Relaying with Postfix, SASL, Authentication and TLS
Create All The Files!
mail.myserver.com relayuser:my password with spaces
[mail.myserver.com]:587 encrypt protocols=TLSv1 ciphers=high [mail.myserver.com]:msa encrypt protocols=TLSv1 ciphers=high [mail.myserver.com]:submission encrypt protocols=TLSv1 ciphers=high
Set File Permissions on SASL password file
chown root:root /etc/postfix/sasl/saslpass chmod 600 /etc/postfix/sasl/saslpass
Hash All The Files!
postmap /etc/postfix/sasl/saslpass postmap /etc/postfix/tls_policy
Configure All The Postfix!
## Since I am using TLS, I will allow plain text and LOGIN (which are disabled by default postconf -e "smtp_sasl_security_options = " ## Enable SASL for outgoing SMTP traffic. postconf -e "smtp_sasl_auth_enable = yes" ### Add the SASL password map postconf -e " smtp_sasl_password_maps = hash:/etc/postfix/sasl/saslpass" ### Set the TLS Policy map so that my mail server uses TLS w/ the appropriate policies. postconf -e " smtp_tls_policy_maps = hash:/etc/postfix/tls_policy" ### Add the relayhost as my upstream mail server, note the format, it's important. postconf -e "relayhost = [mail.myserver.com]:587"
I needed to relay from my in-house Linux box, which runs Postfix (on Ubuntu, incidentally), through my colo-hosted mail server. This recipe will work for Comcast, Verizon, Frontier, and Gmail. Those are the only places I have tested it. All of those mailservers have a Submission port (587) which accepts TLS.
This should work for just about any setup.