Postfix Smarthost with SendGrid

As a developer, it's nearly impossible for your apps to send email anymore, particularly when you're developing on your own metal in your homelab.

Comcast, and many other residential ISP's, block tcp/25 completely.  This means that the apps that you're developing locally simply can't send email, which can be a real bother.

Solution: Debian host running Postfix MTA, configured as a smarthost, using SendGrid as its upstream email service provider.

Seven easy steps :)

  1. Get a free SendGrid account. Setup 2FA and verify a single sender address (eg smarthost@mydomain.com).

  2. Spin up a new (Debian based) VM or container to act as your smarthost. Install postfix and required sasl auth modules with sudo apt install postfix libsasl2-modules bsd-mailx.

  3. Edit /etc/postfix/main.cf and add the following configuration:

      smtp_sasl_auth_enable = yes
      smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
      smtp_sasl_security_options = noanonymous
      smtp_sasl_tls_security_options = noanonymous
      smtp_tls_security_level = encrypt
      header_size_limit = 4096000
      relayhost = [smtp.sendgrid.net]:587
      mynetworks = 127.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 10.0.0.0/8
      inet_interfaces = all    # do not do this on a machine with a public IP!
    
  4. Create /etc/postfix/sasl_passwd containing your SendGrid API key as follows:

       sudo tee <<EOF >/dev/null /etc/postfix/sasl_passwd
       [smtp.sendgrid.net]:587 apikey:yourSendGridApiKey
       EOF
       
    
  5. Set permissions on the sasl_passwd file: sudo chmod 600 /etc/postfix/sasl_passwd

  6. Tell postfix to parse the new credentials: sudo postmap /etc/postfix/sasl_passwd

  7. Restart postfix: sudo systemctl restart postfix

  8. Test that delivery works locally from the smarthost: echo "test from the smarthost" | mail $YOU@YOUREMAIL.ORG

Voila, you should have an email in your inbox that's been relayed around the Comcast prohibition of tcp/25 via SendGrid.