Configuring outgoing mail to port 587 on Ubuntu/Postfix
Solution 1
I think you are trying to relay all outbound mail through an external mailserver using submission (port 587
). Anything else wouldn't make sense, because the submission is for providing authenticated SMTP to clients while the normal communication between MTAs is done using SMTP port 25
.
The submission configuration in /etc/postfix/master.cf
is for providing submission smtpd for your clients and doesn't alter the behaviour how Postfix sends the outbound mail.
Instead, you'd need to configure the next-hop destination of non-local mail i.e. relayhost
in main.cf
and the authentication for this connection, e.g.
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = static:USERNAME:PASSWORD
smtp_sasl_security_options = noanonymous
smtp_tls_security_level = encrypt
relayhost = [198.51.100.10]:587
While Postfix Standard Configuration Examples for a local network has this information, it may be hard to interpret. Luckily, there are many detailed tutorials for this specific intended usage, including:
- HowtoForge Set Up Postfix For Relaying Emails Through Another Mailserver
- nixCraft How to configure Postfix relayhost (smarthost) to send eMail using an external smptd
- Bravi.org Postfix: Configure a SmartHost with SMTP Authentication and TLS
Solution 2
Here's how I figure out how to do this. There are numerous pages out there that suggest editing /etc/postfix/master.cf but these don't solve the problem of re-routing smtp traffic over a non-filtered port for ISPs that do filtering.
So to configure postfix for that, you have to add to your /etc/postfix/main.cf
relayhost = [yourserver.com]:587
Then, configure out other server outside of the port 25 DMZ to forward off-host mail. (if necessary)
Related videos on Youtube
S.ov
Updated on September 18, 2022Comments
-
S.ov almost 2 years
I'm configuring a backup server on a local network that has a cable connection. The Cable ISP is filtering all port 25 (smtp) traffic.
uname -a Linux myhost 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
As a result, my outgoing mail transactions are timing out because (I suspect) the default Postfix configuration is using port 25. (I'm basically using the sendmail command from the shell to send status reports from this server)
I have confirmed I can telnet to port 587 on my destination server:
# telnet myserver.net 587 Trying x.x.x.x... Connected to myserver.net. Escape character is '^]'. EHLO 220 myserver.net ESMTP Sendmail 8.14.7/8.14.7; Mon, 7 May 2018 18:16:08 -0500 (CDT) myhost.net 250-myserver.net Hello hostname [x.x.x.x], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 250-DSN 250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN 250-DELIVERBY 250 HELP
How can I update my Postfix installation so that it uses port 587 AND is compatible with the protocols of the server above? (encryption not needed/required unless it's already supported - don't believe TLS is on this)
I've tried editing /etc/postfix/master.cf and uncommenting this line:
smtpd pass - - y - - smtpd
But I'm still getting timeout errors indicating that it's not using 587. I do not have ufw enabled right now so that is probably not the problem.
I assume there's some additional configuration options I need to postfix?
-
Ron Maupin over 4 years"The Cable ISP is filtering all port 25 (smtp) traffic." That would be a home/residential service, not a business service.
-
-
Mikael H over 4 yearsYep, don’t do this. Postfix has a
relayhost
option intended to solve such a use case without risking breakage of other services on a host. -
Ng Sek Long over 4 yearsAgree with it being not ideal, I have added warning to the answer. Interestingly this is the only way that help me solve my problem at that moment, the other solution didn't work for me so that why I am keeping this answer up, thanks.
-
Stefan Arentz about 3 yearsThis is a really bad idea. You are basically telling every single program on that machine that the SMTP is now 587. That may work for the immediate problem you are trying to solve but I can guarantee you that this has unintended side effects for other software.