Andrew Jorgensen

It’s better than bad, it’s good!

Postfix Client Authentication

If your running your own server behind an ISP you’re probably lucky enough that your ISP doesn’t require authentication to relay mail through them from inside their network. If you’re so lucky, and they have MX records that make sense all you need is relayhost = isp.com, but if they’re smart they’ll require authentication to help prevent worms and what-nots from relaying through them. It’s not too much harder:

relayhost = [mail.isp.com] smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd

Depending on how they have things configured on their end you may also have to use smtp_sasl_security_options = noanonymous, which overrides the default of noplaintext, noanonymous. In this case you’ll probably also want to use smtp_tls_security_level = may, which will cause it to use TLS if it’s available.

The /etc/postfix/sasl_passwd file needs to have a line like this in it:

[mail.isp.com] user:password

You’ll also need to create the actual hash db by running postmap /etc/postfix/sasl_passwd. The first part, [mail.isp.com] should be the same as your relayhost line, so if you’re using MX lookups you’ll want to drop the [] here too.

Comments