Configurar un servidor de reenvio en Postfix

En esta entrada se verá como configurar un servidor de reenvio de correo (relay server) en postfix. El relay server actua como una pasarela STMP de correo saliente entre postfix y el resto de servidores de correos. Es importante tener en cuenta que el servidor de reenvio solo interviene en la salida de correos, no en la entrada.

A continuación se detalla el proceso para configurar un relay server en postfix, por lo que este procedimiento es válido para cualquier servidor de correos que use postfix como servidor SMTP como por ejemplo iRedmail.

Configurar postfix

Editar el archivo /etc/postfix/main.cf, ejemplo:

## Relay server configuration
relayhost =  [smtp-relay.server.com]:587
smtp_sasl_password_maps = hash:/etc/postfix/sasl_password
smtp_sasl_auth_enable = yes
smtp_sasl_mechanism_filter = login
smtp_sasl_security_options = noanonymous
## End relay server configuration

Añadir las credenciales

Editar el archivo /etc/postfix/sasl_password y añadir las credenciales, ejemplo:

1	smtp-relay.server.com my-user:my-password

Troubleshotting

Es posible que al enviar correos vea en los logs de postfix errores relacionados con el proceso de autenticación. A continuación un ejemplo del log:

Mar 02 12:20:34 iRedmail postfix/submission/smtpd[771]: connect from unknown[46.6.228.118]
Mar 02 12:20:35 iRedmail postfix/submission/smtpd[771]: Anonymous TLS connection established from unknown[46.6.228.118]: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
Mar 02 12:20:35 iRedmail postfix/submission/smtpd[771]: 50148234E7: client=unknown[46.6.228.118], sasl_method=PLAIN, sasl_username=antonio@guillen.io
Mar 02 12:20:35 iRedmail postfix/cleanup[776]: 50148234E7: message-id=<C997360B-D7F4-4F6A-BE8B-E7DEA2E026CA@guillen.io>
Mar 02 12:20:35 iRedmail postfix/qmgr[768]: 50148234E7: from=<antonio@guillen.io>, size=1851, nrcpt=1 (queue active)
Mar 02 12:20:35 iRedmail postfix/submission/smtpd[771]: disconnect from unknown[46.6.228.118]
Mar 02 12:20:36 iRedmail postfix/smtpd[781]: connect from localhost[127.0.0.1]
Mar 02 12:20:36 iRedmail postfix/smtpd[781]: 3EDDD2288A: client=localhost[127.0.0.1]
Mar 02 12:20:36 iRedmail postfix/cleanup[776]: 3EDDD2288A: message-id=<C997360B-D7F4-4F6A-BE8B-E7DEA2E026CA@guillen.io>
Mar 02 12:20:36 iRedmail postfix/qmgr[768]: 3EDDD2288A: from=<antonio@guillen.io>, size=3337, nrcpt=1 (queue active)
Mar 02 12:20:36 iRedmail postfix/smtpd[781]: disconnect from localhost[127.0.0.1]
Mar 02 12:20:36 iRedmail postfix/smtp[777]: 50148234E7: to=<test@gmail.com>, relay=127.0.0.1[127.0.0.1]:10026, delay=1.2, delays=0.38/0.01/0/0.78, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 3EDDD2288A)
Mar 02 12:20:36 iRedmail postfix/qmgr[768]: 50148234E7: removed
Mar 02 12:20:36 iRedmail postfix/smtp[782]: Untrusted TLS connection established to smtp-relay.sendinblue.com[185.107.232.248]:587: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
Mar 02 12:20:36 iRedmail postfix/smtp[782]: warning: SASL authentication failure: No worthy mechs found
Mar 02 12:20:36 iRedmail postfix/smtp[782]: 3EDDD2288A: to=<test@gmail.com>, relay=smtp-relay.sendinblue.com[185.107.232.248]:587, delay=0.35, delays=0.1/0.01/0.24/0, dsn=4.7.0, status=deferred (SASL authentication failed; cannot authenticate to server smtp-relay.sendinblue.com[185.107.232.248]: no mechanism available)

La solución es instalar los siguientes paquetes:

1	yum install cyrus-sasl cyrus-sasl-plain cyrus-sasl-md5 cyrus-imapd openssl openssl-devel

Tras instalar y reiniciar postfix, al reintentar el envio de correo el log debería de mostrar algo similar a:

Mar 02 12:31:51 iRedmail postfix/submission/smtpd[1466]: connect from unknown[46.6.228.118]
Mar 02 12:31:52 iRedmail postfix/submission/smtpd[1466]: Anonymous TLS connection established from unknown[46.6.228.118]: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
Mar 02 12:31:52 iRedmail postfix/submission/smtpd[1466]: 7224A20712: client=unknown[46.6.228.118], sasl_method=PLAIN, sasl_username=antonio@guillen.io
Mar 02 12:31:52 iRedmail postfix/cleanup[1468]: 7224A20712: message-id=<015FCEB0-9719-4048-9D2F-41C9CE70CC31@guillen.io>
Mar 02 12:31:52 iRedmail postfix/qmgr[1456]: 7224A20712: from=<antonio@guillen.io>, size=1851, nrcpt=1 (queue active)
Mar 02 12:31:53 iRedmail postfix/submission/smtpd[1466]: disconnect from unknown[46.6.228.118]
Mar 02 12:31:53 iRedmail postfix/smtpd[1473]: connect from localhost[127.0.0.1]
Mar 02 12:31:53 iRedmail postfix/smtpd[1473]: 7B18F2070F: client=localhost[127.0.0.1]
Mar 02 12:31:53 iRedmail postfix/cleanup[1468]: 7B18F2070F: message-id=<015FCEB0-9719-4048-9D2F-41C9CE70CC31@guillen.io>
Mar 02 12:31:53 iRedmail postfix/qmgr[1456]: 7B18F2070F: from=<antonio@guillen.io>, size=3337, nrcpt=1 (queue active)
Mar 02 12:31:53 iRedmail postfix/smtpd[1473]: disconnect from localhost[127.0.0.1]
Mar 02 12:31:53 iRedmail postfix/smtp[1469]: 7224A20712: to=<test@gmail.com>, relay=127.0.0.1[127.0.0.1]:10026, delay=1.3, delays=0.5/0.01/0/0.74, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 7B18F2070F)
Mar 02 12:31:53 iRedmail postfix/qmgr[1456]: 7224A20712: removed
Mar 02 12:31:53 iRedmail postfix/smtp[1460]: Untrusted TLS connection established to smtp-relay.sendinblue.com[185.107.232.248]:587: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
Mar 02 12:31:54 iRedmail postfix/smtp[1460]: 7B18F2070F: to=<test@gmail.com>, relay=smtp-relay.sendinblue.com[185.107.232.248]:587, delay=0.55, delays=0.1/0/0.33/0.11, dsn=2.0.0, status=sent (250 Message queued as <015FCEB0-9719-4048-9D2F-41C9CE70CC31@guillen.io>)
Mar 02 12:31:54 iRedmail postfix/qmgr[1456]: 7B18F2070F: removed

Entradas de interés

Spamassassin - Configurar filtrado bayesiano