Postfix Smarthost with SendGrid

As a developer, it's nearly impossible for your apps to send email anymore, particularly when you're developing on your own metal in your homelab.

Comcast, and many other residential ISP's, block tcp/25 completely.  This means that the apps that you're developing locally simply can't send email, which can be a real bother.

Solution: Debian host running Postfix MTA, configured as a smarthost, using SendGrid as its upstream email service provider.

Seven easy steps :)

1. Get a free SendGrid account. Setup 2FA and verify a single sender address (eg [email protected]).

2. Spin up a new (Debian based) VM or container to act as your smarthost. Install postfix and required sasl auth modules with sudo apt install postfix libsasl2-modules bsd-mailx.

3. Edit /etc/postfix/main.cf and add the following configuration:

     smtp_sasl_auth_enable = yes
     smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
     smtp_sasl_security_options = noanonymous
     smtp_sasl_tls_security_options = noanonymous
     smtp_tls_security_level = encrypt
     header_size_limit = 4096000
     relayhost = [smtp.sendgrid.net]:587
     mynetworks = 127.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 10.0.0.0/8
     inet_interfaces = all    # do not do this on a machine with a public IP!
   

4. Create /etc/postfix/sasl_passwd containing your SendGrid API key as follows:

      sudo tee <<EOF >/dev/null /etc/postfix/sasl_passwd
      [smtp.sendgrid.net]:587 apikey:yourSendGridApiKey
      EOF
      
   

5. Set permissions on the sasl_passwd file: sudo chmod 600 /etc/postfix/sasl_passwd

6. Tell postfix to parse the new credentials: sudo postmap /etc/postfix/sasl_passwd

7. Restart postfix: sudo systemctl restart postfix

8. Test that delivery works locally from the smarthost: echo "test from the smarthost" | mail [email protected]

Voila, you should have an email in your inbox that's been relayed around the Comcast prohibition of tcp/25 via SendGrid.