Outgoing Mail Server

On each server, a local Postfix instance is running to deliver mail to its destination.

Tip

Instead of using the local mail server, we recommend configuring your application to send mail by SMTP directly. This way, you can use the existing mail server, where SPF, DKIM and other settings have to be configured and monitored already anyway.

Also, this is the most robust setup to reliably send mail through the web server.

SPF Record

To explicitly allow your server to send mail from a particular domain, you need to add an SPF record to your DNS zone:

example.com.              3600     IN      TXT     "v=spf1 mx a:<fqdn-or-smarthost> -all"

Warning

Make sure to include all other required systems as well. This example covers only the server behind the domain MX record and the web server.

Note

Depending on your company guidelines, the server might send mail not directly but through a central smarthost.

Configuration

Warning

Any change can have unintended consequences. Please make sure to plan and check carefully, and ask us for advice if you’re in doubt.

mynetworks

• list of additional, trusted remote SMTP clients that have more privileges than strangers

• see the Postfix documentation for details

• default: empty

Note

127.0.0.0/8 [::1]/128 is always prepended

relayhost

• next-hop destination of non-local mail

• see the Postfix documentation for details

• default: empty

smtp_fallback_relay

• optional list of relay hosts for SMTP destinations that can’t be found or that are unreachable

• see the Postfix documentation for details

• default: empty

inet_interfaces

• network interface addresses that this mail system receives mail on

• see the Postfix documentation for details

• default: loopback-only (localhost Port 25)

message_size_limit

• the maximal size in bytes of a message, including envelope information

• see the Postfix documentation for details

• default: 25600000 (25MB)

monitoring

• whether our external monitoring will check the condition of the mail service on this particular server

• default: true

smtpd_tls_cert_file

• path to a TLS certificate used for incoming SMTP connections

• default: empty

smtpd_tls_key_file

• path to a TLS key used for incoming SMTP connections

• default: empty

smtputf8_enable

• Enable preliminary SMTPUTF8 support for the protocols described in RFC 6531 to 6533

• see the Postfix documentation for details

• default: yes

smtp_sasl_password_maps

• used to authenticate against your configured smarthost

• default: empty

Example

All postfix related configuration is set within the Custom JSON Server Level Configuration:

{
  "postfix::relayhost": "example.net",
}

Microsoft Blacklist

If the IP address is on the blacklist, emails to Microsoft are rejected with the following message.

550 5.7.1 Unfortunately, messages from [x.x.x.x] weren't sent. Please contact your
Internet service provider since part of their network is on our block list (S3140).

Note

Before requesting unblocking, make sure that sending emails from the server and domain is configured correctly (SPF, DMARC etc). You can use tools such as mail-tester to check this.

IP-adresses can be unblocked through the Microsoft OLC (Outlook Consumer) support portal. A Microsoft account is required for this. Usually, Micrososft communicates their decision within 24 hours with a (strangely worded) automated response. If the decision was negative, reply to the decision and the IP address will normally be unblocked within the next 24 hours.