Postfix Installation (Debian Lenny)

This document will describe how to install Postfix as a local mail server relay to sent local system mail to real world email recipients like e.g. system administrator(s).

For that, install postfix and libsasl2 packages first. Select Local, when requested to select an installation option.

apt-get install postfix libsasl2-modules

Then, setup postfix as local smtp mail relay server. First, consider the following options in /etc/postfix/ The remaining options should be left to their default values.

### localhost only ###
mydestination = $myhostname, localhost.$mydomain, localhost
mynetworks =
inet_interfaces = all

### redirect root mail to system administrator ###
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases

### mail relay host and password ###
relayhost =
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd

### configure TLS connection to relay host ###
smtp_tls_security_level = encrypt
#smtp_tls_CApath = /etc/ssl/certs
smtp_tls_CAfile = /etc/ssl/certs/Thawte_Premium_Server_CA.pem
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous

The first block limits the accessibility of the mail server to localhost. That way, any incoming internet requests should be rejected.

Regarding the alias_maps directives, mail redirection (e.g. for system user root) can be redirected to a "real world" email recipient. The aliases must be definied in /etc/aliases (.e.g . postmaster->root, root->

postmaster: root

Also, /etc/aliases must be hashed using the postalias command.

postalias /etc/aliases

Next, the smtp server to which any outgoing mails were relayed to must be defined. If you can use an internal mail server which does not require to login before sending emails (e.g. ip-address authentication), you can omit the next paragraph.

Currently, we are using the free mail hoster, because it permits to relay emails with any sender domain. In order to submit the user credentials required for login, create /etc/postfix/sasl_passwd and define your mail relay host and login credentials as follows.   userid:password

The file must be hashed using the postmap command.

postmap /etc/postfix/sasl_passwd

Then, the remaining block configures TLS/SSL negotiations (hopefully supported by your mail provider). The security level should be set to encrypt (passwords are sent!) and the rootCA certificate of the mail relay server (e.g. Thawte Premium for


Using the smtp_tls_CApath directive pointing to the default certificate directory /etc/ssl/certs which will be installed along with the ssl-cert package did not work for me ?!

Finally, restart the postfix server as usual.

/etc/init.d/postfix restart

That's all.

Updated by Lutz Suhrbier over 11 years ago ยท 4 revisions