Smart Host Config for Haraka v3.0

This is the 4th post in a series about setting up an outbound SMTP server with DKIM signing and smart host forwarding. Here you will learn how to configure an existing Haraka server to forward all outgoing mail to another SMTP server. In this update, I will explain a simplified built-in method that is available thanks to bug fixes published after I wrote the old post for v2.8.

Updating Haraka

I must admit my Ubuntu skills felt weak in this area because I couldn’t figure out how to do this without rebooting the whole computer. This set of commands did work though.

systemctl stop haraka

systemctl disable haraka

npm update -g Haraka

npm install -g Haraka


Take note that both npm commands are case sensitive. There are two packages named Haraka and haraka. If you get the casing wrong it does strange things. Also, if you omit the -g token then you will end up with two different versions installed in two different places. I found the whole procedure surprisingly fragile and error prone. After the computer starts, verify results.

haraka -v

/usr/local/bin/haraka -v

/usr/bin/haraka -v

If you have more than one version installed, stop here and sort that out first.

If you find a more efficient way of doing this, please let me know in the comments.

Undoing the v2.8 Config

If you followed my previous posts about how to configure Haraka v2.8, then you will need to disable the custom plugin that was required for that version. Simply edit the file /etc/haraka/config/plugins and place a hash mark in front of the plugin name.


New Config for v3.0

In this version, we can use the built-in smtp_foward plugin and skip the extra files. Start by editing the file /etc/haraka/config/smtp_forward.ini so that it looks like this.


The host details are fully customizable. I found that Haraka auto-negotiated encryption for me, which appears to be STARTTLS. If you try to use a TLS-only port instead, it will not connect at all. This is specified in the documentation, “This plugin does not work with SMTP over TLS.”

Next, go back to /etc/haraka/config/plugins and enable this built-in plugin by removing the hash mark near the bottom of the file under QUEUE .


Lastly, check the correctness of the ExecStart path in your /etc/systemd/system/haraka.service file. After the headache of sorting out 2 different copies of Haraka, I had to update mine like this:

ExecStart=/usr/local/bin/haraka -c /etc/haraka

If you have any difficulty with the systemd service, check the messages stored in the log file at /var/log/syslog

That’s it! Just restart Haraka for the changes to take effect.

systemctl daemon-reload

systemctl enable haraka

systemctl restart haraka

The next time you send an email, the application will lookup the IP address of the forward host instead of the destination MX.

Leave a Reply

Your email address will not be published. Required fields are marked *