≡ Menu

Postfix Configure Client SMTP Authentication ( Smarthost Authentication )

My ISP requires that mail from my dynamic IP to our small business email addresses uses their outgoing SMTP servers. This is probably done to reduce abuse and spam but now I'm not able to send email and local Postfix log file displays authentication failure message. How do I relay mail through my mail ISP servers using Postfix SMTP under Linux / UNIX like operating systems?

Postfix has a method of authentication using SASL. It can use a text file or MySQL table as a special password database.

Configure SMTP AUTH for mail servers

Create a text file as follows:
# P=/etc/postfix/password
# vi $P

The format of the client password file is as follows:

#smtp.isp.com       username:password
smtp.vsnl.in         vivek@vsnl.in:mySecretePassword

Save and close the file. Set permissions:
# chown root:root $P
# chmod 0600 $P
# postmap hash:$P

Enable SMTP AUTH

Open main.cf file, enter:
# vi /etc/postfix/main.cf
Append following config directives:

 relayhost = smtp.vsnl.in
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/password
smtp_sasl_security_options =

Where,

  • relayhost = smtp.vsnl.in : Rely all mail via smtp.vsnl.in ISP mail server.
  • smtp_sasl_auth_enable = yes : Cyrus-SASL support for authentication of mail servers.
  • smtp_sasl_password_maps = hash:/etc/postfix/password : Set path to sasl_passwd.
  • smtp_sasl_security_options = : Finally, allow Postfix to use anonymous and plaintext authentication by leaving it empty.

Save and close the file. Restart Postfix:
# /etc/init.d/postfix reload
Test your setup by sending a text email:
$ echo 'This is a test.' > /tmp/test
$ mail -s 'Test' you@example.com < /tmp/test # tail -f /var/log/maillog # rm /tmp/test

Tweet itFacebook itGoogle+ itPDF itFound an error/typo on this page?

{ 29 comments… add one }

  • Rambilas Varma March 13, 2009, 10:20 am

    Hi,

    I tried the configuration but getting the following error log

    Mar 13 19:18:01 adrgw2 postfix/master[32202]: warning: process /usr/lib/postfix/smtp pid 32210 exit status 1
    Mar 13 19:18:01 adrgw2 postfix/error[32213]: 489A714666E: to=, relay=none, delay=3.8, delays=2.7/1/0/0.02, dsn=4.3.0, status=deferred (unknown mail transport error)
    Mar 13 19:18:01 adrgw2 postfix/error[32211]: D51FA14666D: to=, relay=none, delay=38, delays=37/1/0/0.03, dsn=4.3.0, status=deferred (unknown mail transport error)
    Mar 13 19:18:02 adrgw2 postfix/pickup[32206]: 1B22F14666F: uid=0 from=
    Mar 13 19:18:02 adrgw2 postfix/cleanup[32220]: 1B22F14666F: message-id=
    Mar 13 19:18:02 adrgw2 postfix/qmgr[32207]: 1B22F14666F: from=, size=298, nrcpt=1 (queue active)
    Mar 13 19:18:02 adrgw2 postfix/error[32213]: 1B22F14666F: to=, relay=none, delay=0.03, delays=0.02/0/0/0.01, dsn=4.3.0, status=deferred (unknown mail transport error)
  • John MIHIGO March 13, 2009, 11:23 am

    this site is technicaly helpful.

  • we3cares March 13, 2009, 7:03 pm

    Vivek,

    I have no other words than praising you. :) I am very glad that you are from India :)

    This is the 3rd or 4th comment by me on your site.

    Keep Rocking dude.. :)

  • nixCraft March 13, 2009, 7:05 pm

    we3cares,

    Thanks for feedback!

  • Sureshkumar March 18, 2009, 1:28 pm

    How can I add multiple users in the /etc/postfix/password……..?
    I was tried like these
    [smtp.gmail.com]:587 test@gmail.com:test
    [smtp.gmail.com]:587 linux@gmail.com:linux
    …… So on
    But it was not accept those patter……
    Can you please help me how can i add multiple users…..are waiting for reply?
    Please scrap me or mail me this is my email id: krisuresh001@gmail.com

  • Jon Tranter March 25, 2009, 8:03 pm

    Thank you for taking the time to write the tutorial, I had tried everything else with no luck – but this worked!!

    Thanks

  • Dhiraj Kumar May 13, 2009, 4:33 pm

    I need help in setting up a postfix server. I am getting a lot of Yahoo 421 errors. Please email me on dchatpar@gmail.com or call me on 9004642799

    • Tonny August 16, 2015, 6:13 am

      Dhiraj Kumar –> go to hell.

  • Mike July 29, 2009, 1:36 pm

    Hi. Thanks for the site – very helpful! I am having a problem, however: mail leaves my Linux box but keeps getting rejected by the ISP. I did a TCPDUMP on it and here’s what I see:

    Sorry,.that.domain.isn’t.in.my.list.of.allowed.rcpthosts…503.You.must.send.RCPT.TO:.first..

    I’ve tried every setting I can think of in main.cf. Can you please offer advice?

    Thanks

    Mike

  • MRX May 24, 2010, 8:59 pm

    it doesn’t work. if you try to send mail to example@mydomain.com where mydomain.com is hosted on the same server via dns server, but zone file points to internal MX servers for example if you using google apps. so it tryes to put the mail on same server via local transport because IP is one, because it is THE SAME SERVER. so this issue totally not actual sometimes.

  • lolo October 7, 2010, 8:44 am

    nice how to but i have to solve this thing too:

    =4.7.0, status=deferred (SASL authentication failed; cannot authenticate to server smtp.isp.com [xx.xx.xx.xx]: no mechanism available)

  • yakup December 21, 2010, 3:38 am

    Excellent tutorial. I searched high and low for something like this. Thank you very much.

    yakup

  • Itamar December 19, 2011, 5:18 am

    =4.7.0, status=deferred (SASL authentication failed; cannot authenticate to server smtp.isp.com [xx.xx.xx.xx]: no mechanism available)

    I have fixed this installing cyrus-sasl-plain in my centos.

    • Volkan April 27, 2013, 4:20 pm

      Saved my day. Thank you

    • Michael Cram August 19, 2013, 5:03 pm

      That did the trick! Thanks for the tip on installing cyrus-sasl-plain!!!!!!

    • Ken September 18, 2013, 6:56 am

      Saved mine too! Thanks for actually posting the fix!

    • sushil October 2, 2014, 2:42 am

      @ itamar … awsome bro , your comment saved me !!

  • Maya T February 10, 2012, 5:36 am

    [Soleved] cannot authenticate to server / no mechanism available

    Have a fix if you are still having SASL errors, check that all the modules are loaded. For me on CentOS:

    yum install cyrus-sasl cyrus-sasl-lib cyrus-sasl-plain

    Feb 9 22:04:14 localhost postfix/smtp[3226]: 87EEAC7D1A: to=, relay=smtp.isp.net[1.2.3.4]:587, delay=2.7, delays=0.18/0.2/2.4/0, dsn=4.7.0, status=deferred (SASL authentication failed; cannot authenticate to server smtp.isp.net[1.2.3.4]: no mechanism available)

  • johan May 14, 2012, 1:36 pm

    what if you don’t need authentication i get this even though the server does not need authentication.
    relay=smtp.mweb.co.za[196.28.80.20]:25, delay=0.68, delays=0.19/0.02/0.35/0.12, dsn=5.0.0, status=bounced (host smtp.mweb.co.za[196.28.80.20] said: 550-Verification failed for 550-Unrouteable address 550 Sender address rejected: Sending user unknown (in reply to RCPT TO command))

  • chittu January 17, 2013, 7:57 pm

    Hi Vivek,

    Postfix is installed default on my RHEL 6.2 system. I am able to send mail to gmail, yahoo. But when I try to send mail to my office mail ID. it is not working. Do I need to do anything on server side.

    Seeing the following error in logs..

    status=sent (250 Message Queued (Timeout Verifying RCPTs);

    Thanks,
    Chittu

    • michel February 12, 2014, 4:35 pm

      i have postfix installed on centos 6.4. but i can’t receive email from yahoo or more. postfix status=bounced said: 550 5.0.0 … User unknown (in reply to RCPT TO command) is the error. Please help me

  • Bob Todd March 13, 2013, 8:57 pm

    Hi,
    I searched for a long time until I could find out how to run mail from a cmd line and connect to a remote mail system (google) using authentication.

    It is almost working, but not quite. Looks like I need to start tls first. Could you tell me how to reconfigure for that.

    here are the logs:

    Mar 13 15:55:59 todd-GX270 postfix/pickup[12891]: A88FD2AE859: uid=1000 from=
    Mar 13 15:55:59 todd-GX270 postfix/cleanup[12912]: A88FD2AE859: message-id=
    Mar 13 15:55:59 todd-GX270 postfix/qmgr[12892]: A88FD2AE859: from=, size=345, nrcpt=1 (queue active)
    Mar 13 15:55:59 todd-GX270 postfix/smtp[12909]: connect to smtp.gmail.com[2607:f8b0:400d:c00::6c]:587: Network is unreachable
    Mar 13 15:56:00 todd-GX270 postfix/smtp[12909]: A88FD2AE859: to=, relay=smtp.gmail.com[74.125.142.109]:587, delay=0.65, delays=0.14/0/0.43/0.08, dsn=5.7.0, status=bounced (host smtp.gmail.com[74.125.142.109] said: 530 5.7.0 Must issue a STARTTLS command first. ur12sm5012056igb.8 - gsmtp (in reply to MAIL FROM command))
    Mar 13 15:56:00 todd-GX270 postfix/cleanup[12913]: 64D032AE85B: message-id=
    Mar 13 15:56:00 todd-GX270 postfix/bounce[12910]: A88FD2AE859: sender non-delivery notification: 64D032AE85B
    Mar 13 15:56:00 todd-GX270 postfix/qmgr[12892]: 64D032AE85B: from=, size=2248, nrcpt=1 (queue active)
    Mar 13 15:56:00 todd-GX270 postfix/qmgr[12892]: A88FD2AE859: removed
    Mar 13 15:56:01 todd-GX270 postfix/smtp[12908]: 64D032AE85B: to=, relay=smtp.gmail.com[74.125.142.109]:587, delay=0.57, delays=0.08/0/0.41/0.08, dsn=5.7.0, status=bounced (host smtp.gmail.com[74.125.142.109] said: 530 5.7.0 Must issue a STARTTLS command first. uy13sm5015581igb.7 - gsmtp (in reply to MAIL FROM command))
    Mar 13 15:56:01 todd-GX270 postfix/qmgr[12892]: 64D032AE85B: removed
    
  • Bob Todd March 13, 2013, 9:29 pm

    Hi again,
    Oops – just realized I specified port 587 which uses TLS which requires certificates which is way more complex than I need.

    I tried using (specifying) port 465 which postfix said was unimplemented.. and to use TLS. I defulated back to no port, but the connection just times out.
    Any suggestions??
    Here is my log showing my port 465 attemp followed by no port specified.. and 25 gets used…

    Mar 13 16:21:44 todd-GX270 postfix/master[14620]: daemon started -- version 2.9.6, configuration /etc/postfix
    Mar 13 16:21:44 todd-GX270 postfix/qmgr[14625]: F0F732AE82C: from=, size=344, nrcpt=1 (queue active)
    Mar 13 16:21:44 todd-GX270 postfix/qmgr[14625]: 62F252AE84F: from=, size=347, nrcpt=1 (queue active)
    Mar 13 16:21:44 todd-GX270 postfix/qmgr[14625]: 0488B2AE859: from=, size=345, nrcpt=1 (queue active)
    Mar 13 16:21:44 todd-GX270 postfix/qmgr[14625]: 83DAC2AE84E: from=, size=345, nrcpt=1 (queue active)
    Mar 13 16:21:44 todd-GX270 postfix/smtp[14627]: CLIENT wrappermode (port smtps/465) is unimplemented
    Mar 13 16:21:44 todd-GX270 postfix/smtp[14627]: instead, send to (port submission/587) with STARTTLS
    Mar 13 16:21:44 todd-GX270 postfix/smtp[14628]: CLIENT wrappermode (port smtps/465) is unimplemented
    Mar 13 16:21:44 todd-GX270 postfix/smtp[14628]: instead, send to (port submission/587) with STARTTLS
    Mar 13 16:21:44 todd-GX270 postfix/smtp[14629]: CLIENT wrappermode (port smtps/465) is unimplemented
    Mar 13 16:21:44 todd-GX270 postfix/smtp[14629]: instead, send to (port submission/587) with STARTTLS
    Mar 13 16:21:44 todd-GX270 postfix/smtp[14630]: CLIENT wrappermode (port smtps/465) is unimplemented
    Mar 13 16:21:44 todd-GX270 postfix/smtp[14630]: instead, send to (port submission/587) with STARTTLS
    Mar 13 16:21:44 todd-GX270 postfix/smtp[14629]: connect to smtp.gmail.com[2607:f8b0:400d:c00::6d]:465: Network is unreachable
    Mar 13 16:22:41 todd-GX270 postfix/master[14620]: terminating on signal 15
    Mar 13 16:24:11 todd-GX270 postfix/master[14945]: daemon started -- version 2.9.6, configuration /etc/postfix
    Mar 13 16:24:11 todd-GX270 postfix/qmgr[14950]: F0F732AE82C: from=, size=344, nrcpt=1 (queue active)
    Mar 13 16:24:11 todd-GX270 postfix/qmgr[14950]: 62F252AE84F: from=, size=347, nrcpt=1 (queue active)
    Mar 13 16:24:11 todd-GX270 postfix/qmgr[14950]: 0488B2AE859: from=, size=345, nrcpt=1 (queue active)
    Mar 13 16:24:11 todd-GX270 postfix/qmgr[14950]: 83DAC2AE84E: from=, size=345, nrcpt=1 (queue active)
    Mar 13 16:24:12 todd-GX270 postfix/smtp[14952]: connect to smtp.gmail.com[2607:f8b0:400d:c00::6d]:25: Network is unreachable
    Mar 13 16:24:12 todd-GX270 postfix/smtp[14954]: connect to smtp.gmail.com[2607:f8b0:400d:c00::6d]:25: Network is unreachable
    Mar 13 16:24:12 todd-GX270 postfix/smtp[14955]: connect to smtp.gmail.com[2607:f8b0:400d:c00::6d]:25: Network is unreachable
    Mar 13 16:24:13 todd-GX270 postfix/smtp[14953]: connect to smtp.gmail.com[2607:f8b0:400d:c00::6d]:25: Network is unreachable
    Mar 13 16:24:42 todd-GX270 postfix/smtp[14952]: connect to smtp.gmail.com[74.125.142.108]:25: Connection timed out
    Mar 13 16:24:42 todd-GX270 postfix/smtp[14954]: connect to smtp.gmail.com[74.125.142.109]:25: Connection timed out
    Mar 13 16:24:42 todd-GX270 postfix/smtp[14955]: connect to smtp.gmail.com[74.125.142.109]:25: Connection timed out
    Mar 13 16:24:43 todd-GX270 postfix/smtp[14953]: connect to smtp.gmail.com[74.125.142.108]:25: Connection timed out
    Mar 13 16:25:12 todd-GX270 postfix/smtp[14952]: connect to smtp.gmail.com[74.125.142.109]:25: Connection timed out
    Mar 13 16:25:12 todd-GX270 postfix/smtp[14954]: connect to smtp.gmail.com[74.125.142.108]:25: Connection timed out
    Mar 13 16:25:12 todd-GX270 postfix/smtp[14955]: connect to smtp.gmail.com[74.125.142.108]:25: Connection timed out
    Mar 13 16:25:12 todd-GX270 postfix/smtp[14952]: F0F732AE82C: to=, relay=none, delay=95588, delays=95528/0.08/60/0, dsn=4.4.1, status=deferred (connect to smtp.gmail.com[74.125.142.109]:25: Connection timed out)
    Mar 13 16:25:12 todd-GX270 postfix/smtp[14954]: 0488B2AE859: to=, relay=none, delay=810, delays=749/0.14/60/0, dsn=4.4.1, status=deferred (connect to smtp.gmail.com[74.125.142.108]:25: Connection timed out)
    Mar 13 16:25:12 todd-GX270 postfix/smtp[14955]: 83DAC2AE84E: to=, relay=none, delay=653, delays=593/0.14/60/0, dsn=4.4.1, status=deferred (connect to smtp.gmail.com[74.125.142.108]:25: Connection timed out)
    Mar 13 16:25:13 todd-GX270 postfix/smtp[14953]: connect to smtp.gmail.com[74.125.142.109]:25: Connection timed out
    Mar 13 16:25:13 todd-GX270 postfix/smtp[14953]: 62F252AE84F: to=, relay=none, delay=7338, delays=7277/0.12/61/0, dsn=4.4.1, status=deferred (connect to smtp.gmail.com[74.125.142.109]:25: Connection timed out)
    

    thanks
    Bob

  • System June 28, 2013, 4:29 am

    Hi ,

    i have configured tls in postfix as relay host , but while sending mails using openssl i am getting below error , i am not sure this error related to my postfix error or client side relay server issue .

    test.mail.com postfix/smtp[56450]: DD26420E05: to=, relay=smtp.postfix.com.com[10.3.41.12]:587, delay=24, delays=21/0.05/2.1/0.25, dsn=4.7.0, status=deferred (host smtp.postfix.com.com[10.3.41.12] said: 403 4.7.0 Authentication required (in reply to MAIL FROM command))

  • jay January 14, 2014, 5:57 pm

    that does not answer the question. the poster asked how to support multiple accounts on the SAME mailserver.

  • Dale September 29, 2014, 6:22 pm

    This isn’t working for me.

    I have systems users, they need to be able to auth as plain or login, no ssl/tls, no mysql surely someone has made a simple configuration that work.

    Please give me a plug and play solution, if you try to teach me why it doesn’t work we will go no where as I need it up immediatley, can learn after it’s working from the working solution.

  • Ashish Kumar February 15, 2015, 5:06 pm

    Dear Sir,

    I am facing an issue with IMAP-proxy server.
    as per my findings SMTP is responding to mobile outgoing server.
    we can receive mail on mobiles but unable to sent.
    outlook with the same credentials is working fine, i have restarted postfix,imap,nginx services but problem not resolved.
    may be authentication is working properly between smtp or mobiles.
    please help me on this…

    regards
    ashish

Leave a Comment