SMTP

setup Postfix SMTP relay server

In this article I will teach you how to host your own SMTP relay server. Maybe you are like me and want to self-host your own email server but sadly your ISP blocks outgoing SMTP server (port 25) and really all you have left is either give up or use 3rd party service for outgoing SMTP server. So today I will show you how to be your own outgoing SMTP server :)

Before we start I will assume you already have a mail client (something like mailcow) and already added needed DNS records in order for our email to work (MX dns records and other needed ones)

Prerequisites

  • Debian 11 Server with SMTP port unblocked
  • Domain name
  • Root access (we will install some stuff

Step 0 - Initial setup

  1. Make sure our system is up-to-date
apt-get update
apt-get upgrade
  1. Copy our VPS's IP and go to our domain settings and make an A record DNS entery for our SMTP server, something like
A smtp.example.com 10.0.0.1 3h

A: is our DNS type

smtp.example.com: our SMTP domain (we need it later) it's something like smtp.gmail.com

10.0.0.1: our VPS's IP

3h: time-to-live for our DNS record

Step 1 - Check SMTP port

So to check if we have SMTP port open or not, we simply need to install telnet package by running:

apt install telnet

then run this commandline:

telnet smtp.gmail.com 25

(this commandline will make a connection with gmail's SMTP server, if it connected that means we have SMTP port opened)

Step 2 - Install and configure Postfix

  1. Install mailutils and postfix
apt install mailutils postfix

Hit ok

then Select Internet Site

in mail name add your main domain name, something like exmaple.org

  1. open /etc/postfix/main.cf and change mydestination from:
mydestination = $myhostname, example.com, localhost.com, , localhost

to:

mydestination = $myhostname, localhost.$mydomain, $mydomain

and add this line in our main.cf file

mydomain = exmaple.com

change example.com to your main domain not sub domain (ex: exmaple.com)

and then make sure these lines exist in our main.cf file (If not, simply add them):

smtpd_sasl_auth_enable = yes
smtpd_sasl_path = smtpd
  1. Make sure postfix is running in chroot

Open /etc/postfix/master.cf and make sure to change smtp line from:

smtp inet n - n - - smtpd

to:

smtp inet n - - - - smtpd
  1. Change port of SMTP. If you are like me, probably your ISP is blocking outgoing SMTP port (we can't connect to sites via 25 port) so we need to change our SMTP port in postfix so we can connect to it by a different port number.

Open /etc/postfix/master.cf and copy smtp line:

smtp inet n - - - - smtpd

and change it to:

587 inet n - - - - smtpd

587 is our port number and we can change it to whatever we want.

  1. Restart postfix
systemctl restart postfix
  1. Test if we can send email or not
echo "This is the body of our email" | mail -s "This is the subject" your_email_address

your_email_address is your email address, something like tim@example.org

Step 3 - Setup SASL

  1. Install libsasl2-modulespostfix and sasl2-bin
apt install libsasl2-modules postfix sasl2-bin
  1. Create a file: /etc/postfix/sasl/smtpd.conf
nano /etc/postfix/sasl/smtpd.conf

and paste:

pwcheck_method: auxprop
auxprop_plugin: sasldb
mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5 NTLM
  1. Setup a separate saslauthd process to be used from Postfix

3.1. Create a copy of saslauthd's config file

cp /etc/default/saslauthd /etc/default/saslauthd-postfix

3.2. and edit it to:

START=yes
DESC="SASL Auth. Daemon for Postfix"
NAME="saslauthd-postf"      # max. 15 char.
MECHANISMS="sasldb"
# Option -m sets working dir for saslauthd (contains socket)
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd"        # postfix/smtp in chroot()

3.3. remove the old saslauthd

rm -rf /run/saslauthd

3.4. make a softlink of our new saslauthd (that we created for postfix)

ln -s /var/spool/postfix/var/run/saslauthd   /run/saslauthd

When we restart our server this link will get deleted so make sure we create it again by running same code

  1. Create required subdirectories in postfix chroot directory:
dpkg-statoverride --add root sasl 710 /var/spool/postfix/var/run/saslauthd
  1. Add the user "postfix" to the group "sasl":
adduser postfix sasl
  1. Restart saslauthd:
service saslauthd  restart
  1. Edit Postfix configuration:
postconf -e 'smtpd_sasl_local_domain = $myhostname'
postconf -e 'smtpd_sasl_auth_enable = yes'
postconf -e 'broken_sasl_auth_clients = yes'
postconf -e 'smtpd_sasl_security_options = noanonymous'
postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination'
  1. Restart postfix:
service postfix restart

Step 4 - Create user in SASL

  1. run saslpasswd2 and type password you wish to use!
saslpasswd2 -c -u smtp.example.org username

smtp.example.org: is our own SMTP domain we have created in step 0

username: is our username to connect via it

  1. Make sure our user got created:
sasldblistusers2
  1. Test we can login by our new SMTP login details:
testsaslauthd -u username -r smtp.example.org -p XXX

username: our username we created

smtp.example.org: our domain name we created

XXX: is our password we created

and You should get return of 0: OK "Success."

Conclusion

And this is it, you are done. Congrats now you own your inbox, sending and receiving emails to your friends. It's kind of hard yes I admit it but it's totally worth it, right?

If you have unexpected behaviors you can read logs, you will find postfix logs at /var/log/mail.log and SASL logs at /var/log/auth.log.