Enable Postfix Relay

akalbfell used Ask the Experts™
I have a Fedora 6 server with ISPConfig running on it. Postfix is my SMTP Server...I need to let users relay mail through Postfix from networks external to the server so they can use Outlook instead of the webmail. What needs to be changed in the Postfix config file to allow relay? Below is my main.cf file with all commented lines removed...

queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
mail_owner = postfix
inet_interfaces = all
unknown_local_recipient_reject_code = 550
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
debug_peer_level = 2
debugger_command =
     xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.3.3/samples
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
mynetworks =
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
virtual_maps = hash:/etc/postfix/virtusertable
mydestination = /etc/postfix/local-host-names

Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
You can specify a list of domains untrusted clients may relay to...
by default it is  ``mydestination''

postconf -e relay_domains=blahblahblah
postfix reload

You can specify which clients are automatically trusted or not by changing the ``mynetworks'' option.

You are advised to configure your outlook clients for SMTP/SASL authentication rather than opening your mailserver to trust the world for relay.

According to the smtpd_recipient_restrictions   line you have in the file, you have already permitted authenticated clients to relay.

See http://www.thecabal.org/~devin/postfix/smtp-auth.txt
skip straight to "4.  Configuring AUTH in the SMTP server (smtpd)"; assuming the postfix installed on your system already has the capability.

Check the contents of /usr/lib/sasl/smtpd.conf
if you see "saslauthd"
look for a process called "saslauthd" running

You can specify the authentication method  in /etc/sysconfig/saslauthd
using a line such as, for example


MECH=shadow      (the default in Redhat)

You may need to install and/or turn the service on.  

yum install cyrus-sasl

/etc/init.d/saslauthd start

chkconfig saslauthd on

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial