Instructions for updating the Postfix configuration to use MailChannels Outbound Filtering are provided in this article. Authentication with MailChannels is required and is relatively simple to setup.
For more advanced configuration scenarios, refer to the online Postfix documentation.
Password Map
The first step in this process is to create the password map. Postfix uses this for authentication. The MailChannels team will provide the SMTP username. The password for authentication can be generated by logging into the MailChannels Customer Console.
Create a text file password in /etc/postfix folder using the following command:
# touch /etc/postfix/password
The format of the client password file is space delimited and will contain the following:
#smtp.isp.com username:password
smtp.mailchannels.net <SMTP username>:<password>
Save and close the file. Set the following permissions on the password file to allow proper access.
- # chown root:root /etc/postfix/password
- # chmod 0600 /etc/postfix/password
- # postmap hash:/etc/postfix/password
Postfix Smarthost Authentication
An authenticated sender header is required to track sender reputation within the MailChannels system. These headers are added when the parameters exist in the configuration file. The configuration directives are appended to /etc/postfix/main.cf.
- relayhost = smtp.mailchannels.net
- smtp_sasl_auth_enable = yes
- smtp_sasl_password_maps = hash:/etc/postfix/password
- smtp_sasl_security_options = noanonymous
- smtpd_sasl_authenticated_header = yes
- smtp_tls_security_level = encrypt
The parameters used in the configuration directives are described in the following table.
| Parameter value | Description |
| relayhost = smtp.mailchannels.net | Relays all mail via smtp.mailchannels.net mail service. |
| smtp_sasl_auth_enable = yes | Indicates Cyrus-SASL support for authentication of mail servers. |
| smtp_sasl_password_maps = hash:/etc/postfix/password | Sets path to sasl_passwd. |
| smtp_sasl_security_options | When empty (default), allows Postfix to use anonymous and plain text authentication. |
| smtpd_sasl_authenticated_header = yes | Tells Postfix to log the authenticated user ID in the received header so that the user behavior and reputation are tracked. |
| smtp_tls_security_level: Encrypt | Optional. If there are issues connecting with this option, try disabling. |
You will need to save and close the file. Restart Postfix using the following command:
# /etc/init.d/postfix restart
Testing
Test your setup by sending a text email containing the following content:
$ echo 'This is a test.' > /tmp/test
$ mail -s 'Test' you@example.com < /tmp/test
# tail -f /var/log/mail.log
# rm /tmp/test
Helpful Hints
If you are getting no mechanism available error messages, you may be missing SASL authentication libraries.
If the operating system is Debian® or Ubuntu®, install the missing module dependency using apt-get:
# apt-get install libsasl2-modules
If the operating system is RedHat®, Fedora®, or CentOS®, obtain the following module using yum, the default package manager:
# yum install cyrus-sasl-plain
To specify only certain domains use change
relayhost = smtp.mailchannels.net
to
transport_maps = hash:/etc/postfix/transport
create /etc/postfix/transport in the format of
domain.com smtp:smtp.mailchannels.net
domain2.com smtp:smtp.mailchannels.net
then run
postmap hash:/etc/postfix/transport
Using this only remote domains listed in the transport file would be used.
Thank you I was able to get it configured and it is working now. The mail channels extension was a great tool to get the service working faster. I hope you reconsider updating and get it available in the near future.
Regards,
Javier Cota