Postfix as relay to a SMTP requiring authentication

Sometimes you may in need to use an external SMTP provider to send your emails, and usually ISPs give instruction on how to configure mail clients such as Outlook or Thunderbird. But what if you are already using an internal SMTP server such as Postfix?

These guidelines are for Debian (but may be helpful with other systems as well) and are related to Postfix. The SMTP provider in the example is AuthSMTP which is a well known provider for SMTP relaying.

Given you already have a working Postfix environment, first of all edit your main.cf and add these lines:

relayhost = [mail.authsmtp.com]
smtp_sasl_auth_enable=yes
smtp_sasl_password_maps=hash:/etc/postfix/sasl-passwords
smtp_sasl_mechanism_filter = digest-md5
smtp_sasl_security_options=

then, create with $EDITOR a file called /etc/postfix/sasl-passwords and fill it with something like this:

[mail.authsmtp.com] yourusername:yourpassword

then, compile the map file

# postmap hash:/etc/postfix/sasl-passwords

now we are almost done, just restart postfix and it should work.

Now, probably it won’t really work and you’ll start to see messages like these in your postfix log:

warning: SASL authentication failure: No worthy mechs found
SASL authentication failed; cannot authenticate to server mail.authsmtp.com

that’s because you are missing some SASL packages from Debian. Issue

# aptitude install libsasl2-modules

and it should install all the missing packages and make the thing work :)

Advertisements

13 thoughts on “Postfix as relay to a SMTP requiring authentication

  1. Mysql version, give it a try, not sure if it will work.

    relayhost = [mail.authsmtp.com]
    smtp_sasl_auth_enable=yes
    smtp_sasl_password_maps=mysql:/etc/postfix/sasl-passwords
    smtp_sasl_mechanism_filter = digest-md5
    smtp_sasl_security_options=

    user = postfix
    password = whatever
    hosts = 127.0.0.1
    dbname = postfix
    query = SELECT CONCAT(‘[‘,extsmtp,’]’),name,pass FROM sasl_pass WHERE name=’%s’

    CREATE TABLE sasl_pass (
    extsmtp varchar(80) NOT NULL,
    name TEXT NOT NULL,
    pass varchar(20) NOT NULL,
    PRIMARY KEY (extsmtp) );

  2. More accurated one:

    relayhost=mysql:/etc/postfix/sasl-relay
    smtp_sasl_auth_enable=yes
    smtp_sasl_password_maps=mysql:/etc/postfix/sasl-passwords
    smtp_sasl_mechanism_filter = digest-md5
    smtp_sasl_security_options=

    sasl-relay:
    user = postfix
    password = whatever
    hosts = 127.0.0.1
    dbname = postfix
    query = SELECT extsmtp FROM sasl-password.

    sasl-password
    user = postfix
    password = whatever
    hosts = 127.0.0.1
    dbname = postfix
    query = SELECT CONCAT(’[‘,extsmtp,’]‘),name,pass FROM sasl_pass WHERE extsmtp=’%s

    CREATE TABLE sasl_pass (
    extsmtp varchar(80) NOT NULL,
    name TEXT NOT NULL,
    pass varchar(20) NOT NULL,
    PRIMARY KEY (extsmtp) );

  3. TKS good tutorial; following it unfortunately didnt work with my isp configuration, so syslog showed the following error:

    status=deferred (SASL authentication failed: server smtp.xxxx.com.br[201.xx.xx.xx] offered no compatible authentication mechanisms for this type of connection security)

    so I removed the line containing

    smtp_sasl_mechanism_filter = digest-md5

    from the main.cf file and it worked for my isp correctly;

    well, i dunow if thats a security breach, so take care if you do that; i will be researching that now….

    henrique – brazil
    SOFTLIVRE consultoria e treinamento

    • @Henrique: your ISP doesn’t support the digest-md5 method so you have to disable it to get it work.
      Anyway as the man page says, if you don’t specify any method by default Postfix wull try to find which one is supported on both sides.
      The only problem is that I cannot find in the manpage (or any other place) which is the list of supported methods

  4. Jezus, i feel like an idiot… Well, thanks to you guys i found why i kept getting errors/bounces due to “must authenticate first”. I never even noticed that there was a difference between:

    smtp_sasl_auth_enable = yes
    and
    smtpd_sasl_auth_enable = yes

    I thought that it was the SAME parameter –i didn’t even notice the “D” after the “smtp”, that made the difference between the 2. Man…

    Anyway, thanx

  5. Thank you for writing tutorial! Unlike Phil, I did NOT lose two hours fighting this because you thought to include the aptitude command I needed to use. :-)

  6. Hi there,

    I need help, I’m really frustrated with postfix.

    I’m trying to configure postfix to user a smtp relay. But I can’t send emails out.

    Can someone please help me?

    Thank you regards

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s