Postfix
This guide provides instructions for updating the Postfix configuration to use MailChannels Outbound Filtering. Authentication with MailChannels is required and relatively simple to set up.
For more advanced configuration scenarios, please refer to the online Postfix documentation.
Password Map
The first step is to create the password map. Postfix uses this for authentication. The MailChannels team will provide the SMTP username. The password for authentication can be generated by logging into the MailChannels Customer Console.
1. Create a text file named `password` in the `/etc/postfix` folder using the following command:
# touch /etc/postfix/password
2. Edit the password file and add the following entry in space-delimited format:
smtp.mailchannels.net <SMTP_username>:<SMTP_password>
Replace <SMTP_username> and <SMTP_password> with your actual SMTP credentials provided by MailChannels when you signed up for service. If you need these credentials, please contact support@mailchannels.com
3. Save and close the file.
4. Set the correct permissions on the password file:
# chown root:root /etc/postfix/password
# chmod 0600 /etc/postfix/password
5. Create the hash map by running the following command:
# postmap hash:/etc/postfix/password
Postfix Smarthost Authentication
To enable authenticated sending through the MailChannels system, add the following configuration directives to your /etc/postfix/main.cf file:
relayhost = smtp.mailchannels.net
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/password
smtp_sasl_security_options = noanonymous
smtpd_sasl_authenticated_header = yes
smtp_tls_security_level = may
The parameters used in the configuration directives are described in the following table:
Parameter | Description |
relayhost = smtp.mailchannels.net | Relays all mail via the `smtp.mailchannels.net` mail service. |
smtp_sasl_auth_enable = yes | Indicates Cyrus-SASL support for authentication of mail servers. |
smtp_sasl_password_maps = hash:/etc/postfix/password | Sets the path to the `sasl_passwd` file. |
smtp_sasl_security_options = noanonymous | When empty (default), allows Postfix to use anonymous and plaintext authentication. |
smtpd_sasl_authenticated_header = yes | Logs the authenticated user ID in the received header to track user behavior and reputation. |
smtp_tls_security_level = may | Enables opportunistic TLS encryption outbound. |
- Modify, save and close the file.
- Restart Postfix to apply the changes:
# /etc/init.d/postfix restart
Testing
To test your setup, follow these steps:
1. Create a text file with the desired email content. For example:
$ echo 'This is a test.' > /tmp/test
2. Send the test email to your desired recipient:
$ mail -s 'Test' you@example.com < /tmp/test
3. Monitor the mail log for any potential issues:
# tail -f /var/log/mail.log
4. Clean up the temporary test file:
# rm /tmp/test
Helpful Hints
If you encounter "no mechanism available" error messages, you may be missing SASL authentication libraries.
- For Debian or Ubuntu, install the missing libsasl module
To specify only certain domains use change
relayhost = smtp.mailchannels.net
to
transport_maps = hash:/etc/postfix/transport
create /etc/postfix/transport in the format of
domain.com smtp:smtp.mailchannels.net
domain2.com smtp:smtp.mailchannels.net
then run
postmap hash:/etc/postfix/transport
Using this only remote domains listed in the transport file would be used.
Thank you I was able to get it configured and it is working now. The mail channels extension was a great tool to get the service working faster. I hope you reconsider updating and get it available in the near future.
Regards,
Javier Cota
any example how to exclude specific senders from relay? to send email directly