Configuring outgoing mail to port 587 on Ubuntu/Postfix

linux ubuntu postfix email-server

44,940

Solution 1

I think you are trying to relay all outbound mail through an external mailserver using submission (port 587). Anything else wouldn't make sense, because the submission is for providing authenticated SMTP to clients while the normal communication between MTAs is done using SMTP port 25.

The submission configuration in /etc/postfix/master.cf is for providing submission smtpd for your clients and doesn't alter the behaviour how Postfix sends the outbound mail.

Instead, you'd need to configure the next-hop destination of non-local mail i.e. relayhost in main.cf and the authentication for this connection, e.g.

smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = static:USERNAME:PASSWORD
smtp_sasl_security_options = noanonymous 
smtp_tls_security_level = encrypt

relayhost = [198.51.100.10]:587

While Postfix Standard Configuration Examples for a local network has this information, it may be hard to interpret. Luckily, there are many detailed tutorials for this specific intended usage, including:

Solution 2

Here's how I figure out how to do this. There are numerous pages out there that suggest editing /etc/postfix/master.cf but these don't solve the problem of re-routing smtp traffic over a non-filtered port for ISPs that do filtering.

So to configure postfix for that, you have to add to your /etc/postfix/main.cf

relayhost = [yourserver.com]:587

Then, configure out other server outside of the port 25 DMZ to forward off-host mail. (if necessary)

44,940

S.ov

Updated on September 18, 2022

Comments

S.ov almost 2 years
I'm configuring a backup server on a local network that has a cable connection. The Cable ISP is filtering all port 25 (smtp) traffic.
```
uname -a

Linux myhost 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
```
As a result, my outgoing mail transactions are timing out because (I suspect) the default Postfix configuration is using port 25. (I'm basically using the sendmail command from the shell to send status reports from this server)

I have confirmed I can telnet to port 587 on my destination server:
```
# telnet myserver.net 587

Trying x.x.x.x...
Connected to myserver.net.
Escape character is '^]'.
EHLO 220 myserver.net ESMTP Sendmail 8.14.7/8.14.7; Mon, 7 May 2018 18:16:08 
-0500 (CDT)
myhost.net
250-myserver.net Hello hostname [x.x.x.x], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
250-DELIVERBY
250 HELP
```
How can I update my Postfix installation so that it uses port 587 AND is compatible with the protocols of the server above? (encryption not needed/required unless it's already supported - don't believe TLS is on this)

I've tried editing /etc/postfix/master.cf and uncommenting this line:
```
smtpd     pass  -       -       y       -       -       smtpd
```
But I'm still getting timeout errors indicating that it's not using 587. I do not have ufw enabled right now so that is probably not the problem.

I assume there's some additional configuration options I need to postfix?
- Ron Maupin over 4 years
  
  "The Cable ISP is filtering all port 25 (smtp) traffic." That would be a home/residential service, not a business service.
Mikael H over 4 years

Yep, don’t do this. Postfix has a relayhost option intended to solve such a use case without risking breakage of other services on a host.
Ng Sek Long over 4 years

Agree with it being not ideal, I have added warning to the answer. Interestingly this is the only way that help me solve my problem at that moment, the other solution didn't work for me so that why I am keeping this answer up, thanks.
Stefan Arentz about 3 years

This is a really bad idea. You are basically telling every single program on that machine that the SMTP is now 587. That may work for the immediate problem you are trying to solve but I can guarantee you that this has unintended side effects for other software.