Email Proxy Service

E-MailRelay

What is it?
E-MailRelay is an e-mail store-and-forward message transfer agent and proxy server. It runs on Unix-like operating systems (including Linux and Mac OS X), and on Windows.
E-MailRelay does three things: it stores any incoming e-mail messages that it receives, it forwards e-mail messages on to another remote e-mail server, and it serves up stored e-mail messages to local e-mail reader programs. More technically, it acts as a SMTP storage daemon, a SMTP forwarding agent, and a POP3 server.
Whenever an e-mail message is received it can be passed through a user-defined program, such as a spam filter, which can drop, re-address or edit messages as they pass through.
E-MailRelay uses the same non-blocking i/o model as Squid and nginx giving excellent scalability and resource usage.
C++ source code is available and distribution is permitted under the GNU General Public License V3.
What it’s not
E-MailRelay does not do routing of individual messages; it is not a routing MTA. It forwards all e-mail messages to a pre-configured SMTP server, regardless of any message addressing or DNS redirects.
Why use it?
E-MailRelay is a simple tool that does SMTP. For simple tasks it is likely to be easier to understand and configure than a more general purpose MTA.
Typical applications of E-MailRelay include:
spam filtering and virus checking incoming mail
adding digital signatures or legal disclaimers to outgoing mail
store-and-forward for outgoing mail across an intermittent internet connection
adding authentication and encryption where the existing infrastructure does not support it
taking messages in with SMTP and serving them to local POP clients
giving multiple POP clients independent copies of incoming e-mail
SMTP proxying by running as a proxy server on a firewall machine
The code has few dependencies on third-party libraries or run-time environments so it is easy to build and install.
E-MailRelay is designed to be policy-free, so that you can implement your own policies for message retries, bounces, local mailbox delivery, spam filtering etc. through external scripts.
Running E-MailRelay
To use E-MailRelay in store-and-forward mode use the –as-server option to start the storage daemon in the background, and then do delivery of spooled messages by running with the –as-client option.
For example, to start a storage daemon listening on port 587 use a command like this: emailrelay –as-server –port 587 –spool-dir /tmp
And then to forward the spooled mail to run something like this: emailrelay –as-client –spool-dir /tmp
To get behaviour more like a proxy you can add the –poll and –forward-to options so that messages are forwarded continuously rather than on-demand.
This example starts a store-and-forward server that forwards spooled-up e-mail every minute: emailrelay –as-server –poll 60 –forward-to
Or for a proxy server that forwards each message soon after it has been received, you can use –as-proxy or add –forward-on-disconnect: emailrelay –as-server –forward-on-disconnect –forward-to
To edit or filter e-mail as it passes through the proxy specify your filter program with the –filter option, something like this: emailrelay –as-proxy –filter
To run E-MailRelay as a POP server without SMTP use –pop and –no-smtp: emailrelay –pop –no-smtp –log –close-stderr
The emailrelay-submit utility can be used to put messages straight into the spool directory so that the POP clients can fetch them.
By default E-MailRelay will always reject connections from remote networks. To allow connections from anywhere use the –remote-clients option, but please check your firewall settings to make sure this cannot be exploited by spammers.
For more information on the command-line options refer to the reference guide or run: emailrelay –help –verbose
Configuration
The emailrelay program itself is mostly configured through command-line options (such as –port and –forward-to).
In most installations on Unix-like system the E-MailRelay server will be started up by the boot-time script called emailrelay in the /etc/init. d directory, and this script uses the configuration file /etc/ to define the server command-line. Each entry in the configuration file corresponds to an E-MailRelay command-line option, so you can edit this file to add and remove server options. Refer to the reference guide for a complete list of configuration options.
On Windows the installation program creates a startup batch file called that contains all the server command-line options and you can edit this file to change the server configuration. You can also set up your own shortcuts to the E-MailRelay executable and add and remove command-line options using the shortcut properties tab.
If you are using authentication then you will have to create the text files containing your authentication secrets (account names, passwords and password hashes). The –server-auth, –client-auth and –pop-auth command-line options are used to point to these files.
There is also a graphical configuration program called emailrelay-gui that may be available to help with configuring the system. This is mostly intended to be used once at installation time since it is the basis of the Windows installer, but it can also be used to do some simple reconfiguration of an already-installed system. It takes you through a sequence of configuration pages and then on the last page creates or updates the configuration files, ie. the authentication secrets file and the configuration file or
Logging
If the –log option is used then E-MailRelay program sends warnings and error messages to its standard error stream, and to the syslog system on Unix or to the Event Viewer on Windows.
The standard error stream logging can be redirected to a file by using the –log-file option, and daily log files can be created by using%d in the filename.
For more verbose logging add the –verbose option to the command-line.
Preventing open mail relay
If you are running E-MailRelay as a server with a permanent connection to the internet it is important to prevent open mail relay because this can be exploited by spammers and get you into trouble with your ISP. By default open mail relaying is not possible because E-MailRelay does not accept IP connections from remote clients. However, if you use the –remote-clients option then you need to be more careful.
If the only required access to the E-MailRelay server is from a local network and not from the internet then just set up your firewall to block incoming connections on ports 25 (SMTP) and 110 (POP) and also use the –interface option on the E-MailRelay command-line so that it only listens for incoming connections on the local network.
If you do need to accept connections from the internet then you should require all clients to authenticate themselves by using the –server-auth option on the E-MailRelay command-line. If you also want local clients running on your internal network to be able to bypass this authentication then you can put those trusted IP addresses in the E-MailRelay secrets file with an authentication mechanism of none. Refer to the reference guide for more information.
Running as a POP server
E-MailRelay can run as a POP server so that e-mail client programs can retrieve messages from the E-MailRelay spool directory directly.
To allow POP access to spooled messages use a command-line something like this: emailrelay –as-server –pop –pop-auth=/etc/
You will need to create the authentication secrets file ( in this example) containing usernames and passwords. A simple example would look like this: server plain user1 password1
server plain user2 password2
It can sometimes be useful to serve up the same e-mail messages to multiple POP clients. For example, you might use several e-mail clients on your local network and you would like to see your mail on all of them equally. The –pop-by-name option is intended to be used in this scenario; each e-mail client sees its own copy of the e-mail messages, stored in its own sub-directory of the main spool directory. The name of the sub-directory is simply the name that the client uses to authenticate with the E-MailRelay server. You just need to create the sub-directory for each client and then specify emailrelay-filter-copy as the E-MailRelay –filter program.
Refer to the documentation of the various –pop command-line options for more detail: –pop, –pop-port, –pop-auth, –pop-no-delete and –pop-by-name.
Triggering delivery
If you are using E-MailRelay on Unix to store and forward e-mail over an intermittent link to the internet such as dial-up or wireless networking, then you might need to set things up so that the network tells E-MailRelay when to start forwarding e-mail.
On Linux systems you should find that there are special directories where you can install your own hook scripts that are called whenever a dial-up or wireless network connection is established. For dial-up this might be /etc/ppp/ip-up. d, and for wireless /etc/network/if-up. d.
Just create a two-line script like this in the relevant directory: #! /bin/sh
exec /usr/local/sbin/emailrelay
and make it executable using chmod +x.
Failed e-mails
If e-mail messages cannot be forwarded by the E-MailRelay system then the envelope files in the spool directory are given a suffix. The reason for the failure will be recorded in the envelope file itself.
You should check for envelope files in the E-MailRelay spool directory from time to time. If you want them to be retried next time then just remove the filename suffix.
You can run the emailrelay-resubmit script periodically to automate this; it removes the suffix from files in the spool directory as long as they have not been retried too many times already.
Usage patterns
The simplest ways of using E-MailRelay for SMTP are to run it as a proxy or to do store-and-forward, but many other configurations are possible. For example, multiple E-MailRelay servers can run in parallel sharing the same spool directory, or they can be chained in series to that e-mail messages get transferred from one to the next.
Remember that messages can be introduced directly into the E-MailRelay spool directory using the emailrelay-submit utility, and they can be moved out again at any time, as long as the envelope file is not locked (ie. with a special filename extension). Your –filter program can edit messages in any way you want, and it can even delete the current message from the spool directory.
When using E-MailRelay as a POP server the –pop-by-name feature can be used to serve up different spooled messages according to the username that the client authenticated with. Rather than use emailrelay-filter-copy to distribute incoming e-mail messages into all subdirectories you could use a custom script to do it based on the message addressing.
The POP server can also be used for checking e-mails that are taken out of the normal store-and-forward flow. For example, a –filter script that checks for spam could move suspicious e-mails into a subdirectory of the spool directory that is accessible via the –pop-by-name feature.
Rate limiting
If you need to slow the rate at which e-mails are forwarded you can use a –client-filter program to introduce a delay. On Windows this JavaScript program would give you a delay of a minute: ( 60000);
( 0);
However, this can cause timeouts at the server, so a better approach is to use –client-filter exit:102 so that only one e-mail message is forwarded on each polling cycle, and then use –poll 60 to limit it to one e-mail per minute.
SpamAssassin
The E-MailRelay server can use SpamAssassin to mark or reject potential spam.
It’s easiest to run SpamAssassin’s spamd program in the background and let E-MailRelay send incoming messages to it over the network. By default SpamAssassin spamd uses port 783 so you should use an E-MailRelay command-line option of –filter spam-edit:127. 0. 1:783 if you want spam messages to pass through with a warning added, or –filter spam:127. 1:783 if you want spam messages to be rejected outright.
Alternatively you can run SpamAssassin on demand for each message. To get E-MailRelay to reject spam outright you can just use spamassassin -e as your E-MailRelay –filter program: emailrelay –as-server –filter=”/usr/bin/spamassassin -e”
Or on Windows: emailrelay –as-server –filter=”c:/perl/site/bin/ -e”
To get spam messages identified by SpamAssassin but still pass through the E-MailRelay system you will have to have a small –filter script to collect the output from the spamassassin program and write it back into the E-MailRelay content file.
On Unix your –filter shell script could look something like this: #! /bin/sh
spamassassin “$1” > “$”
mv “$” “$1”
exit 0
On Windows an equivalent batch script would be: c:\perl\site\bin\%1 >
ren%1
Google mail
To send mail via Google mail’s SMTP gateway you will need to create a client secrets file containing your account details and also enable TLS support in E-MailRelay by using the –client-tls option.
The secrets file should contain one line of text something like this: client plain my+20password
If your password contains a space, equals or plus sign, or any control character then you will need to replace those characters with their corresponding hexadecimal ascii value, something like +20 or +2B.
Refer to your secrets file by using –client-auth on the E-MailRelay command-line, and also add in the –client-tls option: emailrelay –client-tls –client-auth=/etc/…
Connection tunnelling
E-MailRelay can send mail out via a SOCKS v4 proxy, which makes it easy to route your mail through an encrypted tunnel created by ssh -N -D or via the Tor anonymising network.
For example, this will run an E-MailRelay proxy on port 587 that routes via a local Tor server on port 9050 to the mail server at emailrelay –port 587 –anonymous –connection-timeout=300
Blocklists and dynamic firewalls
E-MailRelay can consult with remote DNSBL blocklist servers in order to block incoming connections from known spammers. Refer to the documentation of the –dnsbl option for more details.
It is also possible to integrate E-MailRelay with intrusion detection systems such as fail2ban that monitor log files and dynamically modify your iptables firewall. Use E-MailRelay’s –log-address command-line option so that the remote IP address of any badly-behaved remote user is logged and made available to fail2ban.
Command line usage
The emailrelay program supports the following command-line usage: emailrelay [ [… ]] []
where is:
–address-verifier Runs the specified external program to verify a message recipent’s e-mail address. A network verifier can be specified as net:.
–admin (-a)
Enables an administration interface on the specified listening port number. Use telnet or something similar to connect. The administration interface can be used to trigger forwarding of spooled mail messages if the –forward-to option is used.
–admin-terminate (-Q)
Enables the terminate command in the administration interface.
–anonymous (-A)
Disables the server’s SMTP VRFY command, sends less verbose SMTP responses and SMTP greeting, and stops Received lines being added to mail message content files.
–as-client (-q)
This is equivalent to –log, –no-syslog, –no-daemon, –dont-serve, –forward and –forward-to. It is a convenient way of running a forwarding agent that forwards spooled mail messages and then terminates.
–as-proxy (-y)
This is equivalent to –log, –close-stderr, –forward-on-disconnect and –forward-to. It is a convenient way of running a store-and-forward daemon. Use –log, –forward-on-disconnect and –forward-to instead of –as-proxy to keep the standard error stream open.
–as-server (-d)
This is equivalent to –log and –close-stderr. It is a convenient way of running a background storage daemon that accepts mail messages and spools them. Use –log instead of –as-server to keep standard error stream open.
–client-auth (-C)
Enables SMTP client authentication with the remote server, using the client account details taken from the specified secrets file. The secrets file should normally contain one line that starts with client and that line should have between four and five space-separated fields; the second field is the password encoding (plain or md5), the third is the user-id and the fourth is the password. The user-id is RFC-1891 xtext encoded, and the password is either xtext encoded or generated by emailrelay-passwd. If the remote server does not support SMTP authentication then the SMTP connection will fail.
–client-auth-config
Configures the SMTP client authentication module using a semicolon-separated list of configuration items. Each item is a single-character key, followed by a colon and then a comma-separated list. A ‘m’ character introduces an ordered list of authentication mechanisms, and an ‘x’ is used for blocklisted mechanisms.
–client-filter (-Y)
Runs the specified external filter program whenever a mail message is forwarded. The filter is passed the name of the message file in the spool directory so that it can edit it as required. A network filter can be specified as net: and prefixes of spam:, spam-edit: and exit: are also allowed. The spam: and spam-edit: prefixes require a SpamAssassin daemon to be running. For store-and-forward applications the –filter option is normally more useful than –client-filter.
–client-interface (-6)
Specifies the IP network address to be used to bind the local end of outgoing SMTP connections. By default the address will depend on the routing tables in the normal way. Use 0. 0 to use only IPv4 addresses returned from DNS lookups of the –forward-to address, or:: for IPv6.
–client-tls (-j)
Enables negotiated TLS for outgoing SMTP connections; the SMTP STARTTLS command will be issued if the remote server supports it.
–client-tls-certificate Defines the TLS certificate file when acting as a SMTP client. This file must contain the client’s private key and certificate chain using the PEM file format. Keep the file permissions tight to avoid accidental exposure of the private key.
–client-tls-connection (-b)
Enables the use of a TLS tunnel for outgoing SMTP connections. This is for SMTP over TLS (SMTPS), not TLS negotiated within SMTP using STARTTLS.
–client-tls-required
Makes the use of TLS mandatory for outgoing SMTP connections. The SMTP STARTTLS command will be used before mail messages are sent out. If the remote server does not allow STARTTLS then the SMTP connection will fail.
–client-tls-server-name
Defines the target server hostname in the TLS handshake. With –client-tls-connection this can be used for SNI, allowing the remote server to adopt an appropriate identity.
–client-tls-verify
Enables verification of the remote SMTP server’s certificate against any of the trusted CA certificates in the specified file or directory. In many use cases this should be a file containing just your self-signed root certificate.
–client-tls-verify-name
Enables verification of the CNAME within the remote SMTP server’s certificate.
–close-stderr (-e)
Causes the standard error stream to be closed soon after start-up. This is useful when operating as a backgroud daemon and it is therefore implied by –as-server and –as-proxy.
–connection-timeout (-U)
Specifies a timeout (in seconds) for establishing a TCP connection to remote SMTP servers. The default is 40 seconds.
–debug (-g)
Enables debug level logging, if built in. Debug messages are usually only useful when cross-referenced with the source code and they may expose plaintext passwords and mail message content.
–dnsbl
Specifies a list of DNSBL servers that are used to reject SMTP connections from blocked addresses. The configuration string is made up of comma-separated fields: the DNS server’s transport address, a timeout in milliseconds, a rejection threshold, and then the list of DNSBL servers.
–domain (-D)
Specifies the network name that is used in SMTP EHLO commands, Received lines, and for generating authentication challenges. The default is derived from a DNS lookup of the local hostname.
–dont-serve (-x)
Disables all network serving, including SMTP, POP and administration interfaces. The program will terminate as soon as any initial forwarding is complete.
–filter (-z)
Runs the specified external filter program whenever a mail message is stored. The mail message is rejected if the filter program terminates with an exit code between 1 and 99. Use net: to communicate with a filter daemon over the network, or spam: for a spamassassin spamd daemon to accept or reject mail messages, or spam-edit: to have spamassassin edit the message content without rejecting it, or exit: to emulate a filter program that just exits.
–filter-timeout (-W)
Specifies a timeout (in seconds) for running a –filter program. The default is 300 seconds.
–forward (-f)
Causes spooled mail messages to be forwarded when the program first starts.
–forward-on-disconnect (-1)
Causes spooled mail messages to be forwarded whenever a SMTP client connection disconnects.
–forward-to (-o)
Specifies the transport address of the remote SMTP server that is use for mail message forwarding.
–forward-to-some
Allow forwarding to continue even if some recipient addresses on an e-mail envelope are rejected by the remote server.
–help (-h)
Displays help text and then exits. Use with –verbose for more complete output.
–hidden (-H)
Windows only. Hides the application window and disables all message boxes, overriding any –show option. This is useful when running as a windows service.
–idle-timeout
Specifies a timeout (in seconds) for receiving network traffic from remote SMTP and POP clients. The default is 1800 seconds.
–immediate (-m)
Causes mail messages to be forwarded as they are received, even before they have been accepted. This can be used to do proxying without store-and-forward, but in practice clients tend to to time out while waiting for their mail message to be accepted.
–interface (-I)
Specifies the IP network addresses or interface names used to bind listening ports. By default listening ports for incoming SMTP, POP and administration connections will bind the ‘any’ address for IPv4 and for IPv6, ie. 0 and::. Multiple addresses can be specified by using the option more than once or by using a comma-separated list. Use a prefix of smtp=, pop= or admin= on addresses that should apply only to those types of listening port. Any link-local IPv6 addresses must include a zone name or scope id. Interface names can be used instead of addresses, in which case all the addresses associated with that interface at startup will used for listening. When an interface name is decorated with a -ipv4 or -ipv6 suffix only their IPv4 or IPv6 addresses will be used (eg. ppp0-ipv4).
–localedir

Specifies a locale base directory where localisation message catalogues can be found. An empty directory can be used for the built-in default.
–log (-l)
Enables logging to the standard error stream and to the syslog. The –close-stderr and –no-syslog options can be used to disable output to standard error stream and the syslog separately. Note that –as-server, –as-client and –as-proxy imply –log, and –as-server and –as-proxy also imply –close-stderr.
–log-address
Adds the network address of remote clients to the logging output.
–log-file (-N)
Redirects standard-error logging to the specified file. Logging to the log file is not affected by –close-stderr. The filename can include%d to get daily log files; the%d is replaced by the current date in the local timezone using a YYYYMMDD format.
–log-time (-L)
Adds a timestamp to the logging output using the local timezone.
–no-daemon (-t)
Disables the normal backgrounding at startup so that the program runs in the foreground, without forking or detaching from the terminal. On Windows this disables the system tray icon so the program uses a normal window; when the window is closed the program terminates.
–no-smtp (-X)
Disables listening for incoming SMTP connections.
–no-syslog (-n)
Disables logging to the syslog. Note that –as-client implies –no-syslog.
–pid-file (-i)
Causes the process-id to be written into the specified file when the program starts up, typically after it has become a backgroud daemon.
–poll (-O)
Causes forwarding of spooled mail messages to happen at regular intervals (with the time given in seconds).
–pop (-B)
Enables the POP server listening, by default on port 110, providing access to spooled mail messages. Negotiated TLS using the POP STLS command will be enabled if the –server-tls option is also given.
–pop-auth (-F)
Specifies a file containing valid POP account details. The file format is the same as for the SMTP server secrets file, ie. lines starting with server, with user-id and password in the third and fourth fields. A special value of /pam can be used for authentication using linux PAM.
–pop-by-name (-J)
Modifies the spool directory used by the POP server to be a sub-directory with the same name as the POP authentication user-id. This allows multiple POP clients to read the spooled messages without interfering with each other, particularly when also using –pop-no-delete. Content files can stay in the main spool directory with only the envelope files copied into user-specific sub-directories. The emailrelay-filter-copy program is a convenient way of doing this when run via –filter.
–pop-no-delete (-G)
Disables the POP DELE command so that the command appears to succeed but mail messages are not deleted from the spool directory.
–pop-port (-E)
Sets the POP server’s listening port number.
–port (-p)
Sets the port number used for listening for incoming SMTP connections.
–prompt-timeout (-w)
Specifies a timeout (in seconds) for getting the initial prompt from a remote SMTP server. If no prompt is received after this time then the SMTP dialog goes ahead without it.
–remote-clients (-r)
Allows incoming connections from addresses that are not local. The default behaviour is to reject connections that are not local in order to prevent accidental exposure to the public internet, although a firewall should also be used. Local address ranges are defined in RFC-1918, RFC-6890 etc.
–response-timeout (-T)
Specifies a timeout (in seconds) for getting responses from remote SMTP servers. The default is 1800 seconds.
–server-auth (-S)
Enables SMTP server authentication of remote SMTP clients. Account names and passwords are taken from the specified secrets file. The secrets file should contain lines that have four space-separated fields, starting with server in the first field; the second field is the password encoding (plain or md5), the third is the client user-id and the fourth is the password. A special value of /pam can be used for authentication using linux PAM.
–server-auth-config
Configures the SMTP server authentication module using a semicolon-separated list of configuration items. A ‘m’ character introduces a preferred sub-set of the built-in authentication mechanisms, and an ‘x’ is used for blocklisted mechanisms.
–server-tls (-K)
Enables TLS for incoming SMTP and POP connections. SMTP clients can then request TLS encryption by issuing the STARTTLS command. The –server-tls-certificate option must be used to define the server certificate.
–server-tls-certificate Defines the TLS certificate file when acting as a SMTP or POP server. This file must contain the server’s private key and certificate chain using the PEM file format. Keep the file permissions tight to avoid accidental exposure of the private key.
–server-tls-connection
Enables SMTP over TLS when acting as an SMTP server. This is for SMTP over TLS (SMTPS), not TLS negotiated within SMTP using STARTTLS.
–server-tls-required
Makes the use of TLS mandatory for any incoming SMTP and POP connections. SMTP clients must use the STARTTLS command to establish a TLS session before they can issue SMTP AUTH or SMTP MAIL-TO commands.
–server-tls-verify
Enables verification of remote SMTP and POP clients’ certificates against any of the trusted CA certificates in the specified file or directory. In many use cases this should be a file containing just your self-signed root certificate.
–size (-M)
Limits the size of mail messages that can be submitted over SMTP.
–spool-dir (-s)
Specifies the directory used for holding mail messages that have been received but not yet forwarded.
–syslog[=] (-k)
When used with –log this option enables logging to the syslog even if the –no-syslog option is also used. This is typically used as a convenient override when using –as-client.
–tls-config (-9)
Selects and configures the low-level TLS library, using a comma-separated list of keywords. If OpenSSL and mbedTLS are both built in then keywords of openssl and mbedtls will select one or the other. Keywords like tlsv1. 0 can be used to set a minimum TLS protocol version, or -tlsv1. 2 to set a maximum version.
–user (-u)
When started as root the program switches to an non-privileged effective user-id when idle. This option can be used to define which user-id is used. Specify root to disable all user-id switching. Ignored on Windows.
–verbose (-v)
Enables more verbose logging when used with –log, and more verbose help when used with –help.
–version (-V)
Displays version information and then exits.
A configuration file can be used to provide additional options; put each option on a separate line, use the long option names but without the double dash, and separate the option name from the option value with spaces.
All command-line options that specify a filename can use a special @app substitution variable that is interpreted as the directory that contains the emailrelay executable or MacOS application bundle.
Message store
Mail messages are stored as text files in the configured spool directory. Each e-mail message is represented as an envelope file and a content file. The envelope file contains parameters relevant to the SMTP dialogue, and the content file contains the RFC-822 headers and body text.
The filenames used in the message store have a prefix of emailrelay, followed by a process-id, timestamp and sequence number, and then envelope or content. The envelope files then have an additional suffix to implement a simple locking scheme.
The envelope file suffixes are:
— while the envelope is first being written
— while the message is being forwarded
— if the message cannot be forwarded
— for copies of the envelope file for delivery to local recipients
If an e-mail message cannot be forwarded the envelope file is given a suffix, and the failure reason is written into the file.
Forwarding
Spooled e-mail messages can be forwarded at various times, depending on the command-line options:
when E-MailRelay first starts up (–as-client or –forward)
as each message is submitted, just before receipt is acknowledged (–immediate)
as soon as the submitting client connection disconnects (–forward-on-disconnect)
periodically (–poll=)
on demand using the administration interface’s flush command (–admin=)
when a –filter script exits with an exit code of 103
These can be mixed.
When using –as-client, or –dont-serve and –forward, the spooled messages begin to be forwarded as soon as the program starts up, and the program terminates once they have all been sent.
By default all recipient e-mail addresses must be accepted by the remote server when E-MailRelay forwards an e-mail message. If any one recipient is rejected then the message will be left in the spool directory with a suffix on the envelope file. This behaviour can be changed by using –forward-to-some command-line option so that forwarding will succeed for the valid recipients and the failed message will contain the invalid ones.
Mail processing
The –filter command-line option allows you to specify a mail processing program which operates on e-mail messages as th

Free SMTP Server – Scalable Email Relay Service with Mailjet

Configure Your SMTP Relay In Minutes
Mailjet’s Free SMTP Server integrates easily with any system. You can update your configuration using our SMTP server, one of the supported ports, and simply authenticate with your credentials (API key, secret key).
Benefit From A Variety Of Ports
Mailjet supports a variety of ports with our SMTP relay, offering you greater flexibility. You can choose the port that is most suitable for you depending on your email client or ISP, and have access to either TLS or SSL encryption to ensure your emails are secure.
Improve Your Inbox Placement
With our SMTP Relay, you will not only increase your chance of landing in the inbox, but we’ll help get your emails there faster.
Easily set up SPF, DMARC, and DKIM records to authenticate your domain and start sending. Our deliverability support team will be there every step of the way to help get you set up, monitor, and maintain high deliverability rates.
Use The MTA And Framework You Prefer
Use your preferred Message Deliverability Agent or Message Transfer Agent (MTA) such as Postfix, Exim, or Exchange to send via Mailjet’s SMTP relay. You can also use PHP, Java or any other frameworks or languages you prefer, making it easier for you to start sending immediately.
Monitor Your Email Performance
Mailjet’s real-time dashboard makes it easy for you to browse, filter and troubleshoot key performance indicators like opens, clicks, bounces, and unsubscribes, and more.
You can also easily integrate in your systems to receive each event notification in real time thanks to webhooks.
Personalize Your Emails
Our advanced Templating Language allows you to add more detailed personalization and dynamic content to your emails. Send the right content to each of your recipients to achieve even higher engagement rates.
Rely On Our Robust And Scalable Infrastructure
Mailjet’s robust delivery infrastructure routes billions of emails to the inbox every month. Our auto-scaling mechanism adapts to your volume needs to ensure your emails are sent even in high volume moments.
We have more than 720 servers worldwide to guarantee you an uptime of 99. 9%.
Get The Help You Need
Our multi-lingual support teams is here to help you 24/7 in English, French, Spanish and German. Get answers to all of your questions to quickly solve any technical issues or improve your deliverability.

Configuring NGINX as a Mail Proxy Server

Simplify your email service and improve its performance with NGINX or NGINX Plus as a proxy for the IMAP, POP3, and SMTP protocols
This article will explain how to configure NGINX Plus or NGINX Open Source as a proxy for a mail server or an external mail service.
Introduction
NGINX can proxy IMAP, POP3 and SMTP protocols to one of the upstream mail servers that host mail accounts and thus can be used as a single endpoint for email clients. This may bring in a number of benefits, such as:
easy scaling the number of mail servers
choosing a mail server basing on different rules, for example, choosing the nearest server basing on a client’s IP address
distributing the load among mail servers
Prerequisites
NGINX Plus (already includes the Mail modules necessary to proxy email traffic) or NGINX Open Source compiled the Mail modules using the –with-mail parameter for email proxy functionality and –with-mail_ssl_module parameter for SSL/TLS support:
$. /configure –with-mail –with-mail_ssl_module –with-openssl=[DIR]/openssl-1. 1. 1
IMAP, POP3 and/or SMTP mail servers or an external mail service
Configuring SMTP/IMAP/POP3 Mail Proxy Servers
In the NGINX configuration file:
Create a top-level mail context (is defined at the same level as the context):
Specify the name for your mail server with the server_name directive:
mail {
server_name;
#… }
Specify the HTTP authentication server with the auth_ directive. The authentication server will authenticate email clients, choose an upstream server for email processing, and report errors. See Setting up Authentication for a Mail Proxy.
auth_ localhost:9000/cgi-bin/;
Alternatively, specify whether to inform a user about errors from the authentication server by specifying the proxy_pass_error_message directive. This may be handy when a mailbox runs out of memory:
proxy_pass_error_message on;
Configure each SMTP, IMAP, or POP3 server with the server blocks. For each server, specify:
the port number that correspond to the specified protocol with the listen directive
the protocol with the protocol directive (if not specified, will be automatically detected from the port specified in the listen directive)
permitted authentication methods with imap_auth, pop3_auth, and smtp_auth directives:
server {
listen 25;
protocol smtp;
smtp_auth login plain cram-md5;}
listen 110;
protocol pop3;
pop3_auth plain apop cram-md5;}
listen 143;
protocol imap;}
Setting up Authentication for a Mail Proxy
Each POP3/IMAP/SMTP request from the client will be first authenticated on an external HTTP authentication server or by an authentication script. Having an authentication server is obligatory for NGINX mail server proxy. The server can be created by yourself in accordance with the NGINX authentication protocol which is based on the HTTP protocol.
If authentication is successful, the authentication server will choose an upstream server and redirect the request. In this case, the response from the server will contain the following lines:
HTTP/1. 0 200 OK
Auth-Status: OK
Auth-Server: # the server name or IP address of the upstream server that will used for mail processing
Auth-Port: # the port of the upstream server
If authentication fails, the authentication server will return an error message. In this case, the response from the server will contain the following lines:
Auth-Status: # an error message to be returned to the client, for example “Invalid login or password”
Auth-Wait: # the number of remaining authentication attempts until the connection is closed
Note that in both cases the response will contain HTTP/1. 0 200 OK which might be confusing.
For more examples of requests to and responses from the authentication server, see the ngx_mail_auth__module in NGINX Reference documentation.
Setting up SSL/TLS for a Mail Proxy
Using POP3/SMTP/IMAP over SSL/TLS you make sure that data passed between a client and a mail server are secured.
To enable SSL/TLS for the mail proxy:
Make sure your NGINX is configured with SSL/TLS support by typing-in the nginx -V command in the command line and then looking for the with –mail_ssl_module line in the output:
$ nginx -V
configure arguments:… with–mail_ssl_module
Make sure you have obtained server certificates and a private key and put them on the server. A certificate can be obtained from a trusted certificate authority (CA) or generated using an SSL library such as OpenSSL.
Enable SSL/TLS for mail proxy with the ssl directive. If the directive is specified in the mail context, SSL/TLS will be enabled for all mail proxy servers. You can also enable STLS and STARTTLS with the starttls directive:
or
Add SSL certificates: specify the path to the certificates (which must be in the PEM format) with the ssl_certificate directive, and specify the path to the private key in the ssl_certificate_key directive:
#…
ssl_certificate /etc/ssl/certs/;
ssl_certificate_key /etc/ssl/certs/;}
You can use only strong versions and ciphers of SSL/TLS with the ssl_protocols and ssl_ciphers directives, or you can set your own preferable protocols and ciphers:
ssl_protocols TLSv1 TLSv1. 1 TLSv1. 2;
ssl_ciphers HIGH:! aNULL:! MD5;}
Optimizing SSL/TLS for Mail Proxy
These hints will help you make your NGINX mail proxy faster and more secure:
Set the number of worker processes equal to the number of processors with the worker_processes directive set on the same level as the mail context:
worker_processes auto;
Enable the shared session cache and disable the built-in session cache with the ssl_session_cache directive:
ssl_session_cache shared:SSL:10m;
Optionally, you may increase the session lifetime which is 5 minutes by default with the ssl_session_timeout directive:
ssl_session_timeout 10m;
Complete Example
ssl on;
ssl_certificate_key /etc/ssl/certs/;
ssl_ciphers HIGH:! aNULL:! MD5;
protocol imap;}}
In this example, there are three email proxy servers: SMTP, POP3 and IMAP. Each of the servers is configured with SSL and STARTTLS support. SSL session parameters will be cached.
The proxy server uses the HTTP authentication server – its configuration is beyond the scope of this article. All error messages from the server will be returned to clients.
What’s on this Page
Complete Example

Frequently Asked Questions about email proxy service