Before you begin making changes to your Azure Mail Server
If you do not yet have an active MailChannels subscription, you will need to create an account with us before you are able to continue with your Azure relay configuration. The following steps will help you create and activate a valid MailChannels subscription:
1. Select your desired subscription plan and signup for a MailChannels account:
2. Retrieve your MailChannels SMTP credentials from your Customer Admin console: https://console.mailchannels.net
Note: Your SMTP hostname is smtp.mailchannels.net smtp.mailchannels.ch - depending upon your region; The Americas or Europe)
You will need root or superuser permissions in order to install and configure Postfix on your Azure instance. Ensure that you have sudo permissions or a root level login before getting started.
Sending mail using Postfix in Azure
Configuring MailChannels as a smart host mail relay destination allows Postfix to route emails destined for remote delivery through our Outbound Filtering anti-spam solution for inspection before delivering to the intended destination or rejecting identified abusive content and rejecting delivery.
Please use the following steps to install and configure a Postfix mail server onto your Azure instance for relaying outbound message traffic through MailChannels.
1. Connect to your server instance using SSH by password or configured key exchange:
ssh <username>@<hostname_or_IP> -or-
ssh -i <path_to_keyfile><username>@<hostname_or_IP>
Replace <text> with actual values.
2. Install the Postfix MTA(Mail Transport Agent) software package from your local repository. When prompted, accept the default choices for domain names but select the “Local Only” configuration type when prompted.
Use the sudo command to assume temporary superuser/root permissions required for installing new software. If you do not have access to a root level account or sudo permissions enabled, you may be unable to continue the setup process until sudo permissions are granted or a root level account is used. Omit the sudo portion of any command if you are logged into a root level account (not recommended). Use the command syntax specific to your chosen operating system below:
Debian/Ubuntu (2 packages)
username@azure-instance:~# sudo apt-get update && sudo apt-get install postfix libsasl2-modules -y
RHEL/CentOS (3 packages)
username@azure-instance:~# sudo yum install postfix cyrus-sasl-plain cyrus-sasl-md5 -y
3. After the installations complete, modify the Postfix configuration options for proper relaying with authentication. Open the file: /etc/postfix/main.cf with any text editor(VI, Emacs, etc.)
username@azure-instance:~# vi /etc/postfix/main.cf
Next, search for the following lines in the file. If they are found, comment them out by inserting a hashmark "#" before the parameter name in the file:
Original main.cf parameters:
default_transport = error
relay_transport = error
Modified(new) main.cf parameters:
#default_transport = error
#relay_transport = error
4. Move to the last line of the file and append the following MailChannels SMTP relayhost line to the file:
relayhost = [smtp.mailchannels.net]:2525
Note: Port 2525 is required at the publish date of this article as port 25 is blocked for Azure VMs. Port 2525 was opened as an alternative for customers who wish to route through the MailChannels service but face similar issues on the standard SMTP port. Port 2525 is configured identically to our listeners on port 25.
5. Continue editing the file and insert the following necessary parameters for SSL/TLS and Authentication support, just below the previous relayhost entry at the bottom of the file. (Relayhost shadow included in the example to demonstrate location when adding these new parameters.)
Note: A simple access and security layer (SASL) module handles authentication within Postfix.
relayhost = [smtp.mailchannels.net]:2525
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/password
smtp_sasl_security_options = noanonymous
smtpd_sasl_authenticated_header = yes
smtp_tls_security_level = encrypt
6. Save your changes and close the file(Write/Quit the text editor). Modifications to the main.cf file are complete.
7. Generate a valid SASL password map containing your SMTP username you received at account creation and your SMTP password which can be retrieved from your MailChannels Customer Console. Login and navigate to the Settings > Account > SMTP passwords area to retrieve/create/disable SMTP passwords associated with your account. Once you have your SMTP credentials, proceed in the creation of the /etc/postfix/password file.
7a. Create a text file named “password” in the /etc/postfix directory using the following command:
username@azure-instance:~# vi /etc/postfix/password
Note: The password file is space delimited only, please do not use tabs in this file.
7b. Copy the following line and insert it into the first line of the /etc/postfix/password file.
smtp.mailchannels.net <SMTP_username>:<SMTP_password>
Replace <text> with actual values. If you are using our European relays, also modify smtp.mailchannels.net to read smtp.mailchannels.ch
7c. Save and close the file (Write/Quit the text editor). The /etc/postfix/password file has been created successfully.
8. Modify the permissions and ownership of the new /etc/postfix/password file to make them restricted to only the root or superuser account.
username@azure-instance:~# chown root:root /etc/postfix/password
username@azure-instance:~# chmod 0600 /etc/postfix/password
9. The last modification required will map your password file within Postfix which will use your SMTP credentials to authenticate with the MailChannels service and inspect, process and deliver your messages. Run the following postmap command:
username@azure-instance:~# postmap hash:/etc/postfix/password
10. Restart Postfix to load the modified parameters and begin relaying your outbound message traffic through the MailChannels Outbound Filtering. Use the command associated with your chosen operating system below:
Debian/Ubuntu:
username@azure-instance:~# /etc/init.d/postfix restart
RHEL/ CentOS:
username@azure-instance:~# postfix reload
Testing Postfix Relaying Before Introducing Production Traffic
1. Install the "mailx" or "mailutils" package for test your configuration to ensure it is working properly. Use the command below that is appropriate for your chosen operating system. You will need sudo permissions or if you are logged in with a root level account(not recommended) omit the sudo portion of the command:
Debian/Ubuntu:
username@azure-instance:~# sudo apt-get install mailutils -y
RHEL/CentOS:
username@azure-instance:~# sudo yum install mailx -y
2. Send a test text email through your modified Postfix relay using the following commands:
$ echo 'Test Message' > /tmp/test
$ mail -s 'Relay Config Test' <your@email.address.com> < /tmp/test
# tail -f /var/log/maillog
Replace <your@email.address.com> with an actual email address you own where the test message will be received.
The final command shows you the last lines in the /var/log/maillog file which contain your test transaction and results. Quickly verify that you are not seeing errors and that the test message was accepted and cleared from your local mail queues.
Check your inbox at the email address you used in the second command and verify that you received your test message with the subject: Relay Config Test.
If you received the message, you can find the logs in your MailChannels Customer Console under the LogSearch area with summary and delivery status. If you encountered errors in the maillog or did not received the message, ensure that your password file ownership and permissions are set correctly and that you ran the postmap command on the file before restarting/reloading Postfix. Should you need any further assistance, please open a support case with us by sending the details to support@mailchannels.com.
Comments
Please sign in to leave a comment.