16

I am total noob about Unix and CLI. after googling for almost 6 hours I came to know I should be editing postfix port from 25 to 587 for PHP mail() function to work. and here is the solution I got http://www.linuxmail.info/postfix-change-port/ but I am not sure how to change it. as already said I am a noob. any help regarding this will be appreciated.

UPDATE1 :

grawity solution gives me the following error.

May  7 00:42:39 Ibrahim-Armars-MacBook-Pro postfix/pickup[4169]: DE2073F07C1: uid=501 from=<azhararmar>
May  7 00:42:39 Ibrahim-Armars-MacBook-Pro postfix/master[4185]: fatal: open lock file pid/master.pid: unable to set exclusive lock: Resource temporarily unavailable
May  7 00:42:39 Ibrahim-Armars-MacBook-Pro postfix/cleanup[4177]: DE2073F07C1: message-id=<20110506191239.DE2073F07C1@Ibrahim-Armars-MacBook-Pro.local>
May  7 00:42:39 Ibrahim-Armars-MacBook-Pro postfix/qmgr[4168]: DE2073F07C1: from=<azhararmar@Ibrahim-Armars-MacBook-Pro.local>, size=525, nrcpt=1 (queue active)
May  7 00:42:40 Ibrahim-Armars-MacBook-Pro postfix/smtp[4179]: DE2073F07C1: to=<azhar@iarmar.com>, relay=smtp.gmail.com[74.125.155.109]:587, delay=0.8, delays=0.01/0/0.79/0, dsn=4.7.5, status=deferred (TLS is required, but our TLS engine is unavailable)
May  7 00:42:41 Ibrahim-Armars-MacBook-Pro postfix/pickup[4169]: 5F2FC3F07C4: uid=501 from=<azhararmar>
May  7 00:42:41 Ibrahim-Armars-MacBook-Pro postfix/cleanup[4177]: 5F2FC3F07C4: message-id=<20110506191241.5F2FC3F07C4@Ibrahim-Armars-MacBook-Pro.local>
May  7 00:42:41 Ibrahim-Armars-MacBook-Pro postfix/qmgr[4168]: 5F2FC3F07C4: from=<azhararmar@Ibrahim-Armars-MacBook-Pro.local>, size=525, nrcpt=1 (queue active)
May  7 00:42:42 Ibrahim-Armars-MacBook-Pro postfix/smtp[4179]: 5F2FC3F07C4: to=<azhar@iarmar.com>, relay=smtp.gmail.com[74.125.155.109]:587, delay=0.79, delays=0.01/0/0.78/0, dsn=4.7.5, status=deferred (TLS is required, but our TLS engine is unavailable)
May  7 00:42:50 Ibrahim-Armars-MacBook-Pro postfix/master[4190]: fatal: open lock file pid/master.pid: unable to set exclusive lock: Resource temporarily unavailable

UPDATE 2 :

May  7 01:10:02 Ibrahim-Armars-MacBook-Pro postfix/master[4472]: fatal: open lock file pid/master.pid: unable to set exclusive lock: Resource temporarily unavailable
May  7 01:10:02 Ibrahim-Armars-MacBook-Pro postfix/pickup[4419]: 357F73F090F: uid=501 from=<azhararmar>
May  7 01:10:02 Ibrahim-Armars-MacBook-Pro postfix/cleanup[4430]: 357F73F090F: message-id=<20110506194002.357F73F090F@Ibrahim-Armars-MacBook-Pro.local>
May  7 01:10:02 Ibrahim-Armars-MacBook-Pro postfix/qmgr[4420]: 357F73F090F: from=<azhararmar@Ibrahim-Armars-MacBook-Pro.local>, size=525, nrcpt=1 (queue active)
May  7 01:10:03 Ibrahim-Armars-MacBook-Pro postfix/smtp[4448]: certificate verification failed for smtp.gmail.com[74.125.155.109]:587: untrusted issuer /C=US/O=Equifax/OU=Equifax Secure Certificate Authority
Ibrahim Azhar Armar
  • 263
  • 1
  • 2
  • 8

3 Answers3

14

If you only want it running on port 587 (and I'm not sure you do; I'd think you'd want it running on both 25 and 587), then find the line in /etc/postfix/master.cf that looks like this:

smtp      inet  n       -       n       -       -       smtpd

And change it to look like this:

587      inet  n       -       n       -       -       smtpd

If you want it running on both ports, then add the second line after the first one rather than replacing it.

Wes Hardaker
  • 2,516
  • 18
  • 9
  • i edited master.cf files using sudo. the value has been updated , i restarted the computer too but still it takes port 25 as default value. what could be possibly wrong? :( – Ibrahim Azhar Armar May 06 '11 at 18:23
  • okay the values are being set to default after sometime, i don't know why even when i add the values and save it using :wq in vim it just come back to default value again and again. – Ibrahim Azhar Armar May 06 '11 at 18:24
  • @Ibrahim: I think you forgot to mention something. Are you trying to make *all* email go through a single server, `smtp.something.com:587`? – u1686_grawity May 06 '11 at 18:34
  • 1
    @Wes: FYI, `master.cf` already contains an entry for this port; it's labelled `submission`. – u1686_grawity May 06 '11 at 18:34
  • yes i am trying to send all mails through 587 port. as that is what my isp allows – Ibrahim Azhar Armar May 06 '11 at 18:36
  • @Ibrahim: But are you trying to relay them through a single relay server (i.e. `smtp.your-isp.com`), or are you hoping to send directly to port 587 of the recipient's server? – u1686_grawity May 06 '11 at 18:44
  • i am really not sure about all this. all i wanted was my php mail function to work, as i am using MAMP and it uses postfix to send mails to recipients, my ISP have blocked port 25 and have asked me to use either port 587 or 465. i use smtp.gmail.com as my mail server. what would be the possible solution for this to work? – Ibrahim Azhar Armar May 06 '11 at 18:52
  • 1
    @Ibrahim: In that case, you will have to configure Postfix to use Gmail as a relay host. I will post instructions in a separate answer -- for now, revert all changes to `master.cf`. – u1686_grawity May 06 '11 at 18:56
  • thank you grawity that will be really of great help, i already wasted the whole day trying to solve the problem – Ibrahim Azhar Armar May 06 '11 at 18:58
13

According to your comments on other answers, you need to configure Postfix to use Gmail as a relay host. There are many tutorials on the Internet for this; here's a quick version.

Note: With this configuration, all mail must be sent using your Gmail address as "From".

  1. Undo all your changes to master.cf.

  2. In main.cf, add these settings:

    # This tells Postfix to hand off all messages to Gmail, and never do direct delivery.
relayhost = [smtp.gmail.com]:587

# This enables TLS (SMTPS) certificate verification, because Gmail has a valid one.
smtp_tls_security_level = verify
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtp_tls_session_cache_database = btree:/var/run/smtp_tls_session_cache

# This tells Postfix to provide the username/password when Gmail asks for one.
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous

  3. In /etc/postfix/sasl_passwd, add your Gmail username and password, like this:

    [smtp.gmail.com]:587    user@gmail.com:mypassword

  4. Compile the sasl_passwd file into a database:

    postmap /etc/postfix/sasl_passwd

  5. Finally reload Postfix's main configuration:

    postfix reload
u1686_grawity
  • 426,297
  • 64
  • 894
  • 966
  • i am trying it, will get back to you with result. thank you so much. – Ibrahim Azhar Armar May 06 '11 at 19:05
  • i followed the exact same as mentioned by you. placed all codes on main.cf file on top of the file and created a file sasl_passwd still it gives me the above error – Ibrahim Azhar Armar May 06 '11 at 19:16
  • It looks as if you have not properly set up SSL (encryption) on your system. In order to help you with that, people would need to know your operating system (e.g. Ubuntu, Fedora, Debian?) and what if any SSL packages you have installed. For what it's worth, I have PostFix set up on my own system to use my ISP's relay host and it works great. – CarlF May 06 '11 at 19:35
  • @Ibrahim: There might be two problems there. 1) The smtp_tls_CAfile setting is likely to be incorrect: I wrote it based on a Linux system, forgetting that you are on OS X. Try commenting it out (prefix the line with a `#`), then lower the security level from `verify` to `encrypt`. Reload Postfix. 2) If that doesn't fix the problem, then it might mean that Postfix was built without TLS support. It's unlikely, but possible... – u1686_grawity May 06 '11 at 19:40
  • s/forgetting/not knowing/. Got confused there. – u1686_grawity May 06 '11 at 19:53
  • @Grawity yes it does say [certificate verification failed for smtp.gmail.com[74.125.155.109]:587: untrusted issuer /C=US/O=Equifax/OU=Equifax Secure Certificate Authority] in the error. i tried checking the certificate path and it seems doesnt exist. now where do i get that certificate from? – Ibrahim Azhar Armar May 06 '11 at 19:57
  • wow, thank you so so much, i commented smtp_tls_CAfile and it started working. thank you once again :) – Ibrahim Azhar Armar May 06 '11 at 20:07
  • @Ibrahim: In OS X, programs are supposed to read CA certificates from the Keychain. I don't know how to make Postfix use it, though (you should post this as a separate question). But as an alternative, you can get `ca-certificates.crt` as part of the "curl" package from MacPorts. – u1686_grawity May 06 '11 at 20:40
  • About the note "With this configuration, all mail must be sent using your Gmail address as From". If you have setup your Gmail (Settings>Accounts and Import>) to "Send mail as"... you cold use these emails. – pa4080 Jul 17 '21 at 08:57
1

I want to thank user1686 for their GREAT little tutorial!  After hours of search I was finally able to solve my Postfix smtp sent problem.

In my case the problem was very trivial; I just had to add the :587 port information also in the /etc/postfix/sasl_passwd file. Without that, my email relay host refuses to establish any connection. The following command should be the easiest way to reach this in one step: 

echo "[smtp.xyz.com]:587 xyz@xyz.com:password" > /etc/postfix/sasl_passwd

Make it root only:

chown root:root /etc/postfix/sasl_passwd
chmod 600 /etc/postfix/sasl_passwd

Well, most other Postfix tutorials do not mention this very important port related fact! Some only state that the relayhost = [smtp.xyz.com]:587 port information has to be added sometimes in main.cf. Well, in my case that essential port information also had to be present in the sasl_passwd config file.

My other postfix parameter are:

smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
smtp_tls_security_level = may
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
smtp_tls_mandatory_ciphers = high
smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
Scott - Слава Україні
  • 21,399
  • 46
  • 64
  • 121
Clemens
  • 121
  • 3