Let’s say you’ve just installed your own virtual server running Postfix. Now you want to send mail from it to the outside world. You don’t want the work of running a full-blown mail server. That would be like delivering a letter in person, instead of letting the United States Postal Service pick it up. You want an easier way, one where you can hand off (relay) the mail, using a single e-mail account you already own.
Problem is, all mail services aren’t equal. Ones like Gmail are sophisticated and support the more recent TLS protocol. Many shared and budget hosting services don’t. They use an older SSL protocol, and Postfix isn’t designed to handle it. The solution is to create your own local SSL tunnel between Postfix and the relay server.
Install stunnel in Ubuntu or Debian with…
sudo apt-get install stunnel
Enable it on startup by editing
Create a .conf file in etc/stunnel directory. I named this one
11125 is our local port. The connect line has the fully qualified domain name and port number at the external relay host (SMTP server). Check with your e-mail or web hosting provider if you’re unsure. Cpanel has this information under “Email Accounts” in a “Configure Email Client” option:
[smtp-tls-wrapper] accept = 11125 client = yes connect: MY_SMTP_HOSTNAME:465
Optionally, if your tunnel doesn’t work, consider ading this line to
Put these lines in
/etc/postfix/main.cf and be sure to comment out any earlier ones that compete with them. The relayhost is
127.0.0.1), not the external relay server, because we will be creating a local tunnel for the SSL. Only
smtp (client) settings need to be tweaked; the
stmtpd (server) settings can be left alone, including the TLS configuration.
relayhost = [127.0.0.1]:11125 inet_interfaces = loopback-only # SASL Settings smtp_use_tls = yes smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl/sasl_passwd smtp_sasl_security_options =
SASL settings point to a password file, which we haven’t yet created. Let’s do that now, using the same email address from which we send messages. Change permissions (
chmod) on the file to
600 so that your password can’t be read by others:
Restart both servers:
sudo service stunnel4 restart sudo service postfix reload
Send a test message to an external e-mail account. I prefer
mutt mail client; you might use the
echo "This is the body of a test message" | mutt -s "Test message" username@domain_name
Check the mail logs (
tail -f /var/log/messages/) or your local mailbox (mutt) for errors.