> ## Documentation Index
> Fetch the complete documentation index at: https://jetemail.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Postfix

> End-to-end setup: signup, domain verification, and Postfix as a JetEmail relay.

This guide takes a brand-new JetEmail account and a Linux server running Postfix through every step required to send authenticated mail through the JetEmail relay. By the end you'll have Postfix forwarding all outbound mail through `relay.jetsmtp.net`.

For deeper Postfix tuning (per-sender credentials, header rewrites, advanced TLS), see the full [Postfix reference](/outbound/mail-servers/postfix).

<Steps>
  <Step title="Sign up for JetEmail">
    Create an account at [jetemail.com](https://jetemail.com), then open the dashboard at [dash.jetemail.com](https://dash.jetemail.com).
  </Step>

  <Step title="Add and verify your sending domain">
    1. In the dashboard, go to **Outbound** → **Domains**
    2. Add the domain you send from (e.g. `example.com`)
    3. Publish every DNS record the dashboard shows (SPF, return-path, DKIM, DMARC) at your DNS provider
    4. Wait until the domain shows as **verified**

    For a full breakdown of the records, see [Email authentication](/outbound/email-authentication).
  </Step>

  <Step title="Create an SMTP user">
    1. Go to **Outbound** → **SMTP** in the dashboard
    2. Click **Create SMTP**
    3. Set a **Username** and strong **Password**
    4. Leave **Quota** at `0` for unlimited, or set a per-user limit

    Keep the username and password ready for the next step.
  </Step>

  <Step title="Install SASL support">
    Postfix needs the SASL PLAIN modules to authenticate against the relay.

    ```bash theme={null}
    # Debian / Ubuntu
    apt-get install -y libsasl2-modules

    # AlmaLinux / Rocky / RHEL
    dnf install -y cyrus-sasl-plain
    ```

    <Note>
      This guide stores credentials in a `texthash` map, which reads `/etc/postfix/sasl_passwd` directly. It is built into every Postfix with no extra package and no `postmap` step, so it works the same on Debian / Ubuntu and on AlmaLinux / Rocky / RHEL. (The indexed types are distro-specific: `hash` on Debian / Ubuntu, `lmdb` on RHEL 9+. `texthash` sidesteps that split.)
    </Note>
  </Step>

  <Step title="Store the SMTP credentials">
    Create `/etc/postfix/sasl_passwd` with your SMTP user from step 3:

    ```plaintext theme={null}
    relay.jetsmtp.net:587    YOUR_SMTP_USERNAME:YOUR_SMTP_PASSWORD
    ```

    Lock down the file permissions. With `texthash` there is no database to build, so there is no `postmap` step:

    ```bash theme={null}
    chmod 600 /etc/postfix/sasl_passwd
    ```

    <Note>
      `texthash` reads `/etc/postfix/sasl_passwd` directly, so edits take effect on the next `postfix reload`. If you would rather use an indexed map, run `postmap` against the file and change the type in the next step to `hash` (Debian / Ubuntu) or `lmdb` (RHEL 9+).
    </Note>
  </Step>

  <Step title="Point Postfix at JetEmail">
    Add (or update) the following in `/etc/postfix/main.cf`:

    ```plaintext theme={null}
    relayhost = relay.jetsmtp.net:587
    smtp_sasl_auth_enable = yes
    smtp_sasl_password_maps = texthash:/etc/postfix/sasl_passwd
    smtp_sasl_security_options = noanonymous
    smtp_use_tls = yes
    smtp_tls_security_level = encrypt
    smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
    ```

    <Note>
      On AlmaLinux / Rocky / RHEL, the CA bundle lives at `/etc/pki/tls/certs/ca-bundle.crt` instead. Adjust `smtp_tls_CAfile` accordingly.
    </Note>
  </Step>

  <Step title="Reload Postfix and send a test">
    Validate the configuration, reload Postfix, and send a test:

    ```bash theme={null}
    postfix check
    systemctl reload postfix

    # Postfix provides its own sendmail, so no extra mail client is needed.
    printf 'From: sender@example.com\nSubject: JetEmail relay test\n\nSent from %s\n' "$(hostname)" \
      | sendmail -f sender@example.com you@example.com
    ```

    Use a `From` / `-f` address on the domain you verified in step 2, and send to a mailbox you can check (`you@example.com` above).

    <Note>
      The `mail` command is not installed by default on most servers. `sendmail` ships with Postfix, so it is always available. If you prefer `mail`, install it first: `mailutils` on Debian / Ubuntu, `s-nail` or `mailx` on AlmaLinux / Rocky / RHEL.
    </Note>

    Confirm the message arrives, then open the JetEmail dashboard's **Logs** view to confirm it was accepted and authenticated. If something looks wrong, check `/var/log/mail.log` (or `/var/log/maillog`) and the [SMTP block error reference](/outbound/smtp-blocks).
  </Step>
</Steps>

## Common pitfalls

* **Port 25 outbound is often blocked** by cloud providers and home ISPs. Stick to `587` unless you know `25` is open.
* **Wrong CA bundle path.** If TLS verification fails, double-check `smtp_tls_CAfile` for your distro.
* **`unsupported dictionary type`.** Indexed map types are distro-specific: `hash` exists on Debian / Ubuntu but not RHEL 9+, and `lmdb` is the reverse. This guide uses `texthash`, which is built into every Postfix, to avoid that. If you switch to `hash` or `lmdb`, run `postconf -m` first to confirm your build supports it.

## Next steps

<Columns cols={2}>
  <Card title="Postfix reference" icon="book-open" href="/outbound/mail-servers/postfix">
    Per-sender credentials, header rewrites, advanced TLS, and troubleshooting.
  </Card>

  <Card title="Domain Lockdown" icon="lock" href="/outbound/domain-lockdown">
    Stop other JetEmail accounts from sending as your domains.
  </Card>
</Columns>