Configuring a Smarthost or Relayhost
注解: The terms smarthost and relayhost are usually used interchangeably. We will stick to the term smarthost from here on.
概要: You can configure a smarthost starting from Plesk Obsidian 18.0.64. In this topic, you will learn the following:
- When it is beneficial to use a smarthost.
- How to configure a smarthost in Plesk.
- How configuring a smarthost will affect an existing manual configuration.
- How Plesk changes mail services’ configuration files when setting up a smarthost.
You can send emails directly from Plesk via its local SMTP server. However, hosting providers can forbid sending emails from local SMTP servers. And even if they allow it, the deliverability of such emails may not be good and they can land in spam. The solution for this issue is to configure a smarthost.
A smarthost is a mail server configured to accept mail from any sender and then forward it to the appropriate destination. A smarthost acts as an intermediary to increase the chances of emails reaching their destination without landing in spam.
When you send an email through a smarthost, it looks as if the email originated from the smarthost IP address. And if the smarthost has a good reputation, the email is more likely to reach the recipient’s inbox. For this reason, it is recommended to use a reputable SMTP relay service as a smarthost (for example, SendGrid, Mailgun, Mailjet, and so on).
Previously, Plesk did not offer the ability to configure a smarthost. Users had to configure a smarthost manually at their own discretion.
Starting from Plesk Obsidian 18.0.64, you can configure a smarthost in the Plesk graphical interface and via the CLI.
Configuring a Smarthost
Configuring a smarthost is a server-wide feature. It works in Plesk for Linux with Postfix and Plesk for Windows with either MailEnable or SmarterMail.
警告: If you have already configured a smarthost manually, enabling the smarthost feature in Plesk will overwrite your existing configuration. Before enabling the feature, we recommend that you refer to the following section first.
注解: With some SMTP relay services (for example, SendGrid), mail forwarding will no longer work if a smarthost is configured.
To configure a smarthost:
-
Choose a reputable SMTP relay service (for example, SendGrid, Mailgun, Mailjet, or any other) and create an account there.
-
Go to Tools & Settings > Smarthost (under “Mail”).
-
Select the “Send users’ mail via a smarthost” checkbox.
-
In the corresponding field, specify the IP address or hostname of a smarthost (for example,
192.0.2.1
orsmtp.sendgrid.net
).注解: In Plesk for Linux, you can disable MX or SRV lookups by putting the hostname or IP address in square brackets, for example,
[example.com]
. For details, see the Postfix documentation (the section aboutrelayhost
). -
If your SMTP relay service requires SMTP authentication (and most services do), select the “Authentication required” checkbox.
-
If you have selected “Authentication required” during the previous step, specify the credentials to authenticate to your SMTP relay service.
If the service supports basic authentication, specify the username and password in the corresponding fields. If the service supports authentication via API keys, in the “Username” field, specify the default username used for API keys in the service (for example, in SendGrid, the username is
apikey
) and, in the “Password” field, specify the API key value. -
In the “Encrypted connection” section, select whether to encrypt the credentials transmitted to the SMTP relay service. The exact options differ between Linux and Windows:
- (Plesk for Linux) Choose if the encrypted connection is required or not.
- (Plesk for Windows) Choose if the encrypted connection is required or not. And if it is, choose the encryption type: TLS or SSL.
注解: If you choose the connection type not supported by the SMTP relay service (for example, no encryption instead of TLS), the connection to the smarthost will not be established.
-
(Optional) You may want to check if the connection to the smarthost can be established. To do so, click Check Connection.
If you have selected “Encrypted connection” in the previous step, the connection will be tested not only for encryption but also for a valid SSL/TLS certificate. And if the connection is encrypted but the SSL/TLS certificate is not trusted (for example, expired or self-signed), the connection will not be established.
注解: You can change the default behaviour described above and allow to establish the connection even if it is not secured by a valid SSL/TLS certificate.
-
点击 确定 。
-
Update the SPF and other related DNS records in the DNS template and in the DNS zones of existing domains. SMTP relay services provide the information what DNS changes to make.
You have configured the smarthost on the Plesk side. However, most commercial SMTP relay services require domain authentication on their side (can also be called domain verification). The following SMTP relay services require it: SendGrid, Mailjet, Mailgun.
-
Go to your SMTP relay service account and authenticate all domains hosted in Plesk. For exact steps on how to do so, refer to the documentation of your service.
-
Send a test email to an external email service (for example, Gmail) and make sure that the email has reached the inbox.
You have configured the smarthost both in Plesk and your SMTP relay service. Your smarthost is now up and running.
Configuring a Smarthost After a Previous Manual Configuration
If you have already configured a smarthost manually, enabling the smarthost feature in Plesk will overwrite your existing configuration. Although Plesk applies the most common configuration suited for most smarthost services, you may need to tinker with the configuration to tailor it to your smarthost.
If you have already configured a smarthost manually, we recommend you the following algorythm:
- Compare both smarthost configurations: your manual one and the one from Plesk.
- Remove the parameters that will be controlled by Plesk from your manual configuration.
- Keep additional parameters not covered by Plesk as it is.
- Enable the smarthost feature in Plesk.
To help you compare both configurations, below we describe how the smarthost feature works under the hood: which configuration files it affects and in what way.
(Plesk for Linux) Smarthost Configuration with Postfix
注解: If you have already configured custom smarthosts for domains, they will take priority over the Plesk server-wide smarthost.
When you enable the smarthost feature, Plesk performs the following actions under the hood:
-
Adds lines of the following pattern to the
/etc/postfix/main.cf
configuration file:# Sets an external SMTP relayhost with a port number relayhost - [Your-SMTP-server-IP-or-hostname]:587 # Turns on TLS encryption smtp_tls_security_level = encrypt # Turns on authentication smtp_sasl_auth_enable = yes # Sets the username and password required for authentication smtp_sasl_password_maps = /var/spool/postfix/plesk/relay_secrets # Prohibits anonymous authentication methods. smtp_sasl_security_options = noanonymous smtp_sasl_tls_security_options = noanonymous
-
Checks that
/etc/postfix/main.cf
contains no duplicate directives, which can break the configuration:cat /etc/postfix/main.cf | grep -E "relayhost|smtp_sasl_auth_enable|smtp_sasl_password_maps|smtp_sasl_security_options|smtp_sasl_tls_security_options|smtp_tls_security_level"
-
Configures the API authentication to the SMTP relay service of your choice via the
/etc/postfix/sasl_passwd
file. For example, with the SendGrid service, the following line will be added:[smtp.sendgrid.net]:2525 apikey:<your-SendGrid-API-key-value>
-
Uses the
postmap
utility to generate the.db
configuration file:postmap /etc/postfix/sasl_passwd
-
Reloads the Postfix service to apply the changes:
systemctl reload postfix
(Plesk for Windows) Smarthost Configuration with MailEnable
When you enable the smarthost feature, Plesk applies the MailEnable configuration shown on the screenshot below. We use the SendGrid SMTP relay service as an example.
注解: If you have already configured custom smarthosts for domains, they will take priority over the Plesk server-wide smarthost.
(Plesk for Windows) Smarthost Configuration with SmarterMail
When you enable the smarthost feature, Plesk applies the SmarterMail configuration shown on the screenshots below. We use the SendGrid SMTP relay service as an example.
The first screenshot shows the server-wide configuration, while the second one—the configuration for domains.
注解: If you have already configured custom smarthosts for domains, the Plesk server-wide smarthost will take priority over them.
Disabling the Smarthost Feature
You may want to disable the smarthost feature by hiding it in the Plesk graphical interface.
To disable the smarthost feature:
-
打开位于此处的用于编辑的 panel.ini文件:
- (Plesk for Linux)
/usr/local/psa/admin/conf/panel.ini
- (Plesk for Windows)
%plesk_dir%admin\conf\panel.ini
您还可以使用`Panel.ini Editor <https://www.plesk.com/extensions/panel-ini-editor/>`__ 扩展在Plesk界面中编辑该文件。
- (Plesk for Linux)
-
添加以下各行到``panel.ini``文件并将其保存:
[mail] smarthost.server.enabled = false
The smarthost feature is no longer shown in Tools & Settings.
注解: You can also disable the smarthost feature by enabling Restricted Mode.
Disable the SSL/TLS Certificate Check Bound With the Check Connection Button
By default, if the connection to a smarthost requires encryption, clicking the Check Connection button will also check if the connection is secured with a valid SSL/TLS certificate. And if it is not, the connection to the smarthost will not be established.
If you want to establish the connection even if an SSL/TLS certificate is not trusted (for example, expired or self-signed), you can disable the check of the certificate.
To disable the check of an SSL/TLS certificate bound with the Check Connection button:
-
打开位于此处的用于编辑的 panel.ini文件:
- (Plesk for Linux)
/usr/local/psa/admin/conf/panel.ini
- (Plesk for Windows)
%plesk_dir%admin\conf\panel.ini
您还可以使用`Panel.ini Editor <https://www.plesk.com/extensions/panel-ini-editor/>`__ 扩展在Plesk界面中编辑该文件。
- (Plesk for Linux)
-
添加以下各行到``panel.ini``文件并将其保存:
[mail] smarthost.server.checkConnection.checkCertificate = false
You can now establish the connection with a smarthost which is not secured with a valid SSL/TLS certificate.