{"id":119,"date":"2014-02-10T14:08:27","date_gmt":"2014-02-10T13:08:27","guid":{"rendered":"http:\/\/blog.le-vert.net\/?p=119"},"modified":"2014-02-10T14:28:35","modified_gmt":"2014-02-10T13:28:35","slug":"postfix-ssl-relayhost","status":"publish","type":"post","link":"https:\/\/blog.le-vert.net\/?p=119","title":{"rendered":"Postfix: SSL relayhost"},"content":{"rendered":"
\n\t\t\t\t\tTweet<\/a>\n\t\t\t\t<\/div><\/div>

Hi,<\/p>\n

Here is a quick workaround to make postfix use a remote server as a relay (aka “relayhost<\/strong>“) using SSL on port 465<\/strong>.<\/p>\n

The idea is to setup a stunnel daemon<\/strong> on a random local port which will operates as an SSL TCP proxy<\/strong> to your real server.<\/p>\n

apt-get install stunnel4<\/pre>\n
Then, edit \/etc\/stunnel\/stunnel.conf, comment the “cert = \/etc\/stunnel\/mail.pem” line an any built-in proxy ([pop3s], [imaps]…).<\/p>\n
Add a new section:<\/p>\n
[postfix-ssl-relayhost]\r\naccept = 2525\r\nclient = yes\r\nconnect = my.remote-server.com:465<\/pre>\n
Enable stunnel daemon by setting ENABLED=1 in \/etc\/default\/stunnel4.<\/p>\n
Restart stunnel:<\/p>\n
\/etc\/init.d\/stunnel4 restart<\/pre>\n
Add the following settings in \/etc\/postfix\/main.cf:<\/p>\n
# 465 isn't filtered...\r\n# relayhost = smtp.internal-server.com \r\n# relay thru stunnel forwarding to my.remote-server.com:465\r\nrelayhost = [127.0.0.1]:2525<\/pre>\n
And restart the service:<\/p>\n
\/etc\/init.d\/postfix restart<\/pre>\n
You should now see something like this in your log file:<\/p>\n
Feb 10 14:12:47 my.server.local postfix\/cleanup[5121]: 6D8A8100E6F: message-id=<20140210131247.6D8A8100E6F@my.server.local>\r\nFeb 10 14:12:47 my.server.local postfix\/qmgr[5112]: 6D8A8100E6F: from=, size=336, nrcpt=1 (queue active)\r\nFeb 10 14:12:47 my.server.local stunnel<\/strong>: LOG5[5009:3083459504]: postfix-ssl-relayhost connected from 127.0.0.1:59355\r\nFeb 10 14:12:47 my.server.local postfix\/smtp[5123]: 6D8A8100E6F: to=, relay=127.0.0.1[127.0.0.1]:2525<\/strong>, delay=0.09, delays=0.02\/0\/0.06\/0.01, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 7F5E340569E3)\r\nFeb 10 14:12:47 my.server.local postfix\/qmgr[5112]: 6D8A8100E6F: removed\r\nFeb 10 14:12:47 my.server.local stunnel<\/strong>: LOG5[5009:3083459504]: Connection closed: 511 bytes sent to SSL, 313 bytes sent to socket<\/pre>\n","protected":false},"excerpt":{"rendered":"
Hi, Here is a quick workaround to make postfix use a remote server as a relay (aka “relayhost“) using SSL on port 465. The idea is to setup a stunnel daemon on a random local port which will operates as … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/blog.le-vert.net\/index.php?rest_route=\/wp\/v2\/posts\/119"}],"collection":[{"href":"https:\/\/blog.le-vert.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.le-vert.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.le-vert.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.le-vert.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=119"}],"version-history":[{"count":5,"href":"https:\/\/blog.le-vert.net\/index.php?rest_route=\/wp\/v2\/posts\/119\/revisions"}],"predecessor-version":[{"id":124,"href":"https:\/\/blog.le-vert.net\/index.php?rest_route=\/wp\/v2\/posts\/119\/revisions\/124"}],"wp:attachment":[{"href":"https:\/\/blog.le-vert.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=119"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.le-vert.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=119"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.le-vert.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=119"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}