Back to Top

Help & Support

Get instant answers 24/7

Top > Outbound Filtering > Routing outbound email from dedicated mail server through SpamHero

Set Up Postfix to Relay Outbound Messages Through SpamHero

Before using the outbound system, you must enable outbound for either "quarantine users and account contacts" or "smart host relay," in the Outbound > Outbound Settings tab:

https://www.spamhero.com/cp2/outbound/settings

If you have a Postfix email server, you can configure your email server to Relay your outbound messages through our outbound service.  Please refer to our general article about the outbound service first:

Setting up your Email Client for Outbound Filtering

Once you're ready, you can set this up using these steps:

  • Create a password file named /etc/postfix/sasl_passwd and enter the following information, but replace user with your SpamHero login user email, or your quarantine user email, and replace password with your login passsword:


  • Hash this file for Postfix:


  • Edit your Postfix main.cf file. This may be located at /etc/postfix/main.cf, and add the following lines:


  • Reload Postfix:


If you see warnings such as "warning: SASL authentication failure: No worthy mechs found," or "SASL authentication failed; cannot authenticate to server ... no mechanism available," then you may need to install additional packages.

For CentOS, you may need to install cyprus-sasl and cyprus-sasl-plain (you may also need cyrus-sasl-lib, but our test on CentOS 7 didn't seem to require that package).  On other systems, you may need libsasl2-modules.

If you see errors in your Postfix logs such as the following:


This may indicate that need to update your CA bundle.

Don't forget to add our SPF "include" record to your domain's DNS, to help with delivery:

Should I include SpamHero's IPs in my domain's SPF record?

If you are a reseller, ask about our private label version of the SPF include.

If your mail server signs outbound messages with DKIM (Domain Keys Identified Mail), be sure to exclude the Received header lines from the signature. Our servers strip out the Received header lines before relaying because some mail hosts reject messages when the originating IP is on a blacklist.
Last updated January 8, 2021