Postfix Configure Client SMTP Authentication ( Smarthost Authentication )

by on March 12, 2009 · 27 comments· LAST UPDATED March 12, 2009

in , ,

My ISP requires that mail from my dynamic IP to our small business email addresses uses their outgoing SMTP servers. This is probably done to reduce abuse and spam but now I'm not able to send email and local Postfix log file displays authentication failure message. How do I relay mail through my mail ISP servers using Postfix SMTP under Linux / UNIX like operating systems?

Postfix has a method of authentication using SASL. It can use a text file or MySQL table as a special password database.

Configure SMTP AUTH for mail servers

Create a text file as follows:
# P=/etc/postfix/password
# vi $P

The format of the client password file is as follows:

#smtp.isp.com       username:password
smtp.vsnl.in         vivek@vsnl.in:mySecretePassword

Save and close the file. Set permissions:
# chown root:root $P
# chmod 0600 $P
# postmap hash:$P

Enable SMTP AUTH

Open main.cf file, enter:
# vi /etc/postfix/main.cf
Append following config directives:

 relayhost = smtp.vsnl.in
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/password
smtp_sasl_security_options =

Where,

  • relayhost = smtp.vsnl.in : Rely all mail via smtp.vsnl.in ISP mail server.
  • smtp_sasl_auth_enable = yes : Cyrus-SASL support for authentication of mail servers.
  • smtp_sasl_password_maps = hash:/etc/postfix/password : Set path to sasl_passwd.
  • smtp_sasl_security_options = : Finally, allow Postfix to use anonymous and plaintext authentication by leaving it empty.

Save and close the file. Restart Postfix:
# /etc/init.d/postfix reload
Test your setup by sending a text email:
$ echo 'This is a test.' > /tmp/test
$ mail -s 'Test' you@example.com < /tmp/test
# tail -f /var/log/maillog
# rm /tmp/test

TwitterFacebookGoogle+PDF versionFound an error/typo on this page? Help us!

{ 27 comments… read them below or add one }

1 Rambilas Varma March 13, 2009 at 10:20 am

Hi,

I tried the configuration but getting the following error log

Mar 13 19:18:01 adrgw2 postfix/master[32202]: warning: process /usr/lib/postfix/smtp pid 32210 exit status 1
Mar 13 19:18:01 adrgw2 postfix/error[32213]: 489A714666E: to=, relay=none, delay=3.8, delays=2.7/1/0/0.02, dsn=4.3.0, status=deferred (unknown mail transport error)
Mar 13 19:18:01 adrgw2 postfix/error[32211]: D51FA14666D: to=, relay=none, delay=38, delays=37/1/0/0.03, dsn=4.3.0, status=deferred (unknown mail transport error)
Mar 13 19:18:02 adrgw2 postfix/pickup[32206]: 1B22F14666F: uid=0 from=
Mar 13 19:18:02 adrgw2 postfix/cleanup[32220]: 1B22F14666F: message-id=
Mar 13 19:18:02 adrgw2 postfix/qmgr[32207]: 1B22F14666F: from=, size=298, nrcpt=1 (queue active)
Mar 13 19:18:02 adrgw2 postfix/error[32213]: 1B22F14666F: to=, relay=none, delay=0.03, delays=0.02/0/0/0.01, dsn=4.3.0, status=deferred (unknown mail transport error)

Reply

2 John MIHIGO March 13, 2009 at 11:23 am

this site is technicaly helpful.

Reply

3 we3cares March 13, 2009 at 7:03 pm

Vivek,

I have no other words than praising you. :) I am very glad that you are from India :)

This is the 3rd or 4th comment by me on your site.

Keep Rocking dude.. :)

Reply

4 nixCraft March 13, 2009 at 7:05 pm

we3cares,

Thanks for feedback!

Reply

5 Sureshkumar March 18, 2009 at 1:28 pm

How can I add multiple users in the /etc/postfix/password……..?
I was tried like these
[smtp.gmail.com]:587 test@gmail.com:test
[smtp.gmail.com]:587 linux@gmail.com:linux
…… So on
But it was not accept those patter……
Can you please help me how can i add multiple users…..are waiting for reply?
Please scrap me or mail me this is my email id: krisuresh001@gmail.com

Reply

6 nixCraft March 18, 2009 at 1:34 pm
7 Jon Tranter March 25, 2009 at 8:03 pm

Thank you for taking the time to write the tutorial, I had tried everything else with no luck – but this worked!!

Thanks

Reply

8 Dhiraj Kumar May 13, 2009 at 4:33 pm

I need help in setting up a postfix server. I am getting a lot of Yahoo 421 errors. Please email me on dchatpar@gmail.com or call me on 9004642799

Reply

9 Mike July 29, 2009 at 1:36 pm

Hi. Thanks for the site – very helpful! I am having a problem, however: mail leaves my Linux box but keeps getting rejected by the ISP. I did a TCPDUMP on it and here’s what I see:

Sorry,.that.domain.isn’t.in.my.list.of.allowed.rcpthosts…503.You.must.send.RCPT.TO:.first..

I’ve tried every setting I can think of in main.cf. Can you please offer advice?

Thanks

Mike

Reply

10 MRX May 24, 2010 at 8:59 pm

it doesn’t work. if you try to send mail to example@mydomain.com where mydomain.com is hosted on the same server via dns server, but zone file points to internal MX servers for example if you using google apps. so it tryes to put the mail on same server via local transport because IP is one, because it is THE SAME SERVER. so this issue totally not actual sometimes.

Reply

11 lolo October 7, 2010 at 8:44 am

nice how to but i have to solve this thing too:

=4.7.0, status=deferred (SASL authentication failed; cannot authenticate to server smtp.isp.com [xx.xx.xx.xx]: no mechanism available)

Reply

12 yakup December 21, 2010 at 3:38 am

Excellent tutorial. I searched high and low for something like this. Thank you very much.

yakup

Reply

13 Itamar December 19, 2011 at 5:18 am

=4.7.0, status=deferred (SASL authentication failed; cannot authenticate to server smtp.isp.com [xx.xx.xx.xx]: no mechanism available)

I have fixed this installing cyrus-sasl-plain in my centos.

Reply

14 Volkan April 27, 2013 at 4:20 pm

Saved my day. Thank you

Reply

15 Michael Cram August 19, 2013 at 5:03 pm

That did the trick! Thanks for the tip on installing cyrus-sasl-plain!!!!!!

Reply

16 Ken September 18, 2013 at 6:56 am

Saved mine too! Thanks for actually posting the fix!

Reply

17 sushil October 2, 2014 at 2:42 am

@ itamar … awsome bro , your comment saved me !!

Reply

18 Maya T February 10, 2012 at 5:36 am

[Soleved] cannot authenticate to server / no mechanism available

Have a fix if you are still having SASL errors, check that all the modules are loaded. For me on CentOS:

yum install cyrus-sasl cyrus-sasl-lib cyrus-sasl-plain

Feb 9 22:04:14 localhost postfix/smtp[3226]: 87EEAC7D1A: to=, relay=smtp.isp.net[1.2.3.4]:587, delay=2.7, delays=0.18/0.2/2.4/0, dsn=4.7.0, status=deferred (SASL authentication failed; cannot authenticate to server smtp.isp.net[1.2.3.4]: no mechanism available)

Reply

19 johan May 14, 2012 at 1:36 pm

what if you don’t need authentication i get this even though the server does not need authentication.
relay=smtp.mweb.co.za[196.28.80.20]:25, delay=0.68, delays=0.19/0.02/0.35/0.12, dsn=5.0.0, status=bounced (host smtp.mweb.co.za[196.28.80.20] said: 550-Verification failed for 550-Unrouteable address 550 Sender address rejected: Sending user unknown (in reply to RCPT TO command))

Reply

20 chittu January 17, 2013 at 7:57 pm

Hi Vivek,

Postfix is installed default on my RHEL 6.2 system. I am able to send mail to gmail, yahoo. But when I try to send mail to my office mail ID. it is not working. Do I need to do anything on server side.

Seeing the following error in logs..

status=sent (250 Message Queued (Timeout Verifying RCPTs);

Thanks,
Chittu

Reply

21 michel February 12, 2014 at 4:35 pm

i have postfix installed on centos 6.4. but i can’t receive email from yahoo or more. postfix status=bounced said: 550 5.0.0 … User unknown (in reply to RCPT TO command) is the error. Please help me

Reply

22 Bob Todd March 13, 2013 at 8:57 pm

Hi,
I searched for a long time until I could find out how to run mail from a cmd line and connect to a remote mail system (google) using authentication.

It is almost working, but not quite. Looks like I need to start tls first. Could you tell me how to reconfigure for that.

here are the logs:

Mar 13 15:55:59 todd-GX270 postfix/pickup[12891]: A88FD2AE859: uid=1000 from=
Mar 13 15:55:59 todd-GX270 postfix/cleanup[12912]: A88FD2AE859: message-id=
Mar 13 15:55:59 todd-GX270 postfix/qmgr[12892]: A88FD2AE859: from=, size=345, nrcpt=1 (queue active)
Mar 13 15:55:59 todd-GX270 postfix/smtp[12909]: connect to smtp.gmail.com[2607:f8b0:400d:c00::6c]:587: Network is unreachable
Mar 13 15:56:00 todd-GX270 postfix/smtp[12909]: A88FD2AE859: to=, relay=smtp.gmail.com[74.125.142.109]:587, delay=0.65, delays=0.14/0/0.43/0.08, dsn=5.7.0, status=bounced (host smtp.gmail.com[74.125.142.109] said: 530 5.7.0 Must issue a STARTTLS command first. ur12sm5012056igb.8 - gsmtp (in reply to MAIL FROM command))
Mar 13 15:56:00 todd-GX270 postfix/cleanup[12913]: 64D032AE85B: message-id=
Mar 13 15:56:00 todd-GX270 postfix/bounce[12910]: A88FD2AE859: sender non-delivery notification: 64D032AE85B
Mar 13 15:56:00 todd-GX270 postfix/qmgr[12892]: 64D032AE85B: from=, size=2248, nrcpt=1 (queue active)
Mar 13 15:56:00 todd-GX270 postfix/qmgr[12892]: A88FD2AE859: removed
Mar 13 15:56:01 todd-GX270 postfix/smtp[12908]: 64D032AE85B: to=, relay=smtp.gmail.com[74.125.142.109]:587, delay=0.57, delays=0.08/0/0.41/0.08, dsn=5.7.0, status=bounced (host smtp.gmail.com[74.125.142.109] said: 530 5.7.0 Must issue a STARTTLS command first. uy13sm5015581igb.7 - gsmtp (in reply to MAIL FROM command))
Mar 13 15:56:01 todd-GX270 postfix/qmgr[12892]: 64D032AE85B: removed

Reply

23 Bob Todd March 13, 2013 at 9:29 pm

Hi again,
Oops – just realized I specified port 587 which uses TLS which requires certificates which is way more complex than I need.

I tried using (specifying) port 465 which postfix said was unimplemented.. and to use TLS. I defulated back to no port, but the connection just times out.
Any suggestions??
Here is my log showing my port 465 attemp followed by no port specified.. and 25 gets used…

Mar 13 16:21:44 todd-GX270 postfix/master[14620]: daemon started -- version 2.9.6, configuration /etc/postfix
Mar 13 16:21:44 todd-GX270 postfix/qmgr[14625]: F0F732AE82C: from=, size=344, nrcpt=1 (queue active)
Mar 13 16:21:44 todd-GX270 postfix/qmgr[14625]: 62F252AE84F: from=, size=347, nrcpt=1 (queue active)
Mar 13 16:21:44 todd-GX270 postfix/qmgr[14625]: 0488B2AE859: from=, size=345, nrcpt=1 (queue active)
Mar 13 16:21:44 todd-GX270 postfix/qmgr[14625]: 83DAC2AE84E: from=, size=345, nrcpt=1 (queue active)
Mar 13 16:21:44 todd-GX270 postfix/smtp[14627]: CLIENT wrappermode (port smtps/465) is unimplemented
Mar 13 16:21:44 todd-GX270 postfix/smtp[14627]: instead, send to (port submission/587) with STARTTLS
Mar 13 16:21:44 todd-GX270 postfix/smtp[14628]: CLIENT wrappermode (port smtps/465) is unimplemented
Mar 13 16:21:44 todd-GX270 postfix/smtp[14628]: instead, send to (port submission/587) with STARTTLS
Mar 13 16:21:44 todd-GX270 postfix/smtp[14629]: CLIENT wrappermode (port smtps/465) is unimplemented
Mar 13 16:21:44 todd-GX270 postfix/smtp[14629]: instead, send to (port submission/587) with STARTTLS
Mar 13 16:21:44 todd-GX270 postfix/smtp[14630]: CLIENT wrappermode (port smtps/465) is unimplemented
Mar 13 16:21:44 todd-GX270 postfix/smtp[14630]: instead, send to (port submission/587) with STARTTLS
Mar 13 16:21:44 todd-GX270 postfix/smtp[14629]: connect to smtp.gmail.com[2607:f8b0:400d:c00::6d]:465: Network is unreachable
Mar 13 16:22:41 todd-GX270 postfix/master[14620]: terminating on signal 15
Mar 13 16:24:11 todd-GX270 postfix/master[14945]: daemon started -- version 2.9.6, configuration /etc/postfix
Mar 13 16:24:11 todd-GX270 postfix/qmgr[14950]: F0F732AE82C: from=, size=344, nrcpt=1 (queue active)
Mar 13 16:24:11 todd-GX270 postfix/qmgr[14950]: 62F252AE84F: from=, size=347, nrcpt=1 (queue active)
Mar 13 16:24:11 todd-GX270 postfix/qmgr[14950]: 0488B2AE859: from=, size=345, nrcpt=1 (queue active)
Mar 13 16:24:11 todd-GX270 postfix/qmgr[14950]: 83DAC2AE84E: from=, size=345, nrcpt=1 (queue active)
Mar 13 16:24:12 todd-GX270 postfix/smtp[14952]: connect to smtp.gmail.com[2607:f8b0:400d:c00::6d]:25: Network is unreachable
Mar 13 16:24:12 todd-GX270 postfix/smtp[14954]: connect to smtp.gmail.com[2607:f8b0:400d:c00::6d]:25: Network is unreachable
Mar 13 16:24:12 todd-GX270 postfix/smtp[14955]: connect to smtp.gmail.com[2607:f8b0:400d:c00::6d]:25: Network is unreachable
Mar 13 16:24:13 todd-GX270 postfix/smtp[14953]: connect to smtp.gmail.com[2607:f8b0:400d:c00::6d]:25: Network is unreachable
Mar 13 16:24:42 todd-GX270 postfix/smtp[14952]: connect to smtp.gmail.com[74.125.142.108]:25: Connection timed out
Mar 13 16:24:42 todd-GX270 postfix/smtp[14954]: connect to smtp.gmail.com[74.125.142.109]:25: Connection timed out
Mar 13 16:24:42 todd-GX270 postfix/smtp[14955]: connect to smtp.gmail.com[74.125.142.109]:25: Connection timed out
Mar 13 16:24:43 todd-GX270 postfix/smtp[14953]: connect to smtp.gmail.com[74.125.142.108]:25: Connection timed out
Mar 13 16:25:12 todd-GX270 postfix/smtp[14952]: connect to smtp.gmail.com[74.125.142.109]:25: Connection timed out
Mar 13 16:25:12 todd-GX270 postfix/smtp[14954]: connect to smtp.gmail.com[74.125.142.108]:25: Connection timed out
Mar 13 16:25:12 todd-GX270 postfix/smtp[14955]: connect to smtp.gmail.com[74.125.142.108]:25: Connection timed out
Mar 13 16:25:12 todd-GX270 postfix/smtp[14952]: F0F732AE82C: to=, relay=none, delay=95588, delays=95528/0.08/60/0, dsn=4.4.1, status=deferred (connect to smtp.gmail.com[74.125.142.109]:25: Connection timed out)
Mar 13 16:25:12 todd-GX270 postfix/smtp[14954]: 0488B2AE859: to=, relay=none, delay=810, delays=749/0.14/60/0, dsn=4.4.1, status=deferred (connect to smtp.gmail.com[74.125.142.108]:25: Connection timed out)
Mar 13 16:25:12 todd-GX270 postfix/smtp[14955]: 83DAC2AE84E: to=, relay=none, delay=653, delays=593/0.14/60/0, dsn=4.4.1, status=deferred (connect to smtp.gmail.com[74.125.142.108]:25: Connection timed out)
Mar 13 16:25:13 todd-GX270 postfix/smtp[14953]: connect to smtp.gmail.com[74.125.142.109]:25: Connection timed out
Mar 13 16:25:13 todd-GX270 postfix/smtp[14953]: 62F252AE84F: to=, relay=none, delay=7338, delays=7277/0.12/61/0, dsn=4.4.1, status=deferred (connect to smtp.gmail.com[74.125.142.109]:25: Connection timed out)

thanks
Bob

Reply

24 System June 28, 2013 at 4:29 am

Hi ,

i have configured tls in postfix as relay host , but while sending mails using openssl i am getting below error , i am not sure this error related to my postfix error or client side relay server issue .

test.mail.com postfix/smtp[56450]: DD26420E05: to=, relay=smtp.postfix.com.com[10.3.41.12]:587, delay=24, delays=21/0.05/2.1/0.25, dsn=4.7.0, status=deferred (host smtp.postfix.com.com[10.3.41.12] said: 403 4.7.0 Authentication required (in reply to MAIL FROM command))

Reply

25 jay January 14, 2014 at 5:57 pm

that does not answer the question. the poster asked how to support multiple accounts on the SAME mailserver.

Reply

26 Nix Craft January 14, 2014 at 6:39 pm
27 Dale September 29, 2014 at 6:22 pm

This isn’t working for me.

I have systems users, they need to be able to auth as plain or login, no ssl/tls, no mysql surely someone has made a simple configuration that work.

Please give me a plug and play solution, if you try to teach me why it doesn’t work we will go no where as I need it up immediatley, can learn after it’s working from the working solution.

Reply

Leave a Comment

Tagged as: , , , , , , , , , , , , , , , ,

Previous Faq:

Next Faq: