Hi,
Here is a quick workaround to make postfix use a remote server as a relay (aka “relayhost“) using SSL on port 465.
The idea is to setup a stunnel daemon on a random local port which will operates as an SSL TCP proxy to your real server.
|
1 |
apt-get install stunnel4 |
Then, edit /etc/stunnel/stunnel.conf, comment the “cert = /etc/stunnel/mail.pem” line an any built-in proxy ([pop3s], [imaps]…).
Add a new section:
|
1 2 3 4 |
[postfix-ssl-relayhost] accept = 2525 client = yes connect = my.remote-server.com:465 |
Enable stunnel daemon by setting ENABLED=1 in /etc/default/stunnel4.
Restart stunnel:
|
1 |
/etc/init.d/stunnel4 restart |
Add the following settings in /etc/postfix/main.cf:
|
1 2 3 4 |
# 465 isn't filtered... # relayhost = smtp.internal-server.com # relay thru stunnel forwarding to my.remote-server.com:465 relayhost = [127.0.0.1]:2525 |
And restart the service:
|
1 |
/etc/init.d/postfix restart |
You should now see something like this in your log file:
|
1 2 3 4 5 6 |
Feb 10 14:12:47 my.server.local postfix/cleanup[5121]: 6D8A8100E6F: message-id=<20140210131247.6D8A8100E6F@my.server.local> Feb 10 14:12:47 my.server.local postfix/qmgr[5112]: 6D8A8100E6F: from=<root@my.server.local>, size=336, nrcpt=1 (queue active) Feb 10 14:12:47 my.server.local <strong>stunnel</strong>: LOG5[5009:3083459504]: postfix-ssl-relayhost connected from 127.0.0.1:59355 Feb 10 14:12:47 my.server.local postfix/smtp[5123]: 6D8A8100E6F: to=<someone@somedomain.com>, <strong>relay=127.0.0.1[127.0.0.1]:2525</strong>, delay=0.09, delays=0.02/0/0.06/0.01, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 7F5E340569E3) Feb 10 14:12:47 my.server.local postfix/qmgr[5112]: 6D8A8100E6F: removed Feb 10 14:12:47 my.server.local <strong>stunnel</strong>: LOG5[5009:3083459504]: Connection closed: 511 bytes sent to SSL, 313 bytes sent to socket |