OCI SMTP Email Delivery with Postfix on Linux: Secure Configuration, Testing, and Troubleshooting (Advanced Guide)

Introduction

Email delivery is a critical component in cloud environments for alerts, notifications, and application workflows. In Oracle Cloud Infrastructure, the Email Delivery service provides a reliable SMTP-based solution.

This guide demonstrates how to configure a Linux server to send emails using OCI SMTP with a secure and production-ready setup

Architecture

Linux Server
↓
Postfix (SMTP client)
↓
OCI Email Delivery (SMTP)
↓
Recipient Email

Prerequisites

*OCI Setup
*
Go to:

👉 OCI Console → Email Delivery

*✔ Create Approved Sender
*

Generate SMTP Credentials

Copy:

SMTP Username
SMTP Password

Network Requirements

From Server:

Allow outbound port 587 or 25 (recommended)

Test connectivity:

telnet smtp.email.ap-mumbai-1.oci.oraclecloud.com 587

Install Required Packages

yum install postfix s-nail cyrus-sasl-plain -y

Verify mail command

which mail

Expected: /usr/bin/mail

Configure Postfix

Edit config file
vi /etc/postfix/main.cf

Add configuration

OCI SMTP relay (use port 587 )

relayhost = [smtp.email.ap-mumbai-1.oci.oraclecloud.com]:587

SMTP Authentication

smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous

TLS Configuration

smtp_use_tls = yes
smtp_tls_security_level = encrypt

Optional (avoid size issues)

mailbox_size_limit = 0
message_size_limit = 52428800

Configure SMTP Credentials

vi /etc/postfix/sasl_passwd

Add EXACT line
[smtp.email.ap-mumbai-1.oci.oraclecloud.com]:587 SMTP_USERNAME:SMTP_PASSWORD

🔴 Important rules

✔ Single line only
✔ Include [ ]
✔ Include :587
✔ No extra spaces

Secure and Apply Credentials

chmod 600 /etc/postfix/sasl_passwd
postmap /etc/postfix/sasl_passwd

Verify mapping

postmap -q "[smtp.email.ap-mumbai-1.oci.oraclecloud.com]:587" hash:/etc/postfix/sasl_passwd

Expected : SMTP_USERNAME:SMTP_PASSWORD

Configure Approved Sender Mapping

Force all emails to use approved sender :

postconf -e "sender_canonical_maps = alerts@gmail.com"

Why this is required

OCI accepts only approved sender.

So:

root@hostname → alerts@gmail.com

Start and Enable Postfix

• systemctl enable postfix
• systemctl restart postfix

Test Email

echo "OCI SMTP TEST FROM AWS" | mail -s "TEST MAIL" your_email@example.com

Verify Logs

tail -f /var/log/maillog

expected output : status = 200(ok)

Automation Example

Simple test
echo "Alert test" | mail -s "Test Alert" your_email@example.com

Troubleshooting

Issue 1: Connection Timeout

Cause:

Port 25 blocked (OCI default)

Fix:

Use port 587 or 465
Issue 2: Authentication Failed

Cause:

Wrong SMTP credentials

Fix:

Verify username/password

Debug Logs (ADVANCED)

Check logs:

sudo tail -f /var/log/maillog

Example:

status=sent
status=bounced
authentication failed

Security Best Practices

✔ Use TLS encryption

✔ Restrict access to credential file

✔ Rotate SMTP credentials

✔ Avoid hardcoding credentials

Real Use Case
Use OCI SMTP to send:
✔ Monitoring alerts

✔ Application notifications

✔ we can setup password expiry notification for users in linux

Conclusion

OCI Email Delivery offers a secure and scalable way to send emails using authenticated SMTP with TLS. Combined with Postfix, a reliable and lightweight MTA, it becomes a simple yet powerful production-ready solution.

This setup also highlights cross-cloud flexibility—applications running on AWS can seamlessly use OCI for email delivery, enabling a cost-effective and hybrid architecture.

Overall, Postfix with OCI SMTP is a practical, secure, and efficient approach for real-world email delivery needs.