When sending an email to a recipient in an external domain, such as @hotmail.com, the email must be routed over the Internet. By default, some external domains will refuse emails that are sent from a server that has a dynamic IP address. In this example, when attempting to send an email to jane.doe@hotmail.com, the Postfix email logs identify that Hotmail refused the email because the email was sent from a server with a dynamic IP address.
[root@server1 ~]# tail /var/log/maillog
Aug 16 10:05:49 example postfix/smtp[6660]: 894C4BA14E8: to=, relay=mx1.hotmail.com[65.68.12.214]:25, delay=119, delays=117/0.03/2.2/0.25, dsn=5.0.0, status=bounced (host mx1.hotmail.com[65.68.12.214] said: 550 DY-001 (SNT004-MC1F35) Unfortunately, messages from 76.45.12.78 were not sent. Please contact your Internet service provider. You can tell them that Hotmail does not relay dynamically-assigned IP ranges. You can also refer your provider to http://mail.live.com/mail/troubleshooting.aspx#errors. (in reply to MAIL FROM command))
Relaying emails through a third party resolves this issue.
Typically, you will relay emails through:
- Your Internet Service Provider (ISP)
- Your domain name registrar
Following are a few examples of how to configure the /etc/postfix/main.cf file to relay an email through a trusted third party.
relayhost = [mail.twc.com]:587 #Time Warner Cable ISP
relayhost = [smtp.godaddy.com]:587 #Go Daddy registrar
relayhost = [smtp.1and1.com]:587 #1and1 registrar
Some ISPs will provide email relay, some will not. Some registrars will provide email relay for free, some will charge to use the relay. You will need to consult with your ISP or registrar to determine if they provide an email relay service and if there is a cost to relay emails. Once you have selected an ISP or registrar to relay emails through, you will need the following information:
- DNS name of the relay, such as mail.twc.com, smtp.godaddy.com, smtp.godaddy.com
- Your username for the email relay service. Contact your ISP or registrar to get your username.
- Your password for the email relay service. Contact your ISP or registrar to get your password.
Create the sasl_passwd file:
~]# touch /etc/postfix/sasl_passwd
Add the following line to the sasl_passwd file:
- Replace example with the DNS name for the ISP or registrar
- Replace username with your username
- Replace password with your password
[smtp.example.com]:587 username:password
Create the sasl_passwd.db file:
~]# postmap /etc/postfix/sasl_passwd
The username and password in the sasl_passwd and sasl_passwd.db files are in plaintext, so we should ensure that only root and read and write these files.
~]# chown root:root /etc/postfix/sasl_passwd
~]# chown root:root /etc/postfix/sasl_passwd.db
~]# chmod 600 /etc/postfix/sasl_passwd
~]# chmod 600 /etc/postfix/sasl_passwd.db
The strings command can be used to confirm that the sasl_passwd.db files was updated to contain your username and password.
~]# strings /etc/postfix/sasl_passwd.db
username:password
[smtp.example.com]:587
Restart Postfix, and ensure Postfix is active and running.
~]# systemctl restart postfix
~]# systemctl status postfix
Send an email:
- Click here to send an email using OpenSSL
View the journal to ensure the email was successfully sent. In this example, the journal is checked for an email sent to jane.doe@example.com, and the status of the email is sent.
~]# journalctl | grep jane.doe@example.com
May 12 19:59:10 mail.example.com postfix/smtp[27836]: E56D660173: to=<jane.doe@example.com>, relay=mail.twc.com[107.14.73.68]:587, delay=21, delays=20/0.13/0.24/0.24, dsn=2.0.0, status=sent (250 2.0.0 OK FC/59-29375-E5A56195)