Integrating Postfix with Email Delivery

Use Postfix to send emails through the Email Delivery service.

Configure Postfix to Send Email Through Email Delivery

Postfix is a free and open source mail transfer agent that routes and delivers electronic mail. It is released under the IBM Public License 1.0 which is a free software license, and might already be installed. To learn more about Postfix, see the Postfix website. You can use Postfix to send emails through Email Delivery. Before you use Postfix, you must configure Oracle Cloud Infrastructure Email Delivery in Postfix application.

Important

These instructions contain sample code for your convenience and use them as a reference. For client support, contact Postfix customer support. These steps were tested on an Oracle Linux Server release 7.9 compute instance and Postfix version 2.10.1.
Note

The paths and commands used in the following procedure for specifying file locations are specific to Ubuntu/Debian. The file paths or editing commands might differ depending on the OS you're using. The changes to the configuration files are the same.

To enable Postfix to integrate with Email Delivery:

  1. Ensure Email Delivery is configured to send email. See Getting Started.

    Note

    The SMTP credentials are required to configure Postfix to use Email Delivery. Be sure to note the SMTP username and SMTP password when you generate the SMTP credentials, which appear in User Settings. Those specific values, and not your OCI user identity, is required for configuration. If you have lost the password credential for your SMTP Credential, you need to create a new set of credentials.

  2. To open the main.cf file, run the following command:

    sudo vi /etc/postfix/main.cf

    Add the following information to the end of the file:

    smtp_tls_security_level = may 
    smtp_sasl_auth_enable = yes 
    smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd 
    smtp_sasl_security_options =
  3. Email Delivery requires secure TLS encryption (transport level security) for all SMTP email submissions. Use the smtp_tls_security_level setting to have Postfix use STARTTLS support when connecting to remote SMTP servers such as OCI Email Delivery:

    smtp_tls_security_level = may

    To enforce the use of TLS for all remote server communications, use the following setting:

    smtp_tls_security_level = encrypt
    Note

    By default, the Postfix client assumes that the maximum allowed message size is that received in the initial Extended HELO (EHLO) response. This will always be our deployment default of 2 MB. If you have a higher maximum message size limit, you must configure the Postfix client to ignore this default value. Edit the /etc/postfix/main.cf file and add the following:
    smtp_discard_ehlo_keywords = size
  4. Update relayhost to include your SMTP connection endpoint and port and then save or update the file. For example, to send messages through the new default mail submission port 587, use:

    relayhost = smtp.email.us-ashburn-1.oraclecloud.com:587		
    Note

    For the correct endpoint value, consult the Authentication and Connection Endpoints. We recommend port 587, so append ":587" to the end of the endpoint you need as provided in the example.
  5. Create the sasl_passwd file in the same directory as main.cf.

    Run the following command:

    sudo vi /etc/postfix/sasl_passwd
  6. Add your relay host and port by entering:

    server:port user:pass

    where:

    • server is your relay host and port is 25 or, preferably, 587.
    • user is the SMTP username that you created and pass is the password you received when you generated your SMTP credentials.
  7. Give the permissions in the password file.

    Run the following command:

    sudo chown root:root /etc/postfix/sasl_passwd && sudo chmod 600 /etc/postfix/sasl_passwd
  8. Generate the password hash.

    Run the following command:

    sudo postmap hash:/etc/postfix/sasl_passwd
  9. Reload Postfix.

    Run the following command:

    sudo postfix reload
  10. Test the configuration by sending a test email.

    Run the following command:

    echo "This is a test message" | mail -s "Test" -r <approved sender email address> <recipient email address>
    Note

    Some versions of mail and mailx support neither the -r switch to set the sender in the email, or the -a switch to create additional headers. In these cases, the sender is determined by the operating system and can be overridden by various other means. If you would like to override the system-generated email addresses in this case, you can use rewrite rules located in /etc/postfix/header_checks.

    A status=sent (250 Ok) message in the log indicates that the email was sent successfully.

Note

In some environments, using SASL authentication requires the following RPM package: cyrus-sasl-plain. See the PostFix website for further documentation on configuring SASL authentication.

More Information

  • See the Postfix website for more information on Postfix configuration.
  • See smtp_tls_security_level for more information on the default SMTP TLS security level for the Postfix SMTP client.
  • See smtpd_use_tls for more information on STARTTLS support to remote SMTP clients. This feature was introduced in Postfix version 2.2 but deprecated since version 2.3.
  • See TLS Errors when Integrating with Postfix for troubleshooting techniques related to Email Delivery.