- \n
- Installing Postfix<\/a><\/li>\n\n\n\n
- Adjusting the Postfix Configuration<\/a><\/li>\n\n\n\n
- Checking Postfix Status and Logs<\/a><\/li>\n\n\n\n
- Other recommendations<\/a><\/li>\n<\/ul>\n\n\n\n
Installing Postfix<\/h6>\n\n\n\n
Start with a clean Ubuntu Server and install Postfix:<\/p>\n\n\n\n
sudo apt install postfix<\/code><\/pre>\n\n\n\nDuring installation, choose \u201cSatellite System\u201d<\/strong> when prompted.<\/p>\n\n\n\n
![\"\"](\"https:\/\/techbygiusi.com\/wp-content\/uploads\/2025\/11\/image-6-1024x578.png\")
<\/a><\/figure>\n\n\n\nHere you can use your server name or any random name for your SMTP relay. The name does not matter in this case.<\/p>\n\n\n\n
![\"\"](\"https:\/\/techbygiusi.com\/wp-content\/uploads\/2025\/11\/image-12-1024x175.png\")
<\/a><\/figure>\n\n\n\nIn the next step, you can enter a valid domain name. If you have installed the server in a DMZ without domain access, you can leave it as it is.<\/p>\n\n\n\n
![\"\"](\"https:\/\/techbygiusi.com\/wp-content\/uploads\/2025\/11\/image-8-1024x203.png\")
<\/a><\/figure>\n\n\n\nAccept the installation.<\/p>\n\n\n\n
![\"\"](\"https:\/\/techbygiusi.com\/wp-content\/uploads\/2025\/11\/image-13-1024x184.png\")
<\/a><\/figure>\n\n\n\nAdjusting the Postfix Configuration<\/h6>\n\n\n\n
Move into the configuration directory:<\/p>\n\n\n\n
cd \/etc\/postfix<\/code><\/pre>\n\n\n\nOpen the
main.cf<\/code>:<\/p>\n\n\n\nsudo nano main.cf<\/code><\/pre>\n\n\n\nThe following lines in your
main.cf<\/code> file are essential for ensuring that your SMTP relay behaves correctly, uses TLS where needed, and communicates properly with Exchange Online. These settings define how Postfix identifies itself, handles incoming connections, applies TLS, and relays outgoing mail.<\/p>\n\n\n\nHostname<\/strong><\/p>\n\n\n\n
myhostname = smpt-relay # Hostname of your SMTP relay<\/code><\/pre>\n\n\n\nThis defines the server name Postfix uses when communicating with other mail systems.<\/p>\n\n\n\n
Exchange Online (EOP) relay target<\/strong><\/p>\n\n\n\n
relayhost = [company02e.mail.protection.outlook.com]:25<\/code><\/pre>\n\n\n\nThis is your Exchange Online tenant\u2019s relay endpoint. Mail that reaches this server will be forwarded to Microsoft 365.
You can obtain the correct hostname from the Microsoft 365 Admin Center \u2192 Domains \u2192 DNS Records<\/strong>.<\/p>\n\n\n\nAllowed IPs or subnets<\/strong><\/p>\n\n\n\n
mynetworks = 127.0.0.0\/8 [::ffff:127.0.0.0]\/104 [::1]\/128 172.25.10.10\/24<\/code><\/pre>\n\n\n\nOnly systems listed here are allowed to submit mail to your relay. This is your primary security control, so keep the list as small as possible.<\/p>\n\n\n\n
Here is a solid, traditional configuration that establishes the server as a relay for approved systems in your network:<\/p>\n\n\n\n
smtpd_banner = $myhostname ESMTP $mail_name\nbiff = no\nappend_dot_mydomain = no\nreadme_directory = no\ncompatibility_level = 3.6\n\n# TLS\nsmtpd_tls_cert_file=\/etc\/ssl\/certs\/ssl-cert-snakeoil.pem\nsmtpd_tls_key_file=\/etc\/ssl\/private\/ssl-cert-snakeoil.key\nsmtpd_tls_security_level=may\n\nsmtp_tls_CApath=\/etc\/ssl\/certs\nsmtp_tls_security_level=may\nsmtp_tls_session_cache_database = btree:${data_directory}\/smtp_scache\n\nsmtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination\n\nmyhostname = smpt-relay #hostname of smtp-relay\n\nalias_maps = hash:\/etc\/aliases\nalias_database = hash:\/etc\/aliases\n\n# Your Exchange Online tenant hostname (EOP)\nrelayhost = [company02e.mail.protection.outlook.com]:25\n\nmynetworks = 127.0.0.0\/8 [::ffff:127.0.0.0]\/104 [::1]\/128 172.25.10.10\/24\n\nmailbox_size_limit = 0\nrecipient_delimiter = +\ninet_interfaces = all\ninet_protocols = all\n\nsmtp_sasl_auth_enable = no<\/code><\/pre>\n\n\n\nReboot the server to ensure all services come up cleanly:<\/p>\n\n\n\n
sudo reboot<\/code><\/pre>\n\n\n\nChecking Postfix Status and Logs<\/h6>\n\n\n\n
After reboot:<\/p>\n\n\n\n
systemctl status postfix<\/code><\/pre>\n\n\n\n![\"\"](\"https:\/\/techbygiusi.com\/wp-content\/uploads\/2025\/11\/image-14.png\")
<\/a><\/figure>\n\n\n\nFor live log monitoring:<\/p>\n\n\n\n
tail -f \/var\/log\/mail.log<\/code><\/pre>\n\n\n\nIn this log file you can see service problems, but also messages that were received and successfully sent:<\/p>\n\n\n\n
![\"\"](\"https:\/\/techbygiusi.com\/wp-content\/uploads\/2025\/11\/image-4-1024x78.png\")
<\/a><\/figure>\n\n\n\nTesting the SMTP Relay<\/h6>\n\n\n\n
From an allowed server in your network, you can send a test email using PowerShell:<\/p>\n\n\n\n
$EmailParams = @{\n From = \"test@test.test\"\n To = \"test@test.test\"\n Subject = \"Test Email\"\n Body = \"Test Email for SMTP relay testing\"\n SmtpServer = \"<IP or DNS name of your relay>\"\n Port = 25\n}\n\nSend-MailMessage @EmailParams<\/code><\/pre>\n\n\n\nIf the message arrives and the logs look clean, your relay is working as intended.<\/p>\n\n\n\n
Configuring Static Network Settings (Optional)<\/h6>\n\n\n\n
sudo nano \/etc\/netplan\/*.yaml<\/code><\/pre>\n\n\n\nnetwork:\n version: 2\n ethernets:\n ens33:\n dhcp4: false\n addresses:\n - 10.10.0.10\/24\n routes:\n - to: default\n via: 10.10.0.1\n nameservers:\n addresses:\n - 100.100.100.100\n - 1.1.1.1<\/code><\/pre>\n\n\n\nApply changes:<\/p>\n\n\n\n
sudo netplan try<\/code><\/pre>\n\n\n\n - Adjusting the Postfix Configuration<\/a><\/li>\n\n\n\n
![\"\"](\"https:\/\/techbygiusi.com\/wp-content\/uploads\/2025\/11\/image-15.png\")
<\/a><\/figure>\n\n\n\n