Postfix Relay

Purpose: To make an existing working Postfix email server work as a relay for another Postfix email server.

Note: This documentation assumes there is already a working Postfix server able to send receive email via SASL authentication and with properly configured TLS.

Main Postfix relay server (relay.server.net)
adduser relay DenyUsers relay su relay echo "Subject: this is a test" | /usr/sbin/sendmail -v some@where.nice
 * Create user that will be used for the other Postfix server to authenticate itself:
 * Prevent ssh access for the user, in /etc/ssh/sshd_config, add:
 * Test that the relay user can indeed send email
 * If all cool you can proceed :)

Postfix server(s) that need to have their email relayed (sat.server.net)
sat.server.net [relay.server.net]:25 relayhost = [relay.server.net]:25  # THIS ONE SHOULD ALREADY BE IN smtp_tls_security_level = encrypt smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/smtp_auth smtp_sasl_security_options = noanonymous [relay.server.net]:25 relay:password chmod 600 /etc/postfix/smtp_auth postmap /etc/postfix/smtp_auth service postfix restart echo "Subject: this is a test from sat" | /usr/sbin/sendmail -v some@where.nice
 * Install postfix as Satellite system so it can send emails to the relay server (if postfix was already installed and you need to reset the current config you can use `dpkg-reconfigure postfix`)
 * Set the FQDN of the server that needs to have its emails relayed:
 * Give the FQDN of relay server:
 * Rest of config is up to specific taste, but do not use address extension.
 * Configure Postfix to use the smarthost with TLS by adding the following to /etc/postfix/main.cf:
 * Create the file /etc/postfix/smtp_auth to specify the account created in previous section:
 * Prepare file for postfix to use it (if you change it you need to re-run postmap):
 * restart Postfix:
 * try to send a mail from the sat server:

Running the relay on a different port
Sometimes the satellite server may be prevented to establish an outgoing connection with the relay server on port 25 or submission port 587. The workaround is to make the relay also accept incoming connection on another non-blocked port. 12345 inet n - y - - smtpd relayhost = [relay.server.net]:12345 [relay.server.net]:12345 relay:password postmap /etc/postfix/smtp_auth service postfix restart
 * On the relay server, allow listening on port 12345, edit /etc/postfix/master.cf, and below smtp entry, add:
 * On the satellite  server, edit /etc/postfix/main.cf and update the relay info:
 * On the satellite  server, edit /etc/postfix/smtp_auth and also update the relay info:
 * restart both Postfix servers

Troubleshooting
/var/log/mail.info # on relay and sat servers mail               # to check reports received by Postix on sat when using sendmail
 * If problems, the places to look for useful info are: