SMTP Service Provider as a Relay Host for Postfix

When using Digital Ocean server, they are tend to block SMTP outgoing port such as 25, 465, 587.

This will cause the outgoing email will be blocked and cannot be sent out. You can only receive emails from others but cannot reply back to them. The SMTP outgoing port block will also cause any email forwarding to fail.

So how do we fix it?

1. You can contact Digital Ocean support team to open the SMTP port OR;
2. Use SMTP Service Provider

In my case, I’m using SMTP Service Provider such as SendGrid and Amazon SES to send out emails.

For this tutorial, my server setup was using:

1. CentOS 7
2. CyberPanel (OpenLiteSpeed)
3. Postfix (free and open-source mail transfer agent which you can enable it during the CyberPanel installation)

To use SMTP Service Provider in Postfix as a relay host (I’m using SendGrid), you need to modify /etc/postfix/main.cf.

SSH to your server, then find and edit your Postfix config file, typically the location is /etc/postfix/main.cf:

[root@host ~]# nano /etc/postfix/main.cf

Add the following code to the file (you can put it at the end of the file):

smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
smtp_tls_security_level = encrypt
header_size_limit = 4096000
relayhost = [smtp.sendgrid.net]:587

The next step is, we need to create /etc/postfix/sasl_passwd file to store your SendGrid credentials. In your SSH terminal, key in the following command to create the file:

[root@host ~]# nano /etc/postfix/sasl_passwd

Then key in the following code in the /etc/postfix/sasl_passwd file that you have just created to specify your SendGrid credentials:

[smtp.sendgrid.net]:587 yourSendGridUsername:yourSendGridPassword

Note: Use API for your SendGrid credentials. Refer to https://sendgrid.com/docs/API_Reference/SMTP_API/integrating_with_the_smtp_api.html

Save the file and exit.

Next, make sure the file has restricted read and write access only for root, and use the postmap command to update Postfix’s hashtables to use this new file:

[root@host ~]# sudo chmod 600 /etc/postfix/sasl_passwd
[root@host ~]# sudo postmap /etc/postfix/sasl_passwd

Finally, you need to restart Postfix so that all updates can take effect:

[root@host ~]# sudo systemctl restart postfix

You can get the original reference that I use from SendGrid documentation at https://sendgrid.com/docs/for-developers/sending-email/postfix/.

Or if you are using Amazon SES, you can get the reference at: https://docs.aws.amazon.com/ses/latest/DeveloperGuide/postfix.html

The whole process should looks like similar to this:

[root@host ~]# nano /etc/postfix/main.cf
[root@host ~]# nano /etc/postfix/sasl_passwd
[root@host ~]# sudo chmod 600 /etc/postfix/sasl_passwd
[root@host ~]# sudo postmap /etc/postfix/sasl_passwd
postmap: warning: /etc/postfix/main.cf, line 77: overriding earlier entry: smtp_                                                              tls_security_level=may
[root@host ~]# sudo systemctl restart postfix
[root@host ~]#

Additional notes

When using email forwarding for your domain (example: [email protected]) to your other email address such as Gmail, you may want to reply to the emails sent to you using the same email address (example: [email protected]m).

Since the Outgoing SMTP port has been blocked by Digital Ocean, therefore you need to use the same SMTP Service Provider to reply to the emails.

Hope this helps.