This guide will walk you through configuring Postfix to use JetEmail as your smarthost for improved email deliverability and authentication.

Prerequisites

  • Root access to your server
  • Postfix mail server installed and running
  • JetEmail SMTP credentials from your dashboard

Configuration Steps

1

Generate SMTP Credentials

Create a smarthost (or use an existing one) in your JetEmail dashboard.
2

Configure SMTP Authentication

Create or edit /etc/postfix/sasl_passwd to include your JetEmail credentials:
relay.jetsmtp.net:25 your_username:your_password
Replace your_username and your_password with your actual JetEmail SMTP credentials.Secure the file and create the hash database:
chmod 600 /etc/postfix/sasl_passwd
postmap /etc/postfix/sasl_passwd
3

Update Postfix Main Configuration

Add the following lines to /etc/postfix/main.cf:
# JetEmail Smarthost Configuration
relayhost = relay.jetsmtp.net:25
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_use_tls = yes
smtp_tls_security_level = encrypt
smtp_tls_note_starttls_offer = yes
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt

# Header customization for authentication
smtp_header_checks = regexp:/etc/postfix/smtp_header_checks
4

Configure Header Authentication

Create /etc/postfix/smtp_header_checks to add authentication headers:
/^(.*)/ REPLACE X-AuthUser: your_username
Replace your_username with your actual JetEmail SMTP username.Create the hash database:
postmap /etc/postfix/smtp_header_checks
5

Optional: Configure Sender Canonical Maps

If you need to rewrite sender addresses, create /etc/postfix/sender_canonical:
# Rewrite local users to use your domain
[email protected]    [email protected]
[email protected] [email protected]
Add to /etc/postfix/main.cf:
sender_canonical_maps = hash:/etc/postfix/sender_canonical
Create the hash database:
postmap /etc/postfix/sender_canonical
6

Test Configuration and Restart Postfix

Test your configuration and restart Postfix:
postfix check  # Test configuration syntax
systemctl restart postfix

Alternative Port Configuration

If port 25 is blocked, you can use port 587: 
# Use port 587 instead of 25
relayhost = relay.jetsmtp.net:587
smtp_tls_wrappermode = no
smtp_tls_security_level = encrypt

Additional Configuration

SPF Records

Don’t forget to update your SPF records to include JetEmail’s servers: 
v=spf1 include:spf.jetsmtp.net ~all
Learn more about SPF configuration.

Domain Authentication

For enhanced security and deliverability:
  • Configure Domain Lockdown to prevent domain spoofing
  • Set up DMARC for email authentication
  • Ensure proper DKIM signing is configured

Testing Your Configuration

After configuration, test your setup:
  1. Send a test email to an external address: 
    echo "Test message body" | mail -s "Test Subject" [email protected]
  2. Check the mail queue: 
    postqueue -p
  3. Monitor Postfix logs: 
    tail -f /var/log/mail.log
# OR
tail -f /var/log/maillog
  4. Verify authentication in email headers
  5. Monitor delivery in your JetEmail dashboard

Troubleshooting

Authentication Failures

  • Verify your SMTP credentials in /etc/postfix/sasl_passwd
  • Ensure the password database was created: postmap /etc/postfix/sasl_passwd
  • Check that your JetEmail account is active and in good standing

Connection Issues

  • Verify ports 25 or 587 are open in your firewall: 
    telnet relay.jetsmtp.net 25
# OR
telnet relay.jetsmtp.net 587
  • Check TLS configuration and certificate paths
  • Ensure SASL authentication modules are installed: 
    # Debian/Ubuntu
apt-get install libsasl2-modules

# CentOS/RHEL
yum install cyrus-sasl-plain

Configuration Errors

  • Check Postfix logs for detailed error messages: 
    grep postfix /var/log/mail.log
  • Test configuration syntax: postfix check
  • Verify file permissions on configuration files

Common Error Messages

“SASL authentication failed”
  • Check username/password in /etc/postfix/sasl_passwd
  • Verify the password database exists and is readable
“TLS is required”
  • Ensure smtp_use_tls = yes is set
  • Check TLS certificate configuration
“Connection refused”
  • Verify network connectivity to JetEmail servers
  • Check firewall settings

Advanced Configuration

Multiple Domains with Different Credentials

If you need different SMTP credentials for different domains:
  1. Create /etc/postfix/sender_dependent_relayhost_maps: 
    @domain1.com    relay.jetsmtp.net:25
@domain2.com    relay.jetsmtp.net:25
  2. Create /etc/postfix/sender_dependent_sasl_passwd_maps: 
    @domain1.com    username1:password1
@domain2.com    username2:password2
  3. Add to /etc/postfix/main.cf: 
    sender_dependent_relayhost_maps = hash:/etc/postfix/sender_dependent_relayhost_maps
smtp_sender_dependent_authentication = yes
smtp_sasl_password_maps = hash:/etc/postfix/sender_dependent_sasl_passwd_maps
  4. Create hash databases: 
    postmap /etc/postfix/sender_dependent_relayhost_maps
postmap /etc/postfix/sender_dependent_sasl_passwd_maps

Security Considerations

  • Keep your SMTP credentials secure with proper file permissions
  • Regularly rotate your JetEmail SMTP passwords
  • Monitor your email logs for suspicious activity
  • Consider implementing rate limiting if needed
For additional support, contact our team or visit our Discord community.