Configure Postfix SMTP Relay on Ubuntu VPS: Complete Setup

Why Use SMTP Relay for VPS Email Delivery

Your Ubuntu VPS can send emails directly. But major providers like Gmail and Outlook often block or flag messages from unknown IP addresses. This creates delivery headaches for customers who need reliable transactional emails from their applications.

An SMTP relay service acts as a trusted intermediary. Your server authenticates with the relay provider. The provider then delivers emails using their established reputation.

This approach dramatically improves delivery rates. It also reduces the risk of your VPS IP getting blacklisted.

We'll configure Postfix SMTP relay to route outbound mail through an SMTP relay. Local delivery for system messages will remain intact. This setup works perfectly with Hostperl VPS hosting plans that need professional email capabilities.

Prerequisites and Server Preparation

Before starting, ensure your Ubuntu VPS has Postfix installed. Most Hostperl VPS instances come with Postfix pre-installed. You can verify with:

sudo systemctl status postfix

If Postfix isn't installed:

sudo apt update
sudo apt install postfix

During installation, select "Internet Site". Enter your server's fully qualified domain name (FQDN).

You'll also need valid SMTP relay credentials. Get these from providers like SendGrid, Mailgun, or Amazon SES.

Create a backup of your current Postfix configuration before making changes:

sudo cp /etc/postfix/main.cf /etc/postfix/main.cf.backup
sudo cp /etc/postfix/master.cf /etc/postfix/master.cf.backup

Install and Configure SASL Authentication

SMTP relays require authentication. This means installing the SASL (Simple Authentication and Security Layer) package.

Install the necessary components:

sudo apt install libsasl2-modules

Create the SASL password file that stores your relay credentials:

sudo nano /etc/postfix/sasl_passwd

Add your relay provider's settings. Here's the format for common providers:

# For SendGrid
[smtp.sendgrid.net]:587 apikey:your_api_key

# For Mailgun
[smtp.mailgun.org]:587 postmaster@yourdomain.com:your_password

# For Amazon SES
[email-smtp.us-east-1.amazonaws.com]:587 your_access_key:your_secret_key

Secure the credentials file and create the hash database:

sudo chmod 600 /etc/postfix/sasl_passwd
sudo postmap /etc/postfix/sasl_passwd

This creates `/etc/postfix/sasl_passwd.db` that Postfix will use for authentication.

Configure Postfix Main Settings

Open the main Postfix configuration file:

sudo nano /etc/postfix/main.cf

Add these relay configuration lines at the end of the file:

# SMTP Relay Configuration
relayhost = [smtp.sendgrid.net]:587
smtp_use_tls = yes
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_tls_security_level = encrypt
smtp_tls_note_starttls_offer = yes
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt

Replace the `relayhost` value with your chosen provider's SMTP server. The `[brackets]` prevent Postfix from looking up MX records for the relay host.

These settings enforce TLS encryption and SASL authentication for all outbound emails. The configuration ensures your credentials are protected during transmission.

Configure Local Network Settings

You'll want to allow your VPS to send emails locally. External emails will route through the relay. Add these network settings:

# Network Configuration
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost

The `mynetworks` setting defines which IP addresses can send email through your server without authentication. This configuration allows local processes to send emails. External delivery still requires relay authentication.

If you're hosting multiple domains and need local delivery for specific domains, adjust `mydestination` accordingly. For most VPS setups focused on application email delivery, the default settings work well.

Test SMTP Relay Configuration

Validate your configuration syntax before restarting:

sudo postfix check

If no errors appear, restart Postfix to apply changes:

sudo systemctl restart postfix
sudo systemctl status postfix

Test email delivery using the command line:

echo "Test email from VPS" | mail -s "SMTP Relay Test" your-email@example.com

If the `mail` command isn't available:

sudo apt install mailutils

Check the mail queue to see if messages are being processed:

sudo mailq

An empty queue usually indicates successful delivery. For detailed logging, monitor the Postfix log:

sudo tail -f /var/log/mail.log

Look for successful SASL authentication and TLS encryption in the log entries. This approach is essential for customers using our managed VPS hosting services who need reliable email delivery.

Advanced Authentication Options

Some SMTP providers require specific authentication methods. Configure provider-specific settings in your main.cf file:

For Gmail SMTP (if using application passwords):

relayhost = [smtp.gmail.com]:587
smtp_sasl_mechanism_filter = plain
smtp_sasl_security_options = noanonymous

For Microsoft 365:

relayhost = [smtp.office365.com]:587
smtp_sasl_mechanism_filter = login, plain
smtp_tls_security_level = encrypt

Test different authentication mechanisms if you encounter connection failures. Some providers require specific SASL mechanisms that aren't enabled by default.

Troubleshooting Common SMTP Relay Issues

Authentication failures often show up as "SASL authentication failed" in logs. Double-check your credentials in `/etc/postfix/sasl_passwd`. Regenerate the database:

sudo postmap /etc/postfix/sasl_passwd

TLS connection problems typically indicate certificate issues. Verify your CA certificate file exists:

ls -la /etc/ssl/certs/ca-certificates.crt

If missing, update your certificate bundle:

sudo apt update && sudo apt install ca-certificates

Connection timeouts might indicate firewall restrictions. Ensure port 587 is open for outbound connections:

sudo ufw allow out 587

Rate limiting errors from your SMTP provider require adjusting Postfix delivery settings:

smtp_destination_concurrency_limit = 2
smtp_destination_rate_delay = 1s
smtp_extra_recipient_limit = 10

Monitor your relay provider's dashboard for delivery statistics. Check for any account limitations that might affect your VPS email delivery.

Frequently Asked Questions

Can I configure multiple SMTP relays for different domains?

Yes, use Postfix transport maps to route specific domains through different relays. Create `/etc/postfix/transport` with domain-specific relay configurations. Reference it in main.cf with `transport_maps = hash:/etc/postfix/transport`.

Will this configuration affect incoming email delivery?

No, this setup only affects outbound email delivery. Incoming emails will continue to be delivered normally based on your existing Postfix and DNS configurations. Local system emails are also unaffected.

How do I monitor SMTP relay usage and delivery rates?

Check your relay provider's dashboard for detailed delivery statistics. You can also monitor Postfix logs with tools like `pflogsumm` for local delivery analysis and queue management insights.

What happens if the SMTP relay service is unavailable?

Postfix will queue emails locally and retry delivery according to your retry settings. Configure backup relay hosts by adding multiple `relayhost` entries. You can also implement fallback mechanisms in your application logic.

Can I still send emails directly without the relay for specific addresses?

Yes, configure transport maps to bypass the relay for specific recipients or domains. This allows you to send local system notifications directly. Application emails still route through the relay for better deliverability.