Using Postfix with specialized, transactional email services like SendGrid or Mandrill is excellent for not only for optimizing email deliverability, but they usually also offer some nice features.
You may of course setup your web application, like WordPress, to use the external service, but this requires you to configure each application independently.
[bjornad]
Some applications are not so easy to set up with an external service, though. A lot of OS tools that are setup to send you email notifications, warnings and statuses will simply use the servers’ locally installed MTA (i.e. Postfix for us).
Also Postfix automatically queues and retries emails which might fail due to temporary connection issues. Having your application dispatch email to a local MTA, makes it much more responsive, and you don’t have to think about handling temporary failures.
Configure Postfix
Configuring authenticated SMTP relay in Postfix is actually quite easy. You just need to add a few directives in the /etc/postfix/main.cf configuration file.
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = static:YourSMTPUsername:YourSMTPPassword
smtp_sasl_security_options = noanonymous
relayhost = [smtp.example.com]:587
Replace YourSMTPUsername and YourSMTPPassword with your SMTP credentials, and smtp.example.com with your provider’s SMTP server.
While you’re at it, check these settings too:
smtp_use_tls = yes
mydestination = localhost
Restart Postfix, and you’re ready to go:
$ sudo service postfix restart
Update your SPF record
Remember to update your SPF record to include your provider’s servers.
For Mandrill, that would be adding include:spf.mandrillapp.com and for SendGrid it is include:sendgrid.net
Not sure what a SPF record is?
Sender Policy Framework (SPF) is an email authentication standard that compares the email sender’s IP address against a list of authorized addresses. The addresses is published in a TXT DNS record. To see what my SFP record looks like, type this in a terminal window:
$ dig txt www.bjornjohansen.com
You should see something like this (subject to change):
"v=spf1 a mx include:_spf.google.com include:servers.mcsv.net include:spf.mandrillapp.com -all"
This means that I’ve authorized any IP with a A or MX record for my domain, and includes the SPF records for Google, MailChimp and Mandrill.
Testing
Try sending yourself a test message:
$ mail -s Testing [email protected]
(type a message, end it with a single dot on a line or CTRL+D)
Last note
This has absolutely nothing to do with your regular email accounts for your domain. They will be handled separately on the servers defined in your MX records. This is just for outgoing emails sent by this particular server.