Setup Postfix to Login to Your Email Account and Deliver Mail


Unless you're a sysadmin you don't generally have to worry that much about getting email delivered, you just hookup your GUI email client to your external email account and you're done. But what if your system tries to deliver mail, for example from cron? Normally, this just goes to root or perhaps some designated user on your system, but what if you'd like it to get delivered to your external email account?

The obvious answer is you setup your system to forward root's email to your external email account, eg change this line in /etc/aliases:

root:   you



or you can change root's .forward file to accomplish the same thing.

So, what's the problem? The problem comes when your IP address (or your ISP's IP address) someday gets blacklisted and all of a sudden you're not getting any system mail anymore. This problem can also arise if you have scripts which deliver mail to somebody: at some point their email server may refuse to talk to your system because it thinks you're a spammer or something.

In these cases, assuming your email provider allows you to have SMTP access, one solution is to have your system deliver email to your email provider and let your email provider deliver it to the final destination. Your email provider is probably (hopefully) more likely to stay on top of problems related to their IP addresses and blacklists so your email has a higher probability of getting delivered (in the case of cron it's already at its destination).

Getting your system to deliver mail to an external email account, ie getting your system to relay mail via another server requires a bit of configuration. Few, if any, email providers allow their servers to be used as open relays, an open relay being an email relay that anyone can use. So one of the first things you have to do is tell your system how to login to your email account so that it can relay email. Furthermore you may also have to, or want to, configure your system to use TLS/SSL when it logs in so that your username and password are protected.

In this example, I'll show you how I set up my system to deliver mail to my fastmail account. I use openSUSE and therefore my system uses postfix to deliver email. If you use another Linux distro these steps may require modification, and if you use exim or some other system for email delivery this won't help at all.

First, if it's not already installed and running, install the SASL authentication daemon saslauthd and start it. Next edit the file /etc/postfix/sasl_passwd and add this line to the bottom of the file:   USERNAME:PASSWORD

The values in this file determine the username and password that SASL uses when logging in to a particular server. Obviously, change these values for your external email account. You should be able to find the server name on your email provider's web site, although it usually takes some digging.

Now run postmap to convert the text password file to a .db file:

postmap sasl_passwd

Next edit the file /etc/postfix/ and uncomment the tlsmgr line:

tlsmgr  unix  -   -   n   1000?  1  tlsmgr

Now edit the file /etc/postfix/ and add the following lines to the bottom of the file:

smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_type = cyrus
smtp_sasl_mechanism_filter = PLAIN, LOGIN

smtp_tls_security_level = verify
smtp_tls_mandatory_ciphers = high
smtp_tls_verify_cert_match = nexthop
smtp_sasl_tls_security_options = noanonymous

relayhost = []:587

#debug_peer_list =

These options tell postfix to use SASL authentication when doing SMTP (ie delivering mail) and they also tell it to use TLS security when logging in. The relayhost option tells postfix the default server to use when relaying email, the :XXX value is the port number to use (another value you'll have to dig out of your email provider's help pages). The last option, the commented out one, debug_peer_list allows you tell postfix to show TLS related debug information on a per server basis. This is often useful when trying to diagnose TLS connection problems. In this case it turned out to be useful because postfix did not recognize the CA (certificate authority) that issued Fastmail's SSL certificate (Entrust). (Actually, I don't know if postfix recognizes any CA's out of the box.)

After some groping around on the Entrust site my SSL memory came back to me and I did a search for "root certificates" and got to a page where I could download a copy of Entrust's root certificate (you may need to start here).

Once you've downloaded the certificate, save a copy in /etc/postfix and remove group/other read/write access. Then add the following line to /etc/postfix/

smtp_tls_CAfile = /etc/postfix/entrust_ssl_ca.cer

Restart postfix:

$ /etc/init.d/postfix restart

Now send a test email from the command line:

$ mail -s test <<<test

And hopefully it will arrive in your external email account.


Mitch Frazier is an Associate Editor for Linux Journal.


Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.


nickM's picture

Wow. I had this exact problem---down to the detail of sending mail through my fastmail account---when setting up a linux host as a webserver. I didn't want to run a mailserver, but still needed local mail to be delivered to a working address. Thanks a bunch for this article.

Hello, I need the same

Rabih's picture


I need the same scenario but in the reverse way, let's say I have a postfix server install at my office and I have the user and the is hosted at USA, I wanna any message sent to to be received at the main hosting which is in USA, and I wanna get my email via the postfic that is exist in the office, by setting up the postfix to connect to the at USA automatically and check if there is an emails in the mailbox get them and download in the testmail account at my office.

In this case I will get my email from the server that it's in my office instead of the connection to the main server.

I hope to find this solution at your side :( and please contact me at:


Not Postfix

Mitch Frazier's picture

The solution to that problem is not postfix, it's fetchmail. Fetchmail can login to you USA account, fetch the mail and then deliver it to your local postfix. Your local postfix can then deliver it to people in the office.

Mitch Frazier is an Associate Editor for Linux Journal.

Almost works...

Anonymous's picture

I almost have this working with gmail but it's not rewriting the To address. Postfix is delivering the email to gmail but it's still addressed to 'root@localhost.localdomain'. In /etc/aliases I have

root don

I've also tried .forward files for both accounts. I'm missing some config option but I don't know what it is, any ideas?


That's a Different Issue

Mitch Frazier's picture

That isn't part of what's being done here. The final destination of an email, perhaps somewhat bizarrely, doesn't really depend on the "To:" header.

Try adding this to /etc/postfix/generic:


Then run:

  $ postmap /etc/postfix/generic

Then add this to /etc/postfix/

    smtp_generic_maps = hash:/etc/postfix/generic

and restart postfix.

Mitch Frazier is an Associate Editor for Linux Journal.

very cool

b-rad's picture

This is very cool. Very helpful when you want to get your system mail. Or cron jobs, or whatever. I have a script that emails me my home IP address if/when it ever changes. It checks every five minutes and only emails me if it changes. The cool part is that I use google as the smpt server, by authing to google first, then sending the mail. Very similar to this, I just use gmail. -bb

This is very cool but I

Anonymous's picture

This is very cool but I don't understand what that has to do with linux

The guys in the white coats are your friends

Mitch Frazier's picture

Don't be afraid, they won't hurt you.

Mitch Frazier is an Associate Editor for Linux Journal.