For many years, Microsoft Exchange on-premises served as the central mail hub in countless environments. Applications, scanners, monitoring systems, and legacy tools all relied on it for outgoing email. But with Exchange Server now essentially retired for most modern deployments, many administrators are looking for a stable alternative that still fits the old-school, dependable way of doing things.
A lightweight, local SMTP relay based on Postfix offers exactly that. It’s simple, time-tested, and integrates smoothly with Microsoft Exchange Connectors. Below is a straightforward guide to setting up such a relay on Ubuntu.
Installing Postfix
Start with a clean Ubuntu Server and install Postfix:
sudo apt install postfixDuring installation, choose “Satellite System” when prompted.
Here you can use your server name or any random name for your SMTP relay. The name does not matter in this case.
In the next step, you can enter a valid domain name. If you have installed the server in a DMZ without domain access, you can leave it as it is.
Accept the installation.
Adjusting the Postfix Configuration
Move into the configuration directory:
cd /etc/postfixOpen the main.cf:
sudo nano main.cfThe following lines in your main.cf file are essential for ensuring that your SMTP relay behaves correctly, uses TLS where needed, and communicates properly with Exchange Online. These settings define how Postfix identifies itself, handles incoming connections, applies TLS, and relays outgoing mail.
Hostname
myhostname = smpt-relay # Hostname of your SMTP relayThis defines the server name Postfix uses when communicating with other mail systems.
Exchange Online (EOP) relay target
relayhost = [company02e.mail.protection.outlook.com]:25This is your Exchange Online tenant’s relay endpoint. Mail that reaches this server will be forwarded to Microsoft 365.
You can obtain the correct hostname from the Microsoft 365 Admin Center → Domains → DNS Records.
Allowed IPs or subnets
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 172.25.10.10/24Only systems listed here are allowed to submit mail to your relay. This is your primary security control, so keep the list as small as possible.
Here is a solid, traditional configuration that establishes the server as a relay for approved systems in your network:
smtpd_banner = $myhostname ESMTP $mail_name
biff = no
append_dot_mydomain = no
readme_directory = no
compatibility_level = 3.6
# TLS
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_security_level=may
smtp_tls_CApath=/etc/ssl/certs
smtp_tls_security_level=may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = smpt-relay #hostname of smtp-relay
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
# Your Exchange Online tenant hostname (EOP)
relayhost = [company02e.mail.protection.outlook.com]:25
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 172.25.10.10/24
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
smtp_sasl_auth_enable = noReboot the server to ensure all services come up cleanly:
sudo rebootChecking Postfix Status and Logs
After reboot:
systemctl status postfix
For live log monitoring:
tail -f /var/log/mail.logIn this log file you can see service problems, but also messages that were received and successfully sent:
Testing the SMTP Relay
From an allowed server in your network, you can send a test email using PowerShell:
$EmailParams = @{
From = "[email protected]"
To = "[email protected]"
Subject = "Test Email"
Body = "Test Email for SMTP relay testing"
SmtpServer = "<IP or DNS name of your relay>"
Port = 25
}
Send-MailMessage @EmailParamsIf the message arrives and the logs look clean, your relay is working as intended.
Configuring Static Network Settings (Optional)
sudo nano /etc/netplan/*.yamlnetwork:
version: 2
ethernets:
ens33:
dhcp4: false
addresses:
- 10.10.0.10/24
routes:
- to: default
via: 10.10.0.1
nameservers:
addresses:
- 100.100.100.100
- 1.1.1.1Apply changes:
sudo netplan tryPress ENTER to apply the new network configuartion
Other recommendations
A quick reminder regarding the public IP address:
Your SMTP relay server only needs the ability to communicate with the internet using a fixed public IP. It does not need to be directly reachable from the internet on that address. Inside your network, all relevant systems, applications, and services should send their mail to the relay server via its internal IP address, just as it has always been done in well-structured environments.
If you make changes to /etc/postfix/main.cf, it’s good practice to validate and reload the configuration in the classic, reliable way:
sudo postfix checksudo postfix reloadThis ensures Postfix picks up your adjustments without requiring a full restart.
Leave a Reply