Project

General

Profile

Actions

Email

Configuring SASL Password File and Postfix for Various SMTP Servers

The process of setting up the SASL password file and configuring Postfix to use an external SMTP server for email sending is adaptable for use with most SMTP servers,

Open the Terminal on your server where Postfix is installed.

While the core principles and steps remain the same, adjustments may be necessary to accommodate the specific requirements of different SMTP providers.

Step 1: Create or Edit the SASL Password File:

You need to create a file named sasl_passwd in the /etc/postfix/ directory.
This file will contain the SMTP server details and the credentials used for authentication.
Use a text editor to open or create this file. For example, using nano:

sudo nano /etc/postfix/sasl_passwd

Enter the SMTP Server and Credentials:

Inside the sasl_passwd file, you'll need to specify the SMTP server and your credentials in the following format:

[smtp.gmail.com]:587 [email protected]:yourapppassword

For Office 365: [smtp.office365.com]:587
For Yahoo Mail: [smtp.mail.yahoo.com]:587

Replace with your actual mail address.
Replace yourapppassword with the app password you generated from your mail account.
Ensure you have enabled 2-step verification and generated an app password specifically for this use.

Step 2: Secure the SASL Password File
Set Appropriate Permissions:

It's important to secure this file since it contains sensitive information.
You should set the permissions so that only the root user can read and write to this file:

sudo chmod 600 /etc/postfix/sasl_passwd

Create a Hash Database File for Postfix:

Postfix does not use the sasl_passwd file directly.
Instead, it uses a hash database file that you need to generate from the sasl_passwd file:

sudo postmap /etc/postfix/sasl_passwd

This command creates a file named sasl_passwd.db in the same directory.
Postfix will use this hashed version for authentication.

Step 3: Configure Postfix to Use the SASL Password File

Edit the Postfix Configuration File:

Open the main Postfix configuration file, main.cf, located in /etc/postfix/:

sudo nano /etc/postfix/main.cf

Add or ensure these lines are present in the file:
makefile

smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_use_tls = yes
smtp_tls_security_level = encrypt
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt

These settings enable SASL authentication,
specify the location of the SASL password map,
enforce the use of encryption,
and specify the CA certificates file for TLS.

Step 4: Reload Postfix to Apply Changes
After making all these changes, you need to reload Postfix to apply them:

sudo systemctl reload postfix

Step 5: Test Email Sending
Finally, test to ensure that emails can be sent using the configured SMTP server:

echo "Test email from Postfix" | mail -s "Test Email" [email protected]

Replace with an actual email address where you can check the inbox to confirm receipt of the test email.

Updated by Gareth Eaton about 1 month ago · 2 revisions