If you’re looking to use Postfix in a configuration where it will relay to PostageApp as the upstream you’ll need to make a few small adjustments to the default Postfix configuration.

The first step is to define the relayhost in /etc/postfix/main.cf:


Then enable TLS in /etc/postfix/main.cf:

smtp_tls_security_level = secure
smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
smtp_tls_wrappermode = yes

This breaks down as:

  • smtp_tls_security_level directive forces TLS on all outbound connections.
  • smtp_tls_policy_maps is used to provide more specific options for connections.
  • smtp_tls_wrappermode makes sure TLS is enabled at the start of the connection. The default behaviour is to wait until the connnection is established, then upgrade it.

The /etc/postfix/tls_policy file needs to contain:

[smtp.postageapp.com]:587 encrypt protocols=TLSv1 ciphers=high

This is used to specify the specific options for the TLS connection to smtp.postageapp.com. After creating this file be sure to compile it into a proper Postfix hash with:

postmap tls_policy

Next is to enable password authentication by adding more directives to /etc/postfix/main.cf:

smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwords
smtp_sasl_security_options = 

This breaks down as:

The /etc/postfix/sasl_passwords file needs to contain the username/password combination for the associated PostageApp account. It’s in the form of:

smtp.postageapp.com account:API_KEY

Where account is short account name and API_KEY is the associated API key. This information is listed on your Mail Servers page for any SMTP-enabled mail server.

After this file’s saved you’ll need to convert it to a Postfix database with:

postmap sasl_passwords

Then test that Postfix is properly configured:

postfix check

If there’s no errors then a reload should work:

postfix reload

That should pick up the configuration changes.