Configure Postfix to Send Mail Using an External SMTP Server

There are many reasons why you would want to configure Postfix to send email using an external SMTP provider such as Google Apps (Gmail), Mandrill, SendGrid, Amazon SES, or any other SMTP server. One reason is to avoid getting your mail flagged as spam if your current server’s IP has been added to a spam list.
In this tutorial, you will learn how to install and configure a Postfix server to send email through Google Apps, Mandrill, or SendGrid.

Prerequisites

Before starting this tutorial, you should have:

• Debian 7 installed on your Linode
• Your fully qualified domain name (FQDN)
• All updates installed :
  

  1	sudo apt-get update

• A valid username and password for the SMTP mail provider, such as Google Apps, Mandrill, or SendGrid
• Make sure the libsasl2-modules package is installed and up to date:
  

  1	sudo apt-get install libsasl2-modules

This guide is written for a non-root user. Commands that require elevated privileges are prefixed with sudo. If you’re not familiar with the sudo command, you can check our Users and Groups guide.

Installing Postfix

In this section, you will install Postfix and set the domain and hostname.

1. Install Postfix with the following command:
   

   1	sudo apt-get install postfix

2. During the installation, a prompt will appear asking for your General type of mail configuration.
   
   Select Internet Site.
   
3. Enter the fully qualified name of your domain, fqdn.example.com.
   
   
4. Once the installation is finished, open the /etc/postfix/main.cf file with your favorite text editor:
   

   1	sudo nano /etc/postfix/main.cf

5. Make sure that the myhostname parameter is configured with your server’s FQDN:
   

   /etc/postfix/main.cf

   1	myhostname = fqdn.example.com

Configuring SMTP Usernames and Passwords

Usernames and passwords are generally stored in a file called sasl_passwd in the /etc/postfix/ directory. In this section, you’ll add your external mail provider credentials to this file and to Postfix.
If you want to use Google Apps, Mandrill, or SendGrid as your SMTP provider, you may want to reference the appropriate example while working on this section.

1. Open or create the /etc/postfix/sasl_passwd file, using your favorite text editor:
   

   1	sudo nano /etc/postfix/sasl_passwd

2. Add your destination (SMTP Host), username, and password in the following format:
   

   /etc/postfix/sasl_passwd

   1	[mail.isp.example] username:password

   If you want to specify a non-default TCP Port (such as 587), then use the following format:
   

   /etc/postfix/sasl_passwd

   1	[mail.isp.example]:587 username:password

3. Create the hash db file for Postfix by running the postmap command:
   

   1	sudo postmap /etc/postfix/sasl_passwd

If all went well, you should have a new file named sasl_passwd.db in the /etc/postfix/ directory.

Securing Your Password and Hash Database Files

The /etc/postfix/sasl_passwd and the /etc/postfix/sasl_passwd.db files created in the previous steps contain your SMTP credentials in plain text.
For security reasons, you should change their permissions so that only the root user can read or write to the file. Run the following commands to change the ownership to root and update the permissions for the two files:

1 2	sudo chown root:root /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db sudo chmod 0600 /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db

Configuring the Relay Server

In this section, you will configure the /etc/postfix/main.cf file to use the external SMTP server.

1. Open the /etc/postfix/main.cf file with your favorite text editor:
   

   1	sudo nano /etc/postfix/main.cf

2. Update the relayhost parameter to show your external SMTP relay host. Important: If you specified a non-default TCP port in the sasl_passwd file, then you must use the same port when configuring the relayhost parameter.
   

   /etc/postfix/main.cf

   1 2	# specify SMTP relay host relayhost = [mail.isp.example]:587

   Check the appropriate Google Apps, Mandrill, or SendGrid section for the details to enter here.
   

3. At the end of the file, add the following parameters to enable authentication:
   

   /etc/postfix/main.cf

   1 2 3 4 5 6 7 8 9 10

   # enable SASL authentication smtp_sasl_auth_enable = yes # disallow methods that allow anonymous authentication. smtp_sasl_security_options = noanonymous # where to find sasl_passwd smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd # Enable STARTTLS encryption smtp_use_tls = yes # where to find CA certificates smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt

4. Save your changes.
5. Restart Postfix:
   

   1	sudo service postfix restart

Testing Postfix

The fastest way to test your configuration is to send an email to any unrelated email address, using the mail command:

1	echo "body of your email" | mail -s "This is a Subject" -a "From: you@example.com" recipient@elsewhere.com

Alternatively, you can use Postfix’s own sendmail implementation, by entering lines similar to those shown below:

1 2 3 4 5

sendmail recipient@elsewhere.com From: you@example.com Subject: Test mail This is a test email .

Examples of Postfix Configurations with Different Providers

This section shows you settings for some popular mail services you can use as external SMTP servers. You may have to do some fine-tuning on your own to avoid Postfix logins being flagged as suspicious.

Settings for Google Apps

Use these settings for Google Apps.

1. For /etc/postfix/sasl_passwd, use the following configuration with your own credentials:
   

   /etc/postfix/sasl_passwd

   1	[smtp.gmail.com]:587 <USERNAME@gmail.com>:PASSWORD

   If you are using Google Apps with your own domain, configure /etc/postfix/sasl_passwd with:
   

   /etc/postfix/sasl_passwd

   1	[smtp.gmail.com]:587 <USERNAME@yourdomain.com>:PASSWORD

2. For /etc/postfix/main.cf, use the following relayhost:
   

   /etc/postfix/main.cf

   1	relayhost = [smtp.gmail.com]:587

3. Create the hash db file for Postfix by running the postmap command:
   

   1	sudo postmap /etc/postfix/sasl_passwd

4. Restart Postfix:
   

   1	sudo service postfix restart

Settings for Mandrill

Use these settings for Mandrill.

1. For /etc/postfix/sasl_passwd, use the following configuration with your own credentials:
   

   /etc/postfix/sasl_passwd

   1	[smtp.mandrillapp.com]:587 USERNAME:API_KEY

2. For /etc/postfix/main.cf, use the following relayhost:
   

   /etc/postfix/main.cf

   1	relayhost = [smtp.mandrillapp.com]:587

3. Create the hash db file for Postfix by running the postmap command:
   

   1	sudo postmap /etc/postfix/sasl_passwd

4. Restart Postfix:
   

   1	sudo service postfix restart

Settings for SendGrid

Use these settings for SendGrid.

1. For /etc/postfix/sasl_passwd, use the following configuration with your own credentials:
   

   /etc/postfix/sasl_passwd

   1	[smtp.sendgrid.net]:587 USERNAME:PASSWORD

2. For /etc/postfix/main.cf, use the following relayhost:
   

   /etc/postfix/main.cf

   1	relayhost = [smtp.sendgrid.net]:587

3. Create the hash db file for Postfix by running the postmap command:
   

   1	sudo postmap /etc/postfix/sasl_passwd

4. Restart Postfix:
   

   1	sudo service postfix restart

Read more »

Posted in: Postfix

Use Telnet to test SMTP communication on Exchange servers(Copy: https://technet.microsoft.com/en-us/library/bb123686(v=exchg.160).aspx)

Exchange 2016

Other Versions

  Applies to: Exchange Server 2016
Topic Last Modified: 2016-08-09
Learn how to use Telnet to test SMTP connectivity and mail flow on Exchange servers.
You can use Telnet to test Simple Mail Transfer Protocol (SMTP) communication between messaging servers. SMTP is the protocol that's used to send email messages from one messaging server to another. Using Telnet can be helpful if you're having trouble sending or receiving messages because you can manually send SMTP commands to a messaging server. In return, the server will reply with responses that would be returned in a typical connection. These results can sometimes help you to figure out why you can't send or receive messages.
You can use Telnet to test SMTP communication to:

• Test mail flow from the Internet into your Exchange organization.
  
• Test mail flow from your Exchange to another messaging server on the Internet.
  

Tip:

Did you know that, instead of using Telnet to test SMTP connectivity, you can use the Microsoft Remote Connectivity Analyzer at https://testconnectivity.microsoft.com/? With the Remote Connectivity Analyzer, you can choose the connectivity test you want to do, in this case Inbound SMTP Email, and follow the instructions shown. It'll step you through the information you need to enter, run the test for you, and then give you the results. Give it a try!

What do you need to know before you begin?

• Estimated time to complete: 15 minutes
  
• Exchange permissions don't apply to the procedures in this topic. These procedures are performed in the operating system of the Exchange server or a client computer.
  
• This topic shows you how to use Telnet Client, which is included with Windows. Third-party Telnet clients might require syntax that's different from what's shown in this topic.
  
• The steps in this topic show you how to connect to an Internet-facing server that allows anonymous connections using TCP port 25. If you're trying to connect to this server from the Internet, you need to make sure your Exchange server is reachable from the Internet on TCP port 25. Similarly, if you're trying to reach a server on the Internet from your Exchange server, you need to make sure your Exchange server can open a connect to the Internet on TCP port 25.
  
• You might notice some Receive connectors that use TCP port 2525. These are internal Receive connectors and aren't used to accept anonymous SMTP connections.
  
• If you're testing a connection on a remote messaging server, you should run the steps in this topic on your Exchange server. Remote messaging servers are often set up to make sure the IP address where the SMTP connection is coming from matches the domain in the sender's email address.
  
• For information about keyboard shortcuts that may apply to the procedures in this topic, see Keyboard shortcuts in the Exchange admin center.
  

Tip:
Having problems? Ask for help in the Exchange forums. Visit the forums at: Exchange Server, Exchange Online, or Exchange Online Protection.

How do you do this?

Step 1: Install the Telnet Client on your computer

On most versions of Windows, you'll need to install the Telnet client before you can use it. To install it, see Install Telnet Client.

Step 2: Find the FQDN or IP address of the destination SMTP server

To connect to an SMTP server by using Telnet on port 25, you need to use the fully-qualified domain name (FQDN) (for example, mail.contoso.com) or the IP address of the SMTP server. If you don't know the FQDN or IP address, you can use the Nslookup command-line tool to find the MX record for the destination domain.

Note:
Network policies might prevent you from using the Nslookup tool to query public DNS servers on the Internet. As an alternative, you can use one of the freely-available DNS lookup or MX record lookup web sites on the Internet.

1. At a command prompt, type nslookup, and then press Enter. This command opens the Nslookup session.
   
2. Type set type=mx, and then press Enter.
   
3. Type the name of the domain for which you want to find the MX record. For example, to find the MX record for the fabrikam.com domain, type fabrikam.com., and then press Enter.
   

   Note:
   When you use a trailing period ( . ), you prevent any default DNS suffixes from being unintentionally added to the domain name.

   The output of the command looks like this:
   
   fabrikam.com mx preference=10, mail exchanger = mail1.fabrikam.com
   fabrikam.com mx preference=20, mail exchanger = mail2.fabrikam.com
   mail1.fabrikam.com internet address = 192.168.1.10
   mail2 fabrikam.com internet address = 192.168.1.20
   

   You can use any of the host names or IP addresses that are associated with the MX records as the destination SMTP server. A lower value for preference (preference = 10 vs. 20) indicates a preferred SMTP server. Multiple MX records and different values of preference are used for load balancing and fault tolerance.
   
4. When you're ready to end the Nslookup session, type exit, and then press Enter.
   

Step 3: Use Telnet on Port 25 to test SMTP communication

In this example, we're going to use the following values. When you run the commands on your server, replace these values with ones for your organization's SMTP server, domain, etc.

• Destination SMTP server   mail1.fabrikam.com
  
• Source domain   contoso.com
  
• Sender's e-mail address   chris@contoso.com
  
• Recipient's e-mail address   kate@fabrikam.com
  
• Message subject   Test from Contoso
  
• Message body   This is a test message
  

Tip:

The commands in the Telnet Client aren't case-sensitive. The SMTP command verbs in this example are capitalized for clarity. You can't use the backspace key in the Telnet session after you connect to the destination SMTP server. If you make a mistake as you type an SMTP command, you need to press Enter, and then type the command again. Unrecognized SMTP commands or syntax errors result in an error message that looks like this: 500 5.3.3 Unrecognized command

1. Open a Command Prompt window, type telnet, and then press Enter.
   This command opens the Telnet session.
   
2. Type set localecho, and then press Enter.
   This optional command lets you view the characters as you type them, and it might be required for some SMTP servers.
   
3. Type set logfile <filename>, and then press Enter.
   This optional command enables logging and specifies the log file for the Telnet session. If you only specify a file name, the log file is located in the current folder. If you specify a path and file name, the path needs to be on the local computer, and you might need to enter the path and file name in the Windows DOS 8.3 format (short name with no spaces). The path needs to exist, but the log file is created automatically.
   
4. Type OPEN mail1.fabrikam.com 25, and then press Enter.
   
5. Type EHLO contoso.com, and then press Enter.
   
6. Type MAIL FROM:chris@contoso.com, and then press Enter.
   
7. Type RCPT TO:kate@fabrikam.com NOTIFY=success,failure, and then press Enter.
   The optional NOTIFY command specifies the particular delivery status notification (DSN) messages (also known as bounce messages, nondelivery reports, or NDRs) that the SMTP is required to provide. In this example, you're requesting a DSN message for successful or failed message delivery.
   
8. Type DATA, and then press Enter.
   
9. Type Subject: Test from Contoso, and then press Enter.
   
10. Press Enter again.
    A blank line is needed between the Subject: field and the message body.
    
11. Type This is a test message, and then press Enter.
    
12. Type a period ( . ), and then press Enter.
    
13. To disconnect from the SMTP server, type QUIT, and then press Enter.
    
14. To close the Telnet session, type quit, and then press Enter.
    

Here's what a successful session using the steps above looks like:

C:\Windows\System32> telnet

Microsoft Telnet> set localecho
Microsoft Telnet> set logfile c:\TelnetTest.txt
Microsoft Telnet> OPEN mail1.fabrikam.com 25

220 mail1.fabrikam.com Microsoft ESMTP MAIL Service ready at Fri, 5 Aug 2016 16:24:41 -0700
EHLO contoso.com
250-mail1.fabrikam.com Hello [172.16.0.5]
250-SIZE 37748736
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-STARTTLS
250-X-ANONYMOUSTLS
250-AUTH NTLM
250-X-EXPS GSSAPI NTLM
250-8BITMIME
250-BINARYMIME
250-CHUNKING
250 XRDST
MAIL FROM: chris@contoso.com
250 2.1.0 Sender OK
RCPT TO: kate@fabrikam.com NOTIFY=success,failure
250 2.1.5 Recipient OK
DATA
354 Start mail input; end with <CRLF>.<CRLF>
Subject: test
   
This is a test message.
.
250 2.6.0 <c89b4fcc-3ad1-4758-a1ab-1e820065d622@mail1.fabrikam.com> [InternalId=5111011082268, Hostname=mail1.fabrikam.com] Queued mail for delivery
QUIT
221 2.0.0 Service closing transmission channel

Step 4: Success and error messages in the Telnet Session

This section provides information about the success and failure responses to the commands that were used in the previous example.

Note:
The three-digit SMTP response codes that are defined in RFC 5321 are the same for all SMTP messaging servers, but the text descriptions in the responses might be slightly different.

SMTP reply codes

SMTP servers respond to commands with a variety of numerical reply codes in the format of x.y.z where:

• X indicates whether the command was good, bad, or incomplete.
• Y indicates the kind of response that was sent.
• Z provides additional information about the command

When a response is received by the server that opened the connection, it can tell whether the remote server accepted the command and is ready for the next one, or if an error occurred.
The first digit (X) is particularly important to understand because it indicates the success or failure of the command that was sent. Here are its possible values, and their meanings.

 

Reply code	Meaning
2.y.z	The command that was sent was successfully completed on the remote server. The remote server is ready for the next command.
3.y.z	The command was accepted but the remote server needs more information before the operation can be completed. The sending server needs to send a new command with the needed information.
4.y.z	The command wasn't accepted by the remote server for a reason that might be temporary. The sending server should try to connect again later to see if the remote server can successfully accept the command. The sending server will continue to retry the connection until either a successful connection is completed (indicated by a 2.y.z code) or fails permanently (indicated by a 5.y.z code). An example of a temporary error is low storage space on the remote server. Once more space is made available, the remote server should be able to successfully accept the command.
5.y.z	The command wasn't accepted by the remote server for a reason that is isn't recoverable. The sending server won't retry the connection and will send a non-delivery report back to the user who sent the message. An example of an unrecoverable error is a message that's sent to an email address that doesn't exist.

The table above is based on information provided by RFC 5321 (Simple Mail Transfer Protocol), section 4.2.1. Additional information, including descriptions of the second (Y) and third (Z) digits of SMTP reply codes is included in this section, and in sections 4.2.2 and 4.2.3.

OPEN command

Successful response   220 mail1.fabrikam.com Microsoft ESMTP MAIL Service ready at <day-date-time>
Failure response   Connecting to mail1.fabrikam.com...Could not open connection to the host, on port 25: Connect failed
Possible reasons for failure

• The destination SMTP service is unavailable.
  
• Restrictions on the destination firewall.
  
• Restrictions on the source firewall.
  
• Incorrect FQDN or IP address for the destination SMTP server.
  
• Incorrect port number.
  

EHLO command

Successful response   250 mail1.fabrikam.com Hello [<sourceIPaddress>]
Failure response   501 5.5.4 Invalid domain name
Possible reasons for failure

• Invalid characters in the domain name.
  
• Connection restrictions on the destination SMTP server.
  

Note:

EHLO is the Extended Simple Message Transfer Protocol (ESMTP) verb that's defined in RFC 5321. ESMTP servers can advertise their capabilities during the initial connection. These capabilities include the maximum accepted message size and supported authentication methods. HELO is the older SMTP verb that is defined in RFC 821. Most SMTP messaging servers support ESMTP and EHLO. If the non-Exchange server that you're trying to connect to doesn't support EHLO, you can use HELO instead.

MAIL FROM command

Successful response   250 2.1.0 Sender OK
Failure response   550 5.1.7 Invalid address
Possible reasons for failure   A syntax error in the sender's e-mail address.
Failure response   530 5.7.1 Client was not authenticated
Possible reasons for failure   The destination server doesn't accept anonymous message submissions. You receive this error if you try to use Telnet to submit a message directly to a Mailbox server that doesn't have a Receive connector that's configured to accept anonymous connections.

RCPT TO command

Successful response   250 2.1.5 Recipient OK
Failure response   550 5.1.1 User unknown
Possible reasons for failure   The specified recipient doesn't exist.

Read more »

Posted in: Chec Mail,Exchange,Lotus Dominino,Lotus Notes