Outgoing Mail Server¶
On each server, a local Postfix instance is running to deliver mails to their destination.
SPF Record¶
To explicitly allow your server to send mails from a particular domain, you need to add an SPF record to your DNS zone:
example.com. 3600 IN TXT "v=spf1 mx a:<fqdn-or-smarthost> -all"
Note
depending on your companys guideline, servers can send mails directly or through a designated smarthost
Warning
please make sure to include all other servers that should be able to send mails from your domain as well
Configuration¶
Warning
changing any values can led to unintended consequences. Please make sure to plan any changes carefully and ask us for advice if you’re in doubt
mynetworks¶
list of additional, trusted remote SMTP clients that have more privileges than strangers
see the Postfix documentation for details
default: empty
Note
127.0.0.0/8 [::1]/128
is always prepended
relayhost¶
next-hop destination of non-local mail
see the Postfix documentation for details
default: empty
envelope_from¶
rewrite envelope from of each sent mail to the address specified
useful to catch any return errors at a particular mailbox without configuring all applications independently
default: empty (internally defaults to <username@server-domain>)
smtp_fallback_relay¶
optional list of relay hosts for SMTP destinations that can’t be found or that are unreachable
see the Postfix documentation for details
default: empty
inet_interfaces¶
network interface addresses that this mail system receives mail on
see the Postfix documentation for details
default:
loopback-only
(localhost Port 25)
message_size_limit¶
the maximal size in bytes of a message, including envelope information
see the Postfix documentation for details
default:
25600000
(25MB)
monitoring¶
whether our external monitoring will check the condition of the mail service on this particular server
default: true
smtpd_tls_cert_file¶
path to a TLS certificate used for incoming SMTP connections
default: empty
smtpd_tls_key_file¶
path to a TLS key used for incoming SMTP connections
default: empty
smtputf8_enable¶
Enable preliminary SMTPUTF8 support for the protocols described in RFC 6531 to 6533
see the Postfix documentation for details
default:
yes
smtp_sasl_password_maps¶
used to authenticate against your configured smarthost
default: empty
Example¶
All postfix related configuration is set within the Custom JSON Server Level Configuration:
{
"postfix::relayhost": "example.net",
"postfix::envelope_from": "webserver@example.net"
}
Microsoft Blacklist¶
If the IP address is on the blacklist, emails to Microsoft are rejected with the following message.
550 5.7.1 Unfortunately, messages from [x.x.x.x] weren't sent. Please contact your
Internet service provider since part of their network is on our block list (S3140).
Note
Before requesting unblocking, make sure that sending emails from the server and domain is configured correctly (SPF, DMARC etc). You can use tools such as mail-tester to check this.
IP-adresses can be unblocked through the Microsoft OLC (Outlook Consumer) support portal. A Microsoft account is required for this. Usually, Micrososft communicates their decision within 24 hours with a (strangely worded) automated response. If the decision was negative, reply to the decision and the IP address will normally be unblocked within the next 24 hours.