Mxgate
Mxgate
Türkçe Get Started
Postfix

Postfix Smarthost Configuration

Smarthost setup with Postfix main.cf and SASL authentication

Back to Documentation

What does this guide do?

Ensures all emails sent from your Postfix server are delivered through the MXGate smarthost (with authentication). Works on Ubuntu, Debian, CentOS, RHEL and other Linux distributions.

Prerequisites

  • Root or sudo access
  • Postfix installed and running
  • SMTP username and password created from MXGate panel
  • libsasl2-modules and sasl2-bin packages (usually installed by default)

1 Backup main.cf File

Take a backup of the Postfix configuration file just in case:

# Yedek oluşturun:
sudo cp /etc/postfix/main.cf /etc/postfix/main.cf.backup.$(date +%Y%m%d)
# Mevcut relayhost ayarını kontrol edin:
sudo postconf relayhost

2 Configure main.cf

Edit the Postfix main configuration file. Add the following settings to main.cf:

# main.cf dosyasını açın:
sudo nano /etc/postfix/main.cf
# Aşağıdaki satırları dosyanın sonuna ekleyin:
# ============================================
# MXGate Smarthost Configuration
# ============================================
relayhost = [smtp.mxgate.com.tr]:587
# SMTP Authentication
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_sasl_mechanism_filter = plain, login
# TLS Encryption
smtp_tls_security_level = encrypt
smtp_tls_loglevel = 1
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
# Connection settings
smtp_connect_timeout = 30s
smtp_helo_timeout = 30s

Square brackets [] ensure the hostname is used directly instead of looking up MX records.

3 Create SASL Password File

Create the password file containing SMTP authentication credentials:

# SASL şifre dosyasını oluşturun:
sudo nano /etc/postfix/sasl_passwd
# Dosya içeriği (tek satır):
[smtp.mxgate.com.tr]:587 MXGATE_KULLANICI_ADI:MXGATE_SIFRE
# Örnek:
[smtp.mxgate.com.tr]:587 user@domain.com:SecureP@ss123

Security: This file must not be readable by any user other than root.

# Dosya izinlerini ayarlayın:
sudo chmod 600 /etc/postfix/sasl_passwd
sudo chown root:root /etc/postfix/sasl_passwd
# Postmap ile hash veritabanını oluşturun:
sudo postmap /etc/postfix/sasl_passwd
# Oluşan dosyaları kontrol edin:
ls -la /etc/postfix/sasl_passwd*

4 TLS/SSL Certificate Settings

Set the CA certificates path according to your distribution for TLS encryption:

# Debian/Ubuntu:
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
# RHEL/CentOS/Rocky:
smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
# CA dosyasının var olduğundan emin olun:
# Debian/Ubuntu için:
ls -la /etc/ssl/certs/ca-certificates.crt
# Yoksa kurun:
sudo apt-get install ca-certificates
# RHEL/CentOS için:
ls -la /etc/pki/tls/certs/ca-bundle.crt
# Yoksa kurun:
sudo yum install ca-certificates

5 Reload Postfix Configuration

Reload Postfix to apply configuration changes:

# Yapılandırmayı yenile (durdurmadan):
sudo postfix reload
# Veya servisi yeniden başlat:
sudo systemctl restart postfix
# Veya:
sudo service postfix restart
# Servis durumunu kontrol edin:
sudo systemctl status postfix
# Yapılandırma doğrulama:
sudo postfix check

6 Testing and Verification

Test if the configuration is working:

# Test e-postası gönderin:
echo "Subject: Test Mail" | sendmail -v test@example.com
# Veya mail komutu ile:
echo "Test body" | mail -s "Test Subject" -a "From: sender@yourdomain.com" recipient@example.com
# Postfix loglarını izleyin:
sudo tail -f /var/log/mail.log
# veya:
sudo tail -f /var/log/maillog
# Başarılı bağlantı görmelisiniz:
"smtp.mxgate.com.tr[IP]:587: 250 2.0.0 Ok: queued as"
# Kimlik doğrulama başarılı:
"Trusted TLS connection established to smtp.mxgate.com.tr"
# Hata varsa göreceksiniz:
"SASL authentication failed"

Success! All your outgoing emails are now delivered encrypted and authenticated through MXGate.

Troubleshooting

SASL authentication failed:

Check username/password:

sudo postmap -q [smtp.mxgate.com.tr]:587 /etc/postfix/sasl_passwd

Re-run postmap command and check file permissions.

Unable to verify certificate:

Ensure CA certificate file is in correct path. Or disable TLS verification (not recommended):

smtp_tls_security_level = may
Connection refused/timed out:

Firewall (ufw, firewalld, iptables) may not allow outbound access to port 587. Also ensure your hosting provider doesn't block SMTP ports.

Relay access denied:

Ensure your server IP is whitelisted in MXGate panel and authentication credentials are correct.

Distribution Specific Notes

Ubuntu/Debian
  • main.cf: /etc/postfix/main.cf
  • Log: /var/log/mail.log
  • CA: /etc/ssl/certs/ca-certificates.crt
CentOS/RHEL/Rocky
  • main.cf: /etc/postfix/main.cf
  • Log: /var/log/maillog
  • CA: /etc/pki/tls/certs/ca-bundle.crt
Plesk
Documentation Exim