Sometimes you may in need to use an external SMTP provider to send your emails, and usually ISPs give instruction on how to configure mail clients such as Outlook or Thunderbird. But what if you are already using an internal SMTP server such as Postfix?
These guidelines are for Debian (but may be helpful with other systems as well) and are related to Postfix. The SMTP provider in the example is AuthSMTP which is a well known provider for SMTP relaying.
Given you already have a working Postfix environment, first of all edit your main.cf and add these lines:
relayhost = [mail.authsmtp.com]
smtp_sasl_auth_enable=yes
smtp_sasl_password_maps=hash:/etc/postfix/sasl-passwords
smtp_sasl_mechanism_filter = digest-md5
smtp_sasl_security_options=
then, create with $EDITOR a file called /etc/postfix/sasl-passwords and fill it with something like this:
[mail.authsmtp.com] yourusername:yourpassword
then, compile the map file
# postmap hash:/etc/postfix/sasl-passwords
now we are almost done, just restart postfix and it should work.
Now, probably it won’t really work and you’ll start to see messages like these in your postfix log:
warning: SASL authentication failure: No worthy mechs found
SASL authentication failed; cannot authenticate to server mail.authsmtp.com
that’s because you are missing some SASL packages from Debian. Issue
# aptitude install libsasl2-modules
and it should install all the missing packages and make the thing work :)
The eternal fight between admins and computers 
Mysql version, give it a try, not sure if it will work.
relayhost = [mail.authsmtp.com]
smtp_sasl_auth_enable=yes
smtp_sasl_password_maps=mysql:/etc/postfix/sasl-passwords
smtp_sasl_mechanism_filter = digest-md5
smtp_sasl_security_options=
user = postfix
password = whatever
hosts = 127.0.0.1
dbname = postfix
query = SELECT CONCAT(‘[‘,extsmtp,’]’),name,pass FROM sasl_pass WHERE name=’%s’
CREATE TABLE sasl_pass (
extsmtp varchar(80) NOT NULL,
name TEXT NOT NULL,
pass varchar(20) NOT NULL,
PRIMARY KEY (extsmtp) );
More accurated one:
relayhost=mysql:/etc/postfix/sasl-relay
smtp_sasl_auth_enable=yes
smtp_sasl_password_maps=mysql:/etc/postfix/sasl-passwords
smtp_sasl_mechanism_filter = digest-md5
smtp_sasl_security_options=
sasl-relay:
user = postfix
password = whatever
hosts = 127.0.0.1
dbname = postfix
query = SELECT extsmtp FROM sasl-password.
sasl-password
user = postfix
password = whatever
hosts = 127.0.0.1
dbname = postfix
query = SELECT CONCAT(’[‘,extsmtp,’]‘),name,pass FROM sasl_pass WHERE extsmtp=’%s
CREATE TABLE sasl_pass (
extsmtp varchar(80) NOT NULL,
name TEXT NOT NULL,
pass varchar(20) NOT NULL,
PRIMARY KEY (extsmtp) );
TKS good tutorial; following it unfortunately didnt work with my isp configuration, so syslog showed the following error:
status=deferred (SASL authentication failed: server smtp.xxxx.com.br[201.xx.xx.xx] offered no compatible authentication mechanisms for this type of connection security)
so I removed the line containing
smtp_sasl_mechanism_filter = digest-md5
from the main.cf file and it worked for my isp correctly;
well, i dunow if thats a security breach, so take care if you do that; i will be researching that now….
henrique – brazil
SOFTLIVRE consultoria e treinamento
@Henrique: your ISP doesn’t support the digest-md5 method so you have to disable it to get it work.
Anyway as the man page says, if you don’t specify any method by default Postfix wull try to find which one is supported on both sides.
The only problem is that I cannot find in the manpage (or any other place) which is the list of supported methods
@var_ null thanks for your comment!
Jezus, i feel like an idiot… Well, thanks to you guys i found why i kept getting errors/bounces due to “must authenticate first”. I never even noticed that there was a difference between:
smtp_sasl_auth_enable = yes
and
smtpd_sasl_auth_enable = yes
I thought that it was the SAME parameter –i didn’t even notice the “D” after the “smtp”, that made the difference between the 2. Man…
Anyway, thanx
[…] to add a little to TVA's post, here is a link to a mini how to. In particular, the comments section may be of value. It mentions that there is a […]
aptitude install libsasl2-modules
Son of a bitch.. Thank you. I lost two hours fighting this.
Thank you for writing tutorial! Unlike Phil, I did NOT lose two hours fighting this because you thought to include the aptitude command I needed to use. :-)
[…] On line 3 below here, the sasl-passwords file can be named whatever you want, I just followed a tutorial, and that seemed like as good a name as […]
[…] ISP that required authN for connections from their own network range but a quick search turned up this, give it a try and let us know the […]
Hi there,
I need help, I’m really frustrated with postfix.
I’m trying to configure postfix to user a smtp relay. But I can’t send emails out.
Can someone please help me?
Thank you regards
[…] URL: https://anothersysadmin.wordpress.com/ … requiring-authentication/ […]