Network Guys

Share your knowledge!

Using different smarthosts in your mail environment

Hello guys! I was asked how to configure multiple domains on a Microsoft Exchange server. The reception is very easy: Add the new domain name to your Exchange server and configure your POPcon to collect the mails or configure the MX DNS entry of this domain to your fixed WAN IP. But what about sending different mail domains over different smarthosts? This feature is not included in the Exchange server and can only added via third-party tools. And i thought “Isn’t it possible to do it with tiny postfix server?” (I’ve never configured a postfix server and I have only a few linux knowledge ^^). So ok, let’s start with our experiment.

I installed Debian with Gnome in my VMware Workstation environment and installed postfix. Open Terminal and change to root user:

su -
apt-get update
apt-get install postfix

after this you can edit your configuration and add your provider smarthosts. Open the main.cf file with nano:

nano /etc/postfix/main.cf

When the setup wizards starts, choose “no configuration” we want to do it by our own ;) This is my whole configuration (bold lines were very relevant while troubleshooting ^^):

# See /usr/share/postfix/main.cf.dist for a commented, more complete version

# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

smtp_tls_security_level = may
smtp_tls_policy_maps = hash:/etc/postfix/tls_policy

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = debian
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination = debian, localhost.localdomain, , localhost
#relayhost =

sender_dependent_relayhost_maps = hash:/etc/postfix/relayhost_maps
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_password
smtp_sasl_security_options =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 10.10.10.0/24 192.168.0.0/16

mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
message_size_limit = 0
virtual_mailbox_limit = 0
recipient_delimiter = +
inet_interfaces = all

I allowed the complete internal network. You should only add your server in “mynetworks”. After this we need to create the list relayhosts and the logins. Create/open the relayhost_maps file in the postfix folder:

nano /etc/postfix/relayhost_maps
@networkguy.de [smtp.strato.de]
@gmx.de [mail.gmx.net]:587

this smarthosts need login data, so create/open a file called “sasl_password”:

nano /etc/postfix/sasl_password
smtp.strato.de michel[put in the "at"-symbol here]networkguy.de:MySuperPassword
[mail.gmx.net]:587 xxx[put in the "at"-symbol here]gmx.de:MySuperPassword

I also needed to create the tls_policy file because the SMTP server from GMX only allows encrypted communication:

nano /etc/postfix/tls_policy
mail.gmx.net:587 encrypt

save the files with Ctrl+O and exit the texteditor nano. Now we need to convert this files to a binary database format:

postmap /etc/postfix/relayhost_maps
postmap /etc/postfix/sasl_passwd
postmap /etc/postfix/tls_policy

reload the postfix server:

service postfix restart

at this point, we can test the postfix server. Open the live log on the debian server:

tail -f /var/log/mail.log

I’m using the windows tool SendSMTP from John Buoro, VirtualObjectives to test the mailing. Configure the IP address of your debian server in the settings:

and write a test mail:

If you look at the log file, you can see if your test runs well:

Jul 25 13:28:38 debian postfix/smtpd[1555]: connect from unknown[192.168.88.1]
Jul 25 13:28:38 debian postfix/smtpd[1555]: 492E161710: client=unknown[192.168.88.1]
Jul 25 13:28:38 debian postfix/cleanup[1558]: 492E161710: message-id=<>
Jul 25 13:28:38 debian postfix/qmgr[1500]: 492E161710: from=<xxx[at-symbol]gmx.de>, size=466, nrcpt=1 (queue active)
Jul 25 13:28:38 debian postfix/smtpd[1555]: disconnect from unknown[192.168.88.1]
Jul 25 13:28:38 debian postfix/smtp[1559]: 492E161710: to=<michel[at-symbol]networkguy.de>, relay=mail.gmx.net[212.227.17.168]:587, delay=0.58, delays=0.08/0.05/0.35/0.1, dsn=2.0.0, status=sent (250 Requested mail action okay, completed: id=0LguAU-1duRFo272k-00oJ8q)
Jul 25 13:28:38 debian postfix/qmgr[1500]: 492E161710: removed

aaaaaaaaand I got the mail:

Maybe you will have problems with SSL ports and authentication. Check the postfix logs and correct your “relayhost_maps”, “sasl_passwd” and “tls_policy” file. Don’t forget to delete (rm filename.db) the .db-files and postmap again. You can also install this on your Raspberry Pi if you want. I think this is a very nice service to relay from different mail domains without buying a third-party-tool. In your Exchange server, change your send connector for “*” to the debian server.

You need help with your postfix server or Debian installation? Feel free to write in the comments below.

Leave a Reply

Click on the button to load the content from jetpack.wordpress.com.

Load content

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Certificates

ekahau Certified Survey Engineer
ATP_wsrgb
ACMP2
suca
Post Categories
Post Archives