Postfix as relayhost with SASL auth

Client configuration (notebook, workstation what ever)

  1. Edit your /etc/postfix/main.cf
  2. # TLS client parameter
    smtp_use_tls = yes
    smtp_enforce_tls = yes
    # for postfix < 2.3
    # smtp_tls_security_level = secure
    smtp_sasl_tls_security_options = $smtp_sasl_security_options
    smtp_tls_CAfile = /etc/ssl/certs/cacert.org.pem
    smtp_tls_loglevel = 0
    [...]
    relayhost = [mx1.example.com]:587
    mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
    inet_interfaces = loopback-only
    [...]
    smtp_sasl_auth_enable = yes
    smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwords
    smtp_sasl_security_options = noanonymous
    

    Setting [ and ] prevent the client from looking up the MX record for the domain. The port 587 is reserved for email clients. Some ISPs block port 25 😉

  3. Create your passwordmap – /etc/postfix/sasl_passwords
  4. [mx1.example.net]:587 username:password
  5. Run postmap for /etc/postfix/sasl_passwords
  6. postmap /etc/postfix/sasl_passwords; rm /etc/postfix/sasl_passwords

Server configuration

  1. Nothing if you have already a working mail server. That the user (/etc/postfix/sasl_passwords) must exists on the server is plausible ? Check your smtpd_*_restrictions on the mail server if the client won’t use sasl 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *