Help Center

Setting up for Postfix

Instructions for updating the Postfix configuration to use MailChannels Outbound Filtering are provided in this article. Authentication with MailChannels is required and is relatively simple to setup.

For more advanced configuration scenarios, refer to the online Postfix documentation.

Password Map

The first step in this process is to create the password map. Postfix uses this for authentication. The MailChannels team will provide the SMTP username. The password for authentication can be generated by logging into the MailChannels Customer Console.

Create a text file password in /etc/postfix folder using the following command:

# touch /etc/postfix/password

The format of the client password file is space delimited and will contain the following:       username:password    <SMTP username>:<password>

Save and close the file. Set the following permissions on the password file to allow proper access.

  • # chown root:root /etc/postfix/password
  • # chmod 0600 /etc/postfix/password
  • # postmap hash:/etc/postfix/password

Postfix Smarthost Authentication

An authenticated sender header is required to track sender reputation within the MailChannels system. These headers are added when the parameters exist in the configuration file. The configuration directives are appended to /etc/postfix/

  • relayhost =
  • smtp_sasl_auth_enable = yes
  • smtp_sasl_password_maps = hash:/etc/postfix/password
  • smtp_sasl_security_options = noanonymous
  • smtpd_sasl_authenticated_header = yes
  • smtp_tls_security_level = encrypt

The parameters used in the configuration directives are described in the following table.

Parameter value Description
relayhost = Relays all mail via mail service.
smtp_sasl_auth_enable = yes Indicates Cyrus-SASL support for authentication of mail servers.
smtp_sasl_password_maps = hash:/etc/postfix/password Sets path to sasl_passwd.
smtp_sasl_security_options When empty (default), allows Postfix to use anonymous and plain text authentication.
smtpd_sasl_authenticated_header = yes Tells Postfix to log the authenticated user ID in the received header so that the user behavior and reputation are tracked.
smtp_tls_security_level: Encrypt Optional. If there are issues connecting with this option, try disabling.

You will need to save and close the file. Restart Postfix using the following command:

# /etc/init.d/postfix restart


Test your setup by sending a text email containing the following content:

$ echo 'This is a test.' > /tmp/test

$ mail -s 'Test' < /tmp/test

# tail -f /var/log/mail.log

# rm /tmp/test

Helpful Hints

If you are getting no mechanism available error messages, you may be missing SASL authentication libraries.

If the operating system is Debian® or Ubuntu®, install the missing module dependency using apt-get:

#  apt-get install libsasl2-modules

If the operating system is RedHat®, Fedora®, or CentOS®, obtain the following module using yum, the default package manager:

# yum install cyrus-sasl-plain


Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request


  • Avatar
    John Quaglieri

    To specify only certain domains use change

    relayhost =


    transport_maps = hash:/etc/postfix/transport

    create /etc/postfix/transport in the format of

    then run
    postmap hash:/etc/postfix/transport

    Using this only remote domains listed in the transport file would be used.

    Comment actions Permalink
  • Avatar
    Javier Cota

    Thank you I was able to get it configured and it is working now. The mail channels extension was a great tool to get the service working faster. I hope you reconsider updating and get it available in the near future.

    Javier Cota

    Comment actions Permalink

Please sign in to leave a comment.