Authentication for Postfix
Before you get started, make sure that you have a SASL authentication package like
libsasl. You can install them using one of these commands:
For Debian, Ubuntu, etc:
$ apt-get install libsasl2-modules
For CentOS, Fedora, RedHat:
$ yum install cyrus-sasl-plain
If you don't have one of these packages, or if you're getting a no mechanism found error, you may need to update the authentication package or package dependencies.
Check Your Hostname
To properly relay the mail, your hostname needs to be a fully-qualified domain name. The default specifies the local machine as the hostname, which may not be a FQDN. You can check by running:
$ hostname -f
If this outputs a FQDN, you're all set. Otherwise, you need to add a
mydomain parameter to your main.cf file.
Store Authentication Information for Transactional Email
If you already have a file in /etc/postfix/ for SASL passwords, open that file. If not, create a file with a name like sasl_passwd (or something else descriptive in /etc/postfix/). On a new line, add these values (replacing USERNAME with your account username, and API_KEY with an active API key for your Transactional Email account):
After you save this file, you should chmod it so that only the root can read or write the file:
$ chmod 600 /etc/postfix/sasl_passwd
Anytime you change your credentials, save the file and then
$ postmap /etc/postfix/sasl_passwd
Set Up Postfix to Relay Through Transactional Email
In your Postfix configuration file, typically /etc/postfix/main.cf, add or adjust these options:
# enable SASL authentication smtp_sasl_auth_enable = yes # tell Postfix where the credentials are stored smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_sasl_security_options = noanonymous # use STARTTLS for encryption smtp_use_tls = yes relayhost = [smtp.mandrillapp.com]
After saving the configuration, reload or restart Postfix.
When you use TLS for encryption, you may need to add extra parameters so that Postfix knows where to find the certificate bundles on your system.
Relay only certain emails through Transactional Email
The configuration options shown earlier will relay all mail being sent for your Postfix server through Transactional Email. If you only want emails being sent from email@example.com and firstname.lastname@example.org relayed through Transactional Email, remove the
relayhost parameter value, and add the
relayhost = sender_dependent_relayhost_maps = hash:/etc/postfix/relayhost_maps
Then add this to /etc/postfix/relayhost_maps:
email@example.com [smtp.mandrillapp.com] firstname.lastname@example.org [smtp.mandrillapp.com]
Add extra lines if you want emails for other senders relayed through specific relayhosts and make sure to modify your sasl_passwd file to ensure that you have a line for each relayhost being used).
Postmap that file:
$ postmap /etc/postfix/relayhost_maps
Reload or restart Postfix.
Send a Test Email With Postfix
Send a test email using
sendmail or another command-line mail client:
$ sendmail RECIPIENT@domain.com From: email@example.com Subject: Testing from Postfix This is a test email .
Take a look at the Postfix logs to see the status of the email:
$ tail -f /var/log/syslog
If Postfix is accepting and relaying mail, make sure that you've configured all your local domains in Postfix so that Postfix doesn't try to relay those through Transactional Email (which can result in a mailing loop). Use the mydestination parameter in /etc/postfix/main.cf so Postfix doesn't relay those emails through Mandrill:
mydestination = localhost.localdomain, localhost, mydomain.com, mydomain.net # make sure to list any domains that Postfix should use for local delivery
You'll need to add SPF and DKIM records and verify ownership of your sending domains before you can send email through your account. Transactional Email will not send any email from unverified domains or domains without valid SPF and DKIM records, including public domains like gmail.com, yahoo.com, and more.
A message that is rejected with the reject reason unsigned indicates that the sending domain hasn't been properly set up, and that your account is unable to send and authenticate email from that domain.