<aside> 💡 Instructions for a Linux host running Ubuntu 22.04 or 24.04 server to send emails using Postfix through Fastmail.

</aside>

Revision: 20240531-0 (init: 20240312)

Postfix is a free, open-source mail transfer agent (MTA) that routes and delivers email over the Internet. FastMail is a paid service that provides a secure, privacy-focused email provider supporting custom domains. This post details the setup instructions for using Postfix as a Send-Only SMTP server, using Fastmail, on a Ubuntu Linux server host.

Preamble

How to use this guide

Our recommendation is to duplicate the content of this file and adapt it. Once you have obtained the source content, open it in an editor and perform a find and replace for the different values you will need to customize for your setup. This will allow you to copy/paste directly from the source file.

Values to adjust (in order of easier replacement):

• [email protected], the email address set up in FastMail to send emails from.
• host.example.com, the DNS name of your server (pointing to an unroutable private IP is fine)
• [email protected] is the account owner of the FastMail account.
• example.com is the domain from which we send emails.
• [email protected], the destination email we will test sending to.

Fastmail

We will rely on fastmail.com to send emails. FastMail is an email service provider focusing on speed, privacy, and secure communication. It is a paid service for individuals and businesses that supports standard email protocols such as IMAP, SMTP, and CalDAV/CardDAV, making it compatible with many email clients and devices. FastMail offers robust support for custom domains, allowing users to personalize their email addresses with their own domain names. Users can create email addresses linked to their domain, such as [email protected]. More details on the above can be found at https://www.fastmail.help/hc/en-us/articles/360058753394-Custom-domains-with-Fastmail

Since setup differs, we will not cover the steps detailed in the URL above. We expect the domain’s MX points to Fastmail and that SPF and DKIM are correctly configured at your DNS. Fastmail has a valuable dashboard on its Domains page with checkmarks for those settings. Once properly configured, you will have “Your domain is correctly set up to send and receive mail!” on that domain’s dashboard on Fastmail.

We will use them to send emails from a user from the example.com domain using their outgoing SMTP services and app-specific passwords through Postfix.

Postfix

Postfix is a free and open-source mail transfer agent (MTA) that routes and delivers electronic mail. It is an alternative to the widely used Sendmail program and is designed to focus on security, ease of use, and efficient handling of large volumes of email. Postfix’s architecture is modular, which allows for flexibility and extensibility. It supports various mail protocols, including SMTP, and is highly configurable, enabling administrators to tailor its behavior to suit specific requirements. Due to its performance, security features, and simplicity in configuration, Postfix has become a popular choice for both small and large-scale mail systems.

We will use a “send-only” SMTP setup using Postfix to allow our server to send emails without the capability to receive incoming emails, which will enable us to send system notifications or any automated emails generated by scripts, applications, or monitoring tools.

Digital Ocean has an excellent primer on using Postfix (without Fastmail), see https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-postfix-as-a-send-only-smtp-server-on-ubuntu-22-04.

Setup

Fastmail email setup

Our Fastmail account is [email protected]. We will need this information later for the relay to work.

We will use the [email protected] email alias to send messages and adapt the domain and the email address as needed. Fastmail notes, “Every external program or app needs its own app password to access your information.” More details are available at https://www.fastmail.help/hc/en-us/articles/360058752854-App-passwords. The Fastmail “server name and ports” are detailed at https://www.fastmail.help/hc/en-us/articles/1500000278342-Server-names-and-ports. We will follow the instructions for SMTP on port 465.

From your Fastmail “Settings” dashboard, select Set Up -> My email address, then Add address, and then Create an Alias. Add [email protected], and on the next page, decide what you want to do “when a message is delivered to this address” and add a “Description.” You can also configure the “Advanced delivery preferences” and “Compose options” according to your needs.

From your Fastmail “Settings” dashboard, select Stay Secure -> Privacy & Security. In the Integrations tab, create a New App Password. Name it postfix and give it only SMTP access. Copy and store this “postfix smtp app password” in a password manager for future use, as “this is the password for your app. Spaces and capitals donʼt matter. For your security we wonʼt show this password again”.

Postfix setup

Although unlikely to occur with the header fixes, we invite you to set up the server’s hostname as a Fully Qualified Domain Main (FQDN). To do so, sudo nano /etc/hostname and replace the value with host.example.com. If your host is not publicly accessible (on a private network), add host.example.com in /etc/hosts with the local IP so the host can find itself and not attempt to do a DNS lookup. A reboot is recommended, but you can also sudo hostname host.example.com until the next reboot.

mailutils

Install the required tools (including postfix) and adapt example.com to your domain.

sudo apt-get update
sudo apt-get install mailutils
# during this step, you will be prompted to select the mail configuration that best matches your needs. 
# Select "Internet Site" as per the following dialogue: 
# "if a mail address on the local host is [email protected], the correct value for this option would be example.org"
# As such, give it example.com

If you made an entry error at this point, run sudo dpkg-reconfigure postfix. We will manually modify the configuration next.

Email Headers

We need to create a couple of files, which we will require later, so the headers of any emails relayed are sent from an authorized email on your FastMail account.

• sudo nano /etc/postfix/header_check and add the following

/From:.*/ REPLACE From: [email protected]

• sudo nano /etc/postfix/sender_canonical_maps and add the following

/.+/    [email protected]

Match local root user

Let’s ensure that emails to root will function, given that it will try to contact [email protected]. Edit a new file sudo nano /etc/postfix/recipient_canonical and add to it:

[email protected] [email protected] 

Then create the file hash to be used later:

sudo postmap /etc/postfix/recipient_canonical

Note: This was added to support sending emails when performing “Unattended Upgrades” (as root,) following details found in this post https://askubuntu.com/a/599513

Credentials

sudo nano /etc/postfix/sasl/fastmail with the below content, adapting the “postfix smtp app password” generated earlier.

Note that we use the FastMail account itself, not the email alias we created:

[smtp.fastmail.com]:465 [email protected]:apppassword

Make it only readable by the root user, using sudo chmod 400 /etc/postfix/sasl/fastmail

Tell postfix to use the credentials using its lookup table management utility to create a /etc/postfix/sasl/fastmail.db file:

sudo postmap /etc/postfix/sasl/fastmail

Postfix main configuration

sudo nano /etc/postfix/main.cf and:

• modify myhostname to have our domain information (the DNS entry does not need to exist, but an unroutable network/private IP in your DNS will also work):

myhostname = host.example.com

• empty the mydestination field so that all emails sent out are sent through the relay:

mydestination =

• find the inet_interfaces and make it loopback-only so that our postfix does not listen on any other active network interface:

inet_interfaces = loopback-only

• optionally, make it use IPv4 only by modifying inet_protocols

inet_protocols = ipv4

• Comment the earlier smtp_tls_security_level and relayhost lines to avoid warnings, then add the following to the end of the file:

relayhost = [smtp.fastmail.com]:465
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl/fastmail
smtp_sasl_security_options = noanonymous
smtp_use_tls = yes
smtp_tls_wrappermode = yes
smtp_tls_security_level = encrypt

The/etc/postfix/sasl/fastmail file we created earlier is referenced. Additional details on TLS for postfix can be found at https://www.postfix.org/TLS_README.html. Because we are not using port 587 (Fastmail recommends using port 465 for SMTP), we are using the wrappermode.

• Add the following lines to make use of the header modification files we created earlier

sender_canonical_classes = envelope_sender, header_sender
sender_canonical_maps =  regexp:/etc/postfix/sender_canonical_maps
smtp_header_checks = regexp:/etc/postfix/header_check

• Make use of the [email protected] map:

recipient_canonical_maps = hash:/etc/postfix/recipient_canonical

• Save the file, then reload postfix with its new configuration

sudo /etc/init.d/postfix reload

• Test sending an email to [email protected]:

# content and subject
echo "Test mail content" | mail -s "Postfix Subject" [email protected]

You can check for errors using tail -n 30 /var/log/syslog. If all went well, you should have an entry with a status=sent value and looking similar to (###-ing variable content)

postfix/smtp[###]: ###: to=<[email protected]>, relay=smtp.fastmail.com[###.###.###.###]:465, delay=###, delays=###/###/###/###, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as ### ### via ###)

The real confirmation is the reception of the email sent by [email protected] at your [email protected] email.

Category

Tags

Untitled

Untitled