This guide will walk you through configuring Postfix to use JetEmail as your smarthost for improved email deliverability and authentication.

Prerequisites

  • Root access to your server
  • Postfix mail server installed and running
  • JetEmail SMTP credentials from your dashboard

Configuration Steps

1

Generate SMTP Credentials

Create a smarthost (or use an existing one) in your JetEmail dashboard.

2

Configure SMTP Authentication

Create or edit /etc/postfix/sasl_passwd to include your JetEmail credentials:

relay.jetsmtp.net:25 your_username:your_password

Replace your_username and your_password with your actual JetEmail SMTP credentials.

Secure the file and create the hash database:

chmod 600 /etc/postfix/sasl_passwd
postmap /etc/postfix/sasl_passwd
3

Update Postfix Main Configuration

Add the following lines to /etc/postfix/main.cf:

# JetEmail Smarthost Configuration
relayhost = relay.jetsmtp.net:25
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_use_tls = yes
smtp_tls_security_level = encrypt
smtp_tls_note_starttls_offer = yes
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt

# Header customization for authentication
smtp_header_checks = regexp:/etc/postfix/smtp_header_checks
4

Configure Header Authentication

Create /etc/postfix/smtp_header_checks to add authentication headers:

/^(.*)/ REPLACE X-AuthUser: your_username

Replace your_username with your actual JetEmail SMTP username.

Create the hash database:

postmap /etc/postfix/smtp_header_checks
5

Optional: Configure Sender Canonical Maps

If you need to rewrite sender addresses, create /etc/postfix/sender_canonical:

# Rewrite local users to use your domain
[email protected]    [email protected]
[email protected] [email protected]

Add to /etc/postfix/main.cf:

sender_canonical_maps = hash:/etc/postfix/sender_canonical

Create the hash database:

postmap /etc/postfix/sender_canonical
6

Test Configuration and Restart Postfix

Test your configuration and restart Postfix:

postfix check  # Test configuration syntax
systemctl restart postfix

Alternative Port Configuration

If port 25 is blocked, you can use port 587:

# Use port 587 instead of 25
relayhost = relay.jetsmtp.net:587
smtp_tls_wrappermode = no
smtp_tls_security_level = encrypt

Additional Configuration

SPF Records

Don’t forget to update your SPF records to include JetEmail’s servers:

v=spf1 include:spf.jetsmtp.net ~all

Learn more about SPF configuration.

Domain Authentication

For enhanced security and deliverability:

  • Configure Domain Lockdown to prevent domain spoofing
  • Set up DMARC for email authentication
  • Ensure proper DKIM signing is configured

Testing Your Configuration

After configuration, test your setup:

  1. Send a test email to an external address:

    echo "Test message body" | mail -s "Test Subject" [email protected]

  2. Check the mail queue:

    postqueue -p

  3. Monitor Postfix logs:

    tail -f /var/log/mail.log
# OR
tail -f /var/log/maillog

  4. Verify authentication in email headers

  5. Monitor delivery in your JetEmail dashboard

Troubleshooting

Authentication Failures

  • Verify your SMTP credentials in /etc/postfix/sasl_passwd
  • Ensure the password database was created: postmap /etc/postfix/sasl_passwd
  • Check that your JetEmail account is active and in good standing

Connection Issues

  • Verify ports 25 or 587 are open in your firewall: 
    telnet relay.jetsmtp.net 25
# OR
telnet relay.jetsmtp.net 587
  • Check TLS configuration and certificate paths
  • Ensure SASL authentication modules are installed: 
    # Debian/Ubuntu
apt-get install libsasl2-modules

# CentOS/RHEL
yum install cyrus-sasl-plain

Configuration Errors

  • Check Postfix logs for detailed error messages: 
    grep postfix /var/log/mail.log
  • Test configuration syntax: postfix check
  • Verify file permissions on configuration files

Common Error Messages

“SASL authentication failed”

  • Check username/password in /etc/postfix/sasl_passwd
  • Verify the password database exists and is readable

“TLS is required”

  • Ensure smtp_use_tls = yes is set
  • Check TLS certificate configuration

“Connection refused”

  • Verify network connectivity to JetEmail servers
  • Check firewall settings

Advanced Configuration

Multiple Domains with Different Credentials

If you need different SMTP credentials for different domains:

  1. Create /etc/postfix/sender_dependent_relayhost_maps:

    @domain1.com    relay.jetsmtp.net:25
@domain2.com    relay.jetsmtp.net:25

  2. Create /etc/postfix/sender_dependent_sasl_passwd_maps:

    @domain1.com    username1:password1
@domain2.com    username2:password2

  3. Add to /etc/postfix/main.cf:

    sender_dependent_relayhost_maps = hash:/etc/postfix/sender_dependent_relayhost_maps
smtp_sender_dependent_authentication = yes
smtp_sasl_password_maps = hash:/etc/postfix/sender_dependent_sasl_passwd_maps

  4. Create hash databases:

    postmap /etc/postfix/sender_dependent_relayhost_maps
postmap /etc/postfix/sender_dependent_sasl_passwd_maps

Security Considerations

  • Keep your SMTP credentials secure with proper file permissions
  • Regularly rotate your JetEmail SMTP passwords
  • Monitor your email logs for suspicious activity
  • Consider implementing rate limiting if needed

For additional support, contact our team or visit our Discord community.