Postfix as relay to a SMTP requiring authentication
Posted by Vide on February 6, 2009
Sometimes you may in need to use an external SMTP provider to send your emails, and usually ISPs give instruction on how to configure mail clients such as Outlook or Thunderbird. But what if you are already using an internal SMTP server such as Postfix?
These guidelines are for Debian (but may be helpful with other systems as well) and are related to Postfix. The SMTP provider in the example is AuthSMTP which is a well known provider for SMTP relaying.
Given you already have a working Postfix environment, first of all edit your main.cf and add these lines:
relayhost = [mail.authsmtp.com]
smtp_sasl_auth_enable=yes
smtp_sasl_password_maps=hash:/etc/postfix/sasl-passwords
smtp_sasl_mechanism_filter = digest-md5
smtp_sasl_security_options=
then, create with $EDITOR a file called /etc/postfix/sasl-passwords and fill it with something like this:
[mail.authsmtp.com] yourusername:yourpassword
then, compile the map file
# postmap hash:/etc/postfix/sasl-passwords
now we are almost done, just restart postfix and it should work.
Now, probably it won’t really work and you’ll start to see messages like these in your postfix log:
warning: SASL authentication failure: No worthy mechs found
SASL authentication failed; cannot authenticate to server mail.authsmtp.com
that’s because you are missing some SASL packages from Debian. Issue
# aptitude install libsasl2-modules
and it should install all the missing packages and make the thing work :)
var_null said
Mysql version, give it a try, not sure if it will work.
relayhost = [mail.authsmtp.com]
smtp_sasl_auth_enable=yes
smtp_sasl_password_maps=mysql:/etc/postfix/sasl-passwords
smtp_sasl_mechanism_filter = digest-md5
smtp_sasl_security_options=
user = postfix
password = whatever
hosts = 127.0.0.1
dbname = postfix
query = SELECT CONCAT(‘[',extsmtp,']‘),name,pass FROM sasl_pass WHERE name=’%s’
CREATE TABLE sasl_pass (
extsmtp varchar(80) NOT NULL,
name TEXT NOT NULL,
pass varchar(20) NOT NULL,
PRIMARY KEY (extsmtp) );
var_null said
More accurated one:
relayhost=mysql:/etc/postfix/sasl-relay
smtp_sasl_auth_enable=yes
smtp_sasl_password_maps=mysql:/etc/postfix/sasl-passwords
smtp_sasl_mechanism_filter = digest-md5
smtp_sasl_security_options=
sasl-relay:
user = postfix
password = whatever
hosts = 127.0.0.1
dbname = postfix
query = SELECT extsmtp FROM sasl-password.
sasl-password
user = postfix
password = whatever
hosts = 127.0.0.1
dbname = postfix
query = SELECT CONCAT(’[',extsmtp,']‘),name,pass FROM sasl_pass WHERE extsmtp=’%s
CREATE TABLE sasl_pass (
extsmtp varchar(80) NOT NULL,
name TEXT NOT NULL,
pass varchar(20) NOT NULL,
PRIMARY KEY (extsmtp) );
henrique barbosa said
TKS good tutorial; following it unfortunately didnt work with my isp configuration, so syslog showed the following error:
status=deferred (SASL authentication failed: server smtp.xxxx.com.br[201.xx.xx.xx] offered no compatible authentication mechanisms for this type of connection security)
so I removed the line containing
smtp_sasl_mechanism_filter = digest-md5
from the main.cf file and it worked for my isp correctly;
well, i dunow if thats a security breach, so take care if you do that; i will be researching that now….
henrique – brazil
SOFTLIVRE consultoria e treinamento
Vide said
@Henrique: your ISP doesn’t support the digest-md5 method so you have to disable it to get it work.
Anyway as the man page says, if you don’t specify any method by default Postfix wull try to find which one is supported on both sides.
The only problem is that I cannot find in the manpage (or any other place) which is the list of supported methods
Vide said
@var_ null thanks for your comment!