Digitalocean with Sendgrid SMTP Relay

Hi,

I’m fairly new to the vps world, i’ve used shared hosting for over 6 years and because our Laravel app got bigger and we needed queu workers, we made the switch to digitalocean droplet with Laravel Forge.

Everything’s running smootly except our emails… i dont want to use google mail services or anyother because we have a few mails on our team and that’s why i made another droplet for Mail-in-a-box server.

i’ve found the following link and made the same changes:

if i run the following command:

echo “my testing messages lala” | mail -s “test emaillolo” -r “Johnjohn@doe.be” mary@doe.be

i’m getting the email, which is a good sign, means that ive setup it right.

however emails sent from webmail or mail client Spark on my android phone don’t get delivered…

Am I doing something wrong?

Thanks in advance.

AskinSavascisi

1 Like

Hiya,

Personally don’t use a relay but see this discussion:

There’s a link to a guide that is recommended in it:

If you are having problems would recommend jumping on the slack chat.

Cheers,
Mat

Hi,

For those who struggled to integrate sendgrid with mail in a box, you need to edit the contents of main.cf located in /etc/postfix/ like mentioned in the following post:

However i thought that i needed to change the contents of main.cf file to the given details on the tutorial, which is not the case,

you just need to do the following:

  1. change following line in main.cf:
    relayhost = → relayhost = [smtp.sendgrid.net]:587

and append/add the following text block under relayhost

smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
smtp_tls_security_level = encrypt
header_size_limit = 4096000

you still need to follow the other steps and it’ll work out.

Kind regards,

AskinSavascisi

Thanks AskinSavascisi,

I struggled a bit with gething this to work with mailgun.

But after adding your options to main.cf it worked.

Thank you!

1 Like

First I just wanted to thank you and the community for these instructions on setting up Sendgrid as an SMTP relay service. It works great to get around the insufferable IP reputation issue (due to the UCEPROTECTL3 blacklist) that comes with being a Digital Ocean customer.

These instructions worked perfectly. But like others will surely find out, if they haven’t already, using Sendgrid comes with its own set of issues. Their IP’s get blacklisted too and since you’ll, in most cases, be using a shared IP, your reputations will get slammed with the rest of the spammers - AGAIN! So, if you’re like me, you’ll want to try Mailgun. The issue with Mailgun is they force you to authenticate each domain name you use on your MIAB install. In that case, here are the steps I followed to get that up and running. If you’re only running one domain name on your MIAB, then you can probably follow the same steps for Sendgrid except for the one line that should look like this instead:

smtp_sasl_password_maps = static:postmaster@yourdomain.com:yourpassword

The username and password is created in Mailgun.

But when you have multiple domains on one install, you’ll need to follow the steps outlined here:

https://beesbuzz.biz/blog/9902-Setting-up-Postfix-Mailgun-for-multiple-outgoing-domains
Same page archived here: https://archive.is/UNohx

So far, so good…

Until Mailgun gets blacklisted.

Good luck!

1 Like

Hi,

Thank you for your valuable feedback.

İ’ve switched over from DO to hetzner, because of the price and ip listing. İm using entirely my own email server now without relay hosts. And ip’s are not blacklisted. İm allready using it for a few months.

King regards,

Askin

Hetzner has most, if not all, of its IP’s automatically blocked by ProofPoint. Check your IPs here: https://www.proofpoint.com/us/ipcheck

My 10 cents worth for what it is worth.

  1. Spin up a Lightsail instance in AWS using Ubuntu 22.04 with the requisite RAM and CPU
  2. Grab a static IP address and don’t ever release it.
  3. Assign it to the Lightsail host
  4. Fully patch the host and open all the right ports. I also disable IPv6 on the Lightsail host
  5. Install MIAB using all the default settings
  6. Request reverse DNS and open Port 25 on AWS PROMISING that you host is not a relay server, can ONLY send email for your domain name. If they refuse, reply to them telling them again that you are setting up email for your own domain and x number of users and IT WILL NOT BE A SPAM RELAY Server - ergo… INSIST
  7. Once RDNS is in place, try to send some emails to hotmail.com, outlook.com, and others and see which fail. Note you test emails should have a proper subject line and copy the Lorem Ipsum test into the body. dont use all Capitals etc. Make the test emails as realistic as possible
  8. Once MS start failing with a message that your IP block is blocked by them, contact Microsoft Robots and request “remediation” of the IP. The will always come back and say NO. but like AWS, send another message explaining the IP is a properly set up mail server that it NOT a relay, is fully DMARC compliant with SPF and DKIM enables and working etc etc etc. They may refuse twice, but insist they remediate

Then Presto, you have a fully functioning mail server with a good reputation.

It may take you 3-4 days to establish things to this point, but the message is, don’t give up when AWS or MS say no.

I now have 3 servers all running having gone thru this process and all work flawlessly.

The cost of the Static IP is negligible

1 Like

hi,

ive created servers till i got an ip which is not blocked on ALL platforms, im using it for 2 years and just checked on proofpoint and it isnt blocked there also :slight_smile:

just my 2 cents, create “servers” till you get a good ip and then begin your miab or other mailserver installations.

kind regards.