How to Configure Postfix as a Relay Host for External SMTP Clients on CentOS


11 views

When setting up Postfix to accept mail from other machines in your network, the primary configuration file you'll work with is /etc/postfix/main.cf. The key parameter here is mynetworks, which defines which IP addresses are allowed to relay mail through your server.

First, edit your main.cf file:

# nano /etc/postfix/main.cf

Add or modify these parameters:

inet_interfaces = all
mynetworks = 127.0.0.0/8, 192.168.1.0/24
relayhost = 
smtpd_relay_restrictions = permit_mynetworks, reject_unauth_destination

Replace 192.168.1.0/24 with your actual network subnet.

Before making changes, verify your basic connectivity from the Windows server:

telnet your.postfix.server 25

If this fails, check these CentOS firewall settings:

# firewall-cmd --permanent --add-service=smtp
# firewall-cmd --reload

For more granular control, consider using SASL authentication:

smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination

Check your mail logs when troubleshooting:

# tail -f /var/log/maillog

Common errors include:

  • Relay access denied - indicates mynetworks misconfiguration
  • Connection refused - firewall or Postfix not listening on the interface

For production environments, consider these optimizations:

smtpd_client_connection_limit = 100
smtpd_client_message_rate_limit = 100
smtpd_client_recipient_rate_limit = 100

First, verify basic network connectivity between your Windows server and CentOS Postfix host. Run these commands from the Windows command prompt:

telnet postfix_server_IP 25
ping postfix_server_IP

If these fail, resolve basic networking issues before proceeding with Postfix configuration.

Edit the main Postfix configuration file:

sudo vi /etc/postfix/main.cf

Key parameters to modify:

# Allow connections from your local network (adjust IP range)
mynetworks = 127.0.0.0/8, 192.168.1.0/24

# Set your mail domain
myorigin = $mydomain
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain

# Enable SMTP authentication (optional but recommended)
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_local_domain = $myhostname

Ensure your firewall allows SMTP traffic:

sudo firewall-cmd --permanent --add-service=smtp
sudo firewall-cmd --reload

For CentOS systems with SELinux enabled:

sudo setsebool -P allow_postfix_local_write_mail_spool on
sudo semanage port -a -t smtp_port_t -p tcp 25

After applying changes, test with:

sudo postfix reload
sudo systemctl restart postfix

Now try sending test email from your Windows server using this PowerShell script:

$EmailFrom = "user@yourdomain.com"
$EmailTo = "recipient@example.com"
$Subject = "Postfix Relay Test"
$Body = "This is a test email sent via Postfix relay"
$SMTPServer = "your_postfix_server_IP"
$SMTPClient = New-Object Net.Mail.SmtpClient($SMTPServer, 25)
$SMTPClient.EnableSsl = $false
$SMTPClient.Send($EmailFrom, $EmailTo, $Subject, $Body)

Check Postfix logs for troubleshooting:

sudo tail -f /var/log/maillog

Look for successful relay attempts with status=sent or authentication failures.

For more secure setup, configure SASL authentication:

sudo yum install cyrus-sasl-plain
sudo vi /etc/sasl2/smtpd.conf

Add these contents:

pwcheck_method: auxprop
auxprop_plugin: sasldb
mech_list: PLAIN LOGIN

Create SASL users:

sudo saslpasswd2 -c -u postconf -h myhostname username
sudo chown postfix:postfix /etc/sasldb2