Many ISPs, particularly cable providers, actively filter port 25 (SMTP) traffic to combat spam. When your Ubuntu server running Postfix attempts to send mail through this blocked port, you'll encounter timeout errors like:
May 7 18:22:45 myhost postfix/smtp[1234]: connect to example.com[192.0.2.1]:25: Connection timed out
Before configuring Postfix, verify that your destination mail server accepts connections on port 587 (submission port):
telnet mail.example.com 587
Trying 203.0.113.5...
Connected to mail.example.com.
220 mail.example.com ESMTP
EHLO yourdomain.com
250-mail.example.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
Edit the main Postfix configuration file:
sudo nano /etc/postfix/main.cfAdd or modify these parameters:
# Force outgoing mail through port 587
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
smtp_tls_security_level = may
smtp_sasl_auth_enable = yes
relayhost = [mail.example.com]:587
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
Create the SASL password file:
sudo nano /etc/postfix/sasl_passwdAdd your credentials in this format:
[mail.example.com]:587 username:passwordThen secure and compile the file:
sudo chmod 600 /etc/postfix/sasl_passwd
sudo postmap /etc/postfix/sasl_passwdEnsure your submission service is properly configured in:
sudo nano /etc/postfix/master.cfUncomment or add these lines:
submission inet n - y - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,rejectAfter making changes, test with:
sudo postfix check
sudo systemctl restart postfixSend a test email while monitoring logs:
tail -f /var/log/mail.log
echo "Test message" | mail -s "Port 587 Test" recipient@example.comIf you encounter problems, check these common solutions:
# Check if Postfix is actually using port 587
sudo ss -tulnp | grep master
# Verify DNS resolution
dig mail.example.com
# Test authentication separately
sudo apt install swaks
swaks --to recipient@example.com --server mail.example.com:587 --auth LOGIN --auth-user usernameRemember that some servers may require TLS even if not explicitly stated. Adding smtp_tls_security_level = encrypt can resolve connection issues with stricter mail servers.
When ISPs block port 25 (the default SMTP port), it prevents traditional mail delivery methods from working. Here's what happens when you encounter this:
# Typical timeout error you might see
May 7 18:30:01 myhost postfix/smtp[1234]: connect to myserver.net[1.2.3.4]:25: Connection timed out
Before configuring Postfix, always verify your destination server accepts connections on port 587:
telnet mail.example.com 587
Trying 1.2.3.4...
Connected to mail.example.com.
220 mail.example.com ESMTP service ready
Edit your Postfix main configuration file:
sudo nano /etc/postfix/main.cfAdd or modify these critical parameters:
# Force all outgoing mail through port 587
relayhost = [mail.example.com]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_use_tls = yes
Create the password file for authentication:
sudo nano /etc/postfix/sasl_passwdAdd your credentials in this format:
[mail.example.com]:587 username:passwordSet proper permissions and create the hash database:
sudo chmod 600 /etc/postfix/sasl_passwd
sudo postmap /etc/postfix/sasl_passwd
sudo systemctl restart postfixSend a test email and monitor the logs:
echo "Test message" | mail -s "Test Subject" recipient@example.com
tail -f /var/log/mail.logYou should see successful delivery attempts on port 587:
May 7 18:35:22 myhost postfix/smtp[2345]: ABC123456: to=<recipient@example.com>, relay=mail.example.com[1.2.3.4]:587, delay=1.2, delays=0.1/0/0.6/0.5, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as XYZ987654)
If you encounter problems, check these common solutions:
# Verify Postfix is running
sudo postfix status
# Check configuration
sudo postconf -n
# Test SMTP connection manually
openssl s_client -starttls smtp -connect mail.example.com:587 -crlf