Configure your local Postfix to relay through a transactional email service

Using Postfix with specialized, transactional email services like SendGrid or Mandrill is excellent for not only for optimizing email deliverability, but they usually also offer some nice features.

You may of course setup your web application, like WordPress, to use the external service, but this requires you to configure each application independently.

Some applications are not so easy to set up with an external service, though. A lot of OS tools that are setup to send you email notifications, warnings and statuses will simply use the servers’ locally installed MTA (i.e. Postfix for us).

Also Postfix automatically queues and retries emails which might fail due to temporary connection issues. Having your application dispatch email to a local MTA, makes it much more responsive, and you don’t have to think about handling temporary failures.

Configure Postfix

Configuring authenticated SMTP relay in Postfix is actually quite easy. You just need to add a few directives in the /etc/postfix/ configuration file.

smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = static:YourSMTPUsername:YourSMTPPassword
smtp_sasl_security_options = noanonymous
relayhost = []:587

Replace YourSMTPUsername and YourSMTPPassword with your SMTP credentials, and with your provider’s SMTP server.

While you’re at it, check these settings too:

smtp_use_tls = yes
mydestination = localhost

Restart Postfix, and you’re ready to go:

$ sudo service postfix restart

Update your SPF record

Remember to update your SPF record to include your provider’s servers.

For Mandrill, that would be adding and for SendGrid it is

Not sure what a SPF record is?

Sender Policy Framework (SPF) is an email authentication standard that compares the email sender’s IP address against a list of authorized addresses. The addresses is published in a TXT DNS record. To see what my SFP record looks like, type this in a terminal window:

$ dig txt

You should see something like this (subject to change):

"v=spf1 a mx -all"

This means that I’ve authorized any IP with a A or MX record for my domain, and includes the SPF records for Google, MailChimp and Mandrill.


Try sending yourself a test message:

$ mail -s Testing [email protected]

(type a message, end it with a single dot on a line or CTRL+D)

Last note

This has absolutely nothing to do with your regular email accounts for your domain. They will be handled separately on the servers defined in your MX records. This is just for outgoing emails sent by this particular server.

Published by

Bjørn Johansen

Bjørn has been a full-time web developer since 2001, and have during those years touched many areas including consulting, training, project management, client support, and DevOps. He has worked with WordPress for more than 13 years, and he is a plugin author, core contributor, WordCamp speaker, WordCamp co-organizer and Translation Editor for Norwegian Bokmål.

1 Comment

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.