Setting up outgoing emails

through docker, restrictive smarthosts or restrictive facing MXes


making outgoing emails work can be tricky on a docker container. so here’s the full checklist that would also work for a normal system (fr:qui peut le plus peut le moins)

in brief


on a RHEL/CentOS system, make sure those are installed,

yum -y install postfix mailx rsyslog bind-utils nmap netcat telnet
cp -pi /etc/postfix/ /etc/postfix/

on an Ubuntu system, make sure those are installed,

apt -y install postfix bsd-mailx rsyslog dnsutils nmap netcat telnet alpine


systemctl restart rsyslog
systemctl enable rsyslog
#as for container, if you really want to run it inside it,

mv -i /etc/postfix/ /etc/postfix/
sed '/^[[:space:]]*$/d; /^[[:space:]]*#/d' /etc/postfix/ > /etc/postfix/

postconf compatibility_level=2
systemctl restart postfix
systemctl enable postfix
#container: postfix start/reload

For the record, the default Ubuntu artful looks as such,

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
append_dot_mydomain = no
readme_directory = no
compatibility_level = 2
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = FQDN-HERE
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination = $myhostname, wordpress, localhost.localdomain, , localhost
relayhost =
mynetworks = [::ffff:]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all

eventually change,

smtpd_banner = $myhostname ESMTP
myhostname = FQDN-HERE

Also if this is just a smarthost setup, no need to listen on port 25,

#smtp      inet  n       -       y       -       -       smtpd

and submission is disabled by default.

public FQDN

check that your hostname is an FQDN already (either fix that on the system or change postfix myhostname),


myorigin=$myhostname OR $mydomain

does it resolve itself tru DNS?

host `hostname`

#this will not help
#cat /etc/hosts

note. don’t edit the hosts file on a docker container, you need to change either docker-run -h or –add-host

does that FQDN exist on the public network? If not, you need to fix myorigin (assuming the domain does exist),

vi /etc/postfix/

myorigin = $mydomain

postfix reload
#systemctl restart postfix

postfix chroot

if running Ubuntu, you might want to allow Postfix to resolve hosts and services from its chroot land,

cp -pf /etc/hosts /etc/services /etc/resolv.conf /var/spool/postfix/etc/
cat /var/spool/postfix/etc/{hosts,resolv.conf}

(optional) in case you got warnings about that,

mkdir -p /var/spool/postfix/lib/x86_64-linux-gnu/
cd /var/spool/postfix/lib/x86_64-linux-gnu/
cp -vl /lib/x86_64-linux-gnu/libnss_* ./
ls -alhF

using a relay

make sure it resolves,

    host SMARTHOST

or hardcode the name resolution into /etc/hosts.

check that you can reach the smtp relay,

    nmap -p 25,465,587 SMARTHOST
    nc -v -z SMARTHOST 25 465 587

finally tweak Postfix,

vi /etc/postfix/

relayhost = SMARTHOST

postfix reload


configure root mail alias to receive crontab and upgrade notifications,

    cd /etc/
    cp -pi aliases alises.dist
    vi aliases

    postmaster:     root
    wheeleduser:    root
    appuser:        root
    cronuser:       root


ready to go

watch the logs while you proceed,

    tail -20 /var/log/maillog &
    tail -20 /var/log/mail.log &

now check that you receive mails from that host,

date | mailx -s test_from_`hostname` root
#postfix flush


this is v2.11.4


myhostname = ...
mydomain = ...
myorigin = ...

alias_maps = hash:/etc/mail/aliases
alias_database = hash:/etc/mail/aliases

Nethence | Pub | Lab | Pbraun | SNE Russia | xhtml