How to Set Up Postfix SMTP Relay on CentOS with Mailjet

This tutorial is going to show you how to set up Postfix SMTP relay with Mailjet on CentOS/RHEL. Postfix is a popular open-source SMTP server. Previously I wrote an article how to easily set up a full-blown email server on CentOS/RHEL with Modoboa, which helped a lot of readers run their own email server.

However, some readers told me that port 25 is blocked by hosting provider or ISP as a way to control email spam, so they couldn’t send email. Vultr would unblock port 25 if you ask them to, and ScalaHosting doesn’t block port 25 at all, so I recommend using ScalaHosting VPS. Some other hosting providers or ISPs like DigitalOcean would refuse to unblock port 25.

SMTP Relay To The Rescue

You can bypass port 25 and send emails to outside world with SMTP relay because it uses port 587. With SMTP relay, your own email server doesn’t directly send email to the destination email address. Instead, there’s an intermediate mail server, otherwise known as smart host or relay host , that sends emails on your behalf. Your email server communicates with relay host on port 587, then the relay host talks with the recipient’s mail server on port 25.

SMTP relay can also help you get around anti-spam blacklists, if your IP address is blacklisted for whatever reason. The recipient’s mail server checks the relay host’s IP address against public anti-spam blacklists, instead of your server IP address and because SMTP relay services maintain good IP reputation, so your emails can get through IP blacklists.

Using Mailjet To Send 200 Emails Per Day For Free

There are several email service providers (ESP) that can act as relay host. Some charge a little fee, some offer free quotas every month. In this article, I’d like to show you how to use Mailjet, which is an email service provider that allows you to send 200 emails per day for free.

The nice thing about Mailjet is that it doesn’t require you to enter your credit card details when you use the free SMTP relay service. There are other ESPs that offer free quota every month but requires you to enter credit card details. (I know how frustrated it can be when you don’t have a credit card.) Mailjet is also easier to set up, compared to other ESPs.

Create an account at mailjet.com. Then on the dashboard, you can see the 3 things that you need to do.

• Setting up SMTP
• Managing sender addresses
• setting up domain authentication (SPF and DKIM)

Step 1: Setting up Postfix SMTP Relay on CentOS/RHEL

First, let’s install Postfix SMTP server on CentOS/RHEL with the following command. If Postfix is already running on your server, then skip installing Postfix.

sudo dnf install postfix

You need to install the following two packages in order to use SMTP relay.

sudo dnf install cyrus-sasl-plain cyrus-sasl-md5

By default, the relayhost parameter in Postfix is not set, as can be seen with:

postconf relayhost

Output:

relayhost =

You need to get the relay host address from your mailjet account. In mailjet dashboard, click setup my SMTP.

You will see the SMTP server address and SMTP credentials.

Run the following command to set the value of relayhost to in-v3.mailjet.com:587.

sudo postconf -e "relayhost = in-v3.mailjet.com:587"

Edit the Postfix main configuration file with a command-line text editor, such as Nano.

sudo nano /etc/postfix/main.cf

Scroll down the end of the file. (In Nano, you can achieve that by pressing Ctrl+W, then Ctrl+V.)  Add the following lines to the end of this file.

# outbound relay configurations
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
header_size_limit = 4096000

Save and close the file. To save a file in Nano text editor, press Ctrl+O, then press Enter to confirm. To exit, press Ctrl+X.

Then create the /etc/postfix/sasl_passwd file.

sudo nano /etc/postfix/sasl_passwd

Add the SMTP relay host and SMTP credentials to this file like below. Replace api-key and secret-key with your real Mailjet API key and secret key.

in-v3.mailjet.com:587  api-key:secret-key

Save and close the file. Then create the corresponding hash db file with postmap.

sudo postmap /etc/postfix/sasl_passwd

Now you should have a file /etc/postfix/sasl_passwd.db. Restart Postfix for the changes to take effect.

sudo systemctl restart postfix

By default, sasl_passwd and sasl_passwd.db file can be read by any user on the server.  Change the permission to 600 so only root can read and write to these two files.

sudo chmod 0600 /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db

From now on, Postfix will send emails via mailjet.

Step 2: Adding Sender Addresses

You need to add sender domain or sender address in order to send email via mailjet. In mailjet dashboard, click manage sender addresses. You can validate your entire domain or specific email addresses.

Step 3: Setting up Domain Authentication

In this step, we need to set up SPF and DKIM record, which is strongly recommended if you want your emails to land in recipient’s inbox rather than spam folder.

• SPF: Sender Policy Framework. This is a DNS record that specifies what IP addresses are allowed to send email from your domain.
• DKIM: DomainKeys Identified Mail. Mailjet will digitally sign your emails with a private key. The DKIM record contains a public key that allows recipient’s email server to verify the signature.

In mailjet dashboard, click setup domain authentication. By default, SPF status and DKIM status are both in error. Click manage button and follow the instructions to add SPF and DKIM records.

After SPF and DKIM records are created, wait a few moments and refresh the mailjet web page. Your new DNS records can take some time to propagate on the Internet, depending on your DNS hosting service. If SPF and DKIM records are set up correctly and propagation is complete, mailjet would tell you that SPF and DKIM record are good.

Sending Test Email

Now we can send a test email with mailx command like below.

sudo dnf install mailx

echo "this is a test email." | mailx -r from-address -s hello to-address

You can also send a test email from your webmail client or desktop mail client. It is also a good idea to test your email score at https://www.mail-tester.com. As you can see, I got a perfect score.

Troubleshooting

If your email wasn’t delivered and you found the following message in the mail log (/var/log/maillog),

Relay access denied (in reply to RCPT TO command))

then you might need to edit the /etc/postfix/sasl_passwd file and remove the port number after the hostname like below.

in-v3.mailjet.com    api-key:secret-key

Save and close the file. Then build the index file again.

sudo postmap /etc/postfix/sasl_passwd

Restart Postfix for the changes to take effect.

sudo systemctl restart postfix

Now you can flush the email queue (attempt to deliver the previous emails).

sudo postqueue -f

Adding Additional Domains

If you set up a mail server on a new machine for a new domain name, and you want to set up SMTP relay for this new domain name, then follow the same steps:

• Configure Postfix SMTP relay settings
• Validate the new domain name in Mailjet dashboard
• Set up SPF and DKIM verifications

Wrapping Up

That’s it! I hope this tutorial helped you set up Postfix SMTP relay on CentOS/RHEL to bypass port 25 or IP blacklists. As always, if you found this post useful, then subscribe to our free newsletter to get more tips and tricks. Take care.