smtp.gmail.com:587 myusername@gmail.com:mypassword
I then ran the following SMTP session:
jbouse@solitare:~$ telnet localhost 25
Trying 127.0.0.1...
Connected to solitare.
Escape character is '^]'.
220 example.com ESMTP Postfix (Ubuntu)
helo localhost
250 example.com
mail from: jbouse@example.com
250 2.1.0 Ok
rcpt to: myotherusername@gmail.com
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
To: myotherusername@gmail.com
From: jbouse@example.com
Subject: Testing Postfix smarthost via Gmail
this is just a test
.
250 2.0.0 Ok: queued as 6269B280191
quit
221 2.0.0 Bye
Connection closed by foreign host.
Then I log into my myotherusername
Gmail account and read the message:
Return-Path: <myotherusername@gmail.com>
Received: from example.com (mydslproviderhostname.net [x.x.x.229])
by mx.google.com with ESMTPS id 6sm401663ywd.11.2010.03.04.19.19.58
(version=TLSv1/SSLv3 cipher=RC4-MD5);
Thu, 04 Mar 2010 19:19:58 -0800 (PST)
Sender: "Jeremy Bouse" <myotherusername@gmail.com>
Received: from localhost (solitare [127.0.0.1])
by example.com (Postfix) with SMTP id 6269B280191
for <myotherusername@gmail.com>; Thu, 4 Mar 2010 22:17:39 -0500 (EST)
To: myotherusername@gmail.com
From: jbouse@example.com
Subject: Testing Postfix smarthost via Gmail
Message-Id: <20100305031745.6269B280191@example.com>
Date: Thu, 4 Mar 2010 22:17:39 -0500 (EST)
this is just a test
Now having shown my 13 years as a systems administrator are not wasted I have email sending from my laptop through Gmail without having any need to generate a self-signed x.509 certificate as others would tell you. The key addition to the /etc/postfix/main.cf
is the smtp_tls_security_level setting to may to tell Postfix that it is okay to issue the STARTTLS command when connecting to another MTA if it supports TLS. If you forget the smtp_tls_security_level setting you may see an entry in your /var/log/mail.log
along the lines of:
Mar 4 22:10:58 solitare postfix/smtp[19873]: 20E07280191: to=<myotherusername@gmail.com>, relay=smtp.gmail.com[74.125.47.109]:587, delay=38, delays=38/0.03/0.08/0.01, dsn=5.7.0, status=bounced (host smtp.gmail.com[74.125.47.109] said: 530 5.7.0 Must issue a STARTTLS command first. 20sm399188ywh.48 (in reply to MAIL FROM command))
However with it set properly you should see something along the lines of:
Mar 4 22:20:00 solitare postfix/smtp[20313]: 6269B280191: to=<myotherusername@gmail.com>, relay=smtp.gmail.com[74.125.47.109]:587, delay=141, delays=110/29/0.36/1.9, dsn=2.0.0, status=sent (250 2.0.0 OK 1267759200 6sm401663ywd.11)