Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - Robert Keefe

Pages: [1]
Postfix / How I setup my port 465 smtp relay December 2020 - fresh install
« on: December 13, 2020, 11:18:52 PM »
I recently rebuilt my server with a fresh install of CWP. I figure I'd take advantage to redo some of the ways I previously did things. I found the SMTP relay easier than last build but still had errors along the way. These settings worked for me using a 3rd party SMTP relay service and port 465. I do not know if these settings will work with port 587 as my relay provider does not support port 587. But maybe it will help some of you.

CentOS Version = 7

Postfix Version (bundled at the time of writing with CWP) = 3.4.7

Outgoing SMTP Relay Port: 465 (Some services use 587. I have not tested this because my service uses 465.)

I found many guides online how to do this but there must be some version differences over time because none of them worked right. So I made this guide.

1.) Add or modify these lines in the /etc/postfix/main.conf file.


Code: [Select]
#Make sure these files match the proper names in the directory.
smtpd_tls_key_file = /etc/pki/tls/private/hostname.csr
smtpd_tls_cert_file = /etc/pki/tls/certs/hostname.bundle

#Put your smtp relay followed by the port number (this line uses port 465 but some services use 587)
relayhost =

# enable SASL authentication
smtp_sasl_auth_enable = yes
# disallow methods that allow anonymous authentication.
smtp_sasl_security_options = noanonymous
# where to find sasl_passwd
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
# Enable STARTTLS encryption
smtp_use_tls = yes
# where to find CA certificates
smtp_tls_CAfile = /etc/ssl/certs/ca-bundle.crt

smtp_tls_wrappermode = yes
smtp_tls_security_level = encrypt

*Don’t forget to save and restart Postfix before testing changes.

These are the exact settings I needed to get TLS handshakes established for both incoming and outgoing mail.

2.) Create sasl_passwd hash file.

Create the file “sasl_passwd” in the /etc/postfix/ directory.

Add the following line to the file. Replace ‘’ with the smtp relay server. Replace ‘username’ with the username your smtp relay service gave you. Replace ‘password’ with the password they gave you or you assigned at your smtp service.

Code: [Select] username:password
Save and close the file.

Run the following command:

Code: [Select]
sudo postmap /etc/postfix/sasl_passwd
This will hash your username and password.

Now run the following commands:

Code: [Select]
sudo chown root:root /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db
sudo chmod 0600 /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db

This will protect the access permissions for the files you just created with your username and password.

*Don’t forget to save and restart Postfix before testing changes.

3.) Install cyrus-sasl-plain

I did not find this in any guide. I just kept getting error messages and tracked them down to missing this. Run this in your CentOS terminal to install.

Code: [Select]
yum install cyrus-sasl-plain
*Don’t forget to save and restart Postfix before testing changes.

Pages: [1]