Changeing a Postfix setup to use iRedmail as a relay host

this guide asumes you have: - postfix installed on your (virtual) system - you have an iRedmail (or other secured mail enviroment) - you use a SPECIFIC account to mail WITH. First install the sasl libraries:
  sudo apt-get install libsasl2-modules
Next configure SMTP Usernames and Passwords Usernames and passwords are generally stored in a file called sasl_passwd in the /etc/postfix/ directory. In this section, you’ll add your external mail provider credentials to this file and to Postfix. Open or create the /etc/postfix/sasl_passwd file, using your favorite text editor:
 sudo nano /etc/postfix/sasl_passwd
Add your destination (SMTP Host), username, and password in the following format: File:/etc/postfix/sasl_passwd
 [mail.isp.example] username:password
 [mail.isp.example]:port username:password
The first line is for the default ports, the second one is for using a specific (alternative) port. !Remember!: iRedmail uses both 465 & 587 for secure mail delivery. ADD BOTH! Create the hash db file for Postfix by running the postmap command:
 sudo postmap /etc/postfix/sasl_passwd
If all went well, you should have a new file named sasl_passwd.db in the /etc/postfix/ directory. Next secure the password and hash satabase files (I mean it does hold a password) The /etc/postfix/sasl_passwd and the /etc/postfix/sasl_passwd.db files created in the previous steps contain your SMTP credentials in plain text. For security reasons, you should change their permissions so that only the root user can read or write to the file. Run the following commands to change the ownership to root and update the permissions for the two files:
 sudo chown root:root /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db
 sudo chmod 0600 /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db
Now we need to change the /etc/postfix/ file. Make sure it has the folowing config (change where appropriate)
# specify SMTP relay host use the PORT if you also specifed it in the SASL config!
relayhost = [mail.isp.example]:port
# enable SASL authentication 
smtp_sasl_auth_enable = yes
# disallow methods that allow anonymous authentication. 
smtp_sasl_security_options = noanonymous
# where to find sasl_passwd
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
# Enable STARTTLS encryption 
smtp_use_tls = yes
# where to find CA certificates
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
Sometimes you need to add your server key to the CA-store. get your mail server's PEM file:
 openssl s_client -connect server:port
than enter quit to exit back to the terminal. inside the output is the PEM file (namely between the "Server certificate -----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----"-----BEGIN CERTIFICATE----- you need that part (Including the "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----") in a file .PEM Copy that file to /etc/ssl/certs/.PEM than run:
this should add the key to your stores.


Bloemfonteinstraat 62, 
    room 1,2,9
5642 EH Eindhoven
phone: +316-81888456