Configure your local Postfix to relay through a transactional email service

Using Postfix with specialized, transactional email services like SendGrid or Mandrill is excellent for not only for optimizing email deliverability, but they usually also offer some nice features.

You may of course setup your web application, like WordPress, to use the external service, but this requires you to configure each application independently.

Some applications are not so easy to set up with an external service, though. A lot of OS tools that are setup to send you email notifications, warnings and statuses will simply use the servers’ locally installed MTA (i.e. Postfix for us).

Also Postfix automatically queues and retries emails which might fail due to temporary connection issues. Having your application dispatch email to a local MTA, makes it much more responsive, and you don’t have to think about handling temporary failures.

Configure Postfix

Configuring authenticated SMTP relay in Postfix is actually quite easy. You just need to add a few directives in the /etc/postfix/ configuration file.

smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = static:YourSMTPUsername:YourSMTPPassword
smtp_sasl_security_options = noanonymous
relayhost = []:587

Replace YourSMTPUsername and YourSMTPPassword with your SMTP credentials, and with your provider’s SMTP server.

While you’re at it, check these settings too:

smtp_use_tls = yes
mydestination = localhost

Restart Postfix, and you’re ready to go:

$ sudo service postfix restart

Update your SPF record

Remember to update your SPF record to include your provider’s servers.

For Mandrill, that would be adding and for SendGrid it is

Not sure what a SPF record is?

Sender Policy Framework (SPF) is an email authentication standard that compares the email sender’s IP address against a list of authorized addresses. The addresses is published in a TXT DNS record. To see what my SFP record looks like, type this in a terminal window:

$ dig txt

You should see something like this (subject to change):

"v=spf1 a mx -all"

This means that I’ve authorized any IP with a A or MX record for my domain, and includes the SPF records for Google, MailChimp and Mandrill.


Try sending yourself a test message:

$ mail -s Testing [email protected]

(type a message, end it with a single dot on a line or CTRL+D)

Last note

This has absolutely nothing to do with your regular email accounts for your domain. They will be handled separately on the servers defined in your MX records. This is just for outgoing emails sent by this particular server.


  1. I added this to my raspberrypi posfix conf:
    This config changes sender addresses from both local originated, and relayed SMTP mail traffic:


    sender_canonical_classes = envelope_sender, header_sender
    sender_canonical_maps = regexp:/etc/postfix/sender_canonical_maps
    smtp_header_checks = regexp:/etc/postfix/header_check

    Rewrite envelope address from email originating from the server itself


    /.+/ [email protected]

    Rewrite from address in SMTP relayed e-mail


    /From:.*/ REPLACE From: [email protected]

Comments are closed.