Postfix Configure Client SMTP Authentication ( Smarthost Authentication )

Posted on in Categories , , , , , , , , , , , last updated March 12, 2009

My ISP requires that mail from my dynamic IP to our small business email addresses uses their outgoing SMTP servers. This is probably done to reduce abuse and spam but now I’m not able to send email and local Postfix log file displays authentication failure message. How do I relay mail through my mail ISP servers using Postfix SMTP under Linux / UNIX like operating systems?

Postfix has a method of authentication using SASL. It can use a text file or MySQL table as a special password database.

Configure SMTP AUTH for mail servers

Create a text file as follows:
# P=/etc/postfix/password
# vi $P

The format of the client password file is as follows:

#smtp.isp.com       username:password
smtp.vsnl.in         vivek@vsnl.in:mySecretePassword

Save and close the file. Set permissions:
# chown root:root $P
# chmod 0600 $P
# postmap hash:$P

Enable SMTP AUTH

Open main.cf file, enter:
# vi /etc/postfix/main.cf
Append following config directives:

 relayhost = smtp.vsnl.in
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/password
smtp_sasl_security_options =

Where,

  • relayhost = smtp.vsnl.in : Rely all mail via smtp.vsnl.in ISP mail server.
  • smtp_sasl_auth_enable = yes : Cyrus-SASL support for authentication of mail servers.
  • smtp_sasl_password_maps = hash:/etc/postfix/password : Set path to sasl_passwd.
  • smtp_sasl_security_options = : Finally, allow Postfix to use anonymous and plaintext authentication by leaving it empty.

Save and close the file. Restart Postfix:
# /etc/init.d/postfix reload
Test your setup by sending a text email:
$ echo 'This is a test.' > /tmp/test
$ mail -s 'Test' you@example.com < /tmp/test # tail -f /var/log/maillog # rm /tmp/test

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin and a trainer for the Linux operating system/Unix shell scripting. He has worked with global clients and in various industries, including IT, education, defense and space research, and the nonprofit sector. Follow him on Twitter, Facebook, Google+.

29 comment

  1. Hi,

    I tried the configuration but getting the following error log

    Mar 13 19:18:01 adrgw2 postfix/master[32202]: warning: process /usr/lib/postfix/smtp pid 32210 exit status 1
    Mar 13 19:18:01 adrgw2 postfix/error[32213]: 489A714666E: to=, relay=none, delay=3.8, delays=2.7/1/0/0.02, dsn=4.3.0, status=deferred (unknown mail transport error)
    Mar 13 19:18:01 adrgw2 postfix/error[32211]: D51FA14666D: to=, relay=none, delay=38, delays=37/1/0/0.03, dsn=4.3.0, status=deferred (unknown mail transport error)
    Mar 13 19:18:02 adrgw2 postfix/pickup[32206]: 1B22F14666F: uid=0 from=
    Mar 13 19:18:02 adrgw2 postfix/cleanup[32220]: 1B22F14666F: message-id=
    Mar 13 19:18:02 adrgw2 postfix/qmgr[32207]: 1B22F14666F: from=, size=298, nrcpt=1 (queue active)
    Mar 13 19:18:02 adrgw2 postfix/error[32213]: 1B22F14666F: to=, relay=none, delay=0.03, delays=0.02/0/0/0.01, dsn=4.3.0, status=deferred (unknown mail transport error)
  2. Hi. Thanks for the site – very helpful! I am having a problem, however: mail leaves my Linux box but keeps getting rejected by the ISP. I did a TCPDUMP on it and here’s what I see:

    Sorry,.that.domain.isn’t.in.my.list.of.allowed.rcpthosts…503.You.must.send.RCPT.TO:.first..

    I’ve tried every setting I can think of in main.cf. Can you please offer advice?

    Thanks

    Mike

  3. it doesn’t work. if you try to send mail to example@mydomain.com where mydomain.com is hosted on the same server via dns server, but zone file points to internal MX servers for example if you using google apps. so it tryes to put the mail on same server via local transport because IP is one, because it is THE SAME SERVER. so this issue totally not actual sometimes.

  4. nice how to but i have to solve this thing too:

    =4.7.0, status=deferred (SASL authentication failed; cannot authenticate to server smtp.isp.com [xx.xx.xx.xx]: no mechanism available)

  5. =4.7.0, status=deferred (SASL authentication failed; cannot authenticate to server smtp.isp.com [xx.xx.xx.xx]: no mechanism available)

    I have fixed this installing cyrus-sasl-plain in my centos.

  6. [Soleved] cannot authenticate to server / no mechanism available

    Have a fix if you are still having SASL errors, check that all the modules are loaded. For me on CentOS:

    yum install cyrus-sasl cyrus-sasl-lib cyrus-sasl-plain

    Feb 9 22:04:14 localhost postfix/smtp[3226]: 87EEAC7D1A: to=, relay=smtp.isp.net[1.2.3.4]:587, delay=2.7, delays=0.18/0.2/2.4/0, dsn=4.7.0, status=deferred (SASL authentication failed; cannot authenticate to server smtp.isp.net[1.2.3.4]: no mechanism available)

  7. what if you don’t need authentication i get this even though the server does not need authentication.
    relay=smtp.mweb.co.za[196.28.80.20]:25, delay=0.68, delays=0.19/0.02/0.35/0.12, dsn=5.0.0, status=bounced (host smtp.mweb.co.za[196.28.80.20] said: 550-Verification failed for 550-Unrouteable address 550 Sender address rejected: Sending user unknown (in reply to RCPT TO command))

  8. Hi Vivek,

    Postfix is installed default on my RHEL 6.2 system. I am able to send mail to gmail, yahoo. But when I try to send mail to my office mail ID. it is not working. Do I need to do anything on server side.

    Seeing the following error in logs..

    status=sent (250 Message Queued (Timeout Verifying RCPTs);

    Thanks,
    Chittu

    1. i have postfix installed on centos 6.4. but i can’t receive email from yahoo or more. postfix status=bounced said: 550 5.0.0 … User unknown (in reply to RCPT TO command) is the error. Please help me

  9. Hi,
    I searched for a long time until I could find out how to run mail from a cmd line and connect to a remote mail system (google) using authentication.

    It is almost working, but not quite. Looks like I need to start tls first. Could you tell me how to reconfigure for that.

    here are the logs:

    Mar 13 15:55:59 todd-GX270 postfix/pickup[12891]: A88FD2AE859: uid=1000 from=
    Mar 13 15:55:59 todd-GX270 postfix/cleanup[12912]: A88FD2AE859: message-id=
    Mar 13 15:55:59 todd-GX270 postfix/qmgr[12892]: A88FD2AE859: from=, size=345, nrcpt=1 (queue active)
    Mar 13 15:55:59 todd-GX270 postfix/smtp[12909]: connect to smtp.gmail.com[2607:f8b0:400d:c00::6c]:587: Network is unreachable
    Mar 13 15:56:00 todd-GX270 postfix/smtp[12909]: A88FD2AE859: to=, relay=smtp.gmail.com[74.125.142.109]:587, delay=0.65, delays=0.14/0/0.43/0.08, dsn=5.7.0, status=bounced (host smtp.gmail.com[74.125.142.109] said: 530 5.7.0 Must issue a STARTTLS command first. ur12sm5012056igb.8 - gsmtp (in reply to MAIL FROM command))
    Mar 13 15:56:00 todd-GX270 postfix/cleanup[12913]: 64D032AE85B: message-id=
    Mar 13 15:56:00 todd-GX270 postfix/bounce[12910]: A88FD2AE859: sender non-delivery notification: 64D032AE85B
    Mar 13 15:56:00 todd-GX270 postfix/qmgr[12892]: 64D032AE85B: from=, size=2248, nrcpt=1 (queue active)
    Mar 13 15:56:00 todd-GX270 postfix/qmgr[12892]: A88FD2AE859: removed
    Mar 13 15:56:01 todd-GX270 postfix/smtp[12908]: 64D032AE85B: to=, relay=smtp.gmail.com[74.125.142.109]:587, delay=0.57, delays=0.08/0/0.41/0.08, dsn=5.7.0, status=bounced (host smtp.gmail.com[74.125.142.109] said: 530 5.7.0 Must issue a STARTTLS command first. uy13sm5015581igb.7 - gsmtp (in reply to MAIL FROM command))
    Mar 13 15:56:01 todd-GX270 postfix/qmgr[12892]: 64D032AE85B: removed
    
  10. Hi again,
    Oops – just realized I specified port 587 which uses TLS which requires certificates which is way more complex than I need.

    I tried using (specifying) port 465 which postfix said was unimplemented.. and to use TLS. I defulated back to no port, but the connection just times out.
    Any suggestions??
    Here is my log showing my port 465 attemp followed by no port specified.. and 25 gets used…

    Mar 13 16:21:44 todd-GX270 postfix/master[14620]: daemon started -- version 2.9.6, configuration /etc/postfix
    Mar 13 16:21:44 todd-GX270 postfix/qmgr[14625]: F0F732AE82C: from=, size=344, nrcpt=1 (queue active)
    Mar 13 16:21:44 todd-GX270 postfix/qmgr[14625]: 62F252AE84F: from=, size=347, nrcpt=1 (queue active)
    Mar 13 16:21:44 todd-GX270 postfix/qmgr[14625]: 0488B2AE859: from=, size=345, nrcpt=1 (queue active)
    Mar 13 16:21:44 todd-GX270 postfix/qmgr[14625]: 83DAC2AE84E: from=, size=345, nrcpt=1 (queue active)
    Mar 13 16:21:44 todd-GX270 postfix/smtp[14627]: CLIENT wrappermode (port smtps/465) is unimplemented
    Mar 13 16:21:44 todd-GX270 postfix/smtp[14627]: instead, send to (port submission/587) with STARTTLS
    Mar 13 16:21:44 todd-GX270 postfix/smtp[14628]: CLIENT wrappermode (port smtps/465) is unimplemented
    Mar 13 16:21:44 todd-GX270 postfix/smtp[14628]: instead, send to (port submission/587) with STARTTLS
    Mar 13 16:21:44 todd-GX270 postfix/smtp[14629]: CLIENT wrappermode (port smtps/465) is unimplemented
    Mar 13 16:21:44 todd-GX270 postfix/smtp[14629]: instead, send to (port submission/587) with STARTTLS
    Mar 13 16:21:44 todd-GX270 postfix/smtp[14630]: CLIENT wrappermode (port smtps/465) is unimplemented
    Mar 13 16:21:44 todd-GX270 postfix/smtp[14630]: instead, send to (port submission/587) with STARTTLS
    Mar 13 16:21:44 todd-GX270 postfix/smtp[14629]: connect to smtp.gmail.com[2607:f8b0:400d:c00::6d]:465: Network is unreachable
    
    
    
    Mar 13 16:22:41 todd-GX270 postfix/master[14620]: terminating on signal 15
    Mar 13 16:24:11 todd-GX270 postfix/master[14945]: daemon started -- version 2.9.6, configuration /etc/postfix
    Mar 13 16:24:11 todd-GX270 postfix/qmgr[14950]: F0F732AE82C: from=, size=344, nrcpt=1 (queue active)
    Mar 13 16:24:11 todd-GX270 postfix/qmgr[14950]: 62F252AE84F: from=, size=347, nrcpt=1 (queue active)
    Mar 13 16:24:11 todd-GX270 postfix/qmgr[14950]: 0488B2AE859: from=, size=345, nrcpt=1 (queue active)
    Mar 13 16:24:11 todd-GX270 postfix/qmgr[14950]: 83DAC2AE84E: from=, size=345, nrcpt=1 (queue active)
    Mar 13 16:24:12 todd-GX270 postfix/smtp[14952]: connect to smtp.gmail.com[2607:f8b0:400d:c00::6d]:25: Network is unreachable
    Mar 13 16:24:12 todd-GX270 postfix/smtp[14954]: connect to smtp.gmail.com[2607:f8b0:400d:c00::6d]:25: Network is unreachable
    Mar 13 16:24:12 todd-GX270 postfix/smtp[14955]: connect to smtp.gmail.com[2607:f8b0:400d:c00::6d]:25: Network is unreachable
    Mar 13 16:24:13 todd-GX270 postfix/smtp[14953]: connect to smtp.gmail.com[2607:f8b0:400d:c00::6d]:25: Network is unreachable
    Mar 13 16:24:42 todd-GX270 postfix/smtp[14952]: connect to smtp.gmail.com[74.125.142.108]:25: Connection timed out
    Mar 13 16:24:42 todd-GX270 postfix/smtp[14954]: connect to smtp.gmail.com[74.125.142.109]:25: Connection timed out
    Mar 13 16:24:42 todd-GX270 postfix/smtp[14955]: connect to smtp.gmail.com[74.125.142.109]:25: Connection timed out
    Mar 13 16:24:43 todd-GX270 postfix/smtp[14953]: connect to smtp.gmail.com[74.125.142.108]:25: Connection timed out
    Mar 13 16:25:12 todd-GX270 postfix/smtp[14952]: connect to smtp.gmail.com[74.125.142.109]:25: Connection timed out
    Mar 13 16:25:12 todd-GX270 postfix/smtp[14954]: connect to smtp.gmail.com[74.125.142.108]:25: Connection timed out
    Mar 13 16:25:12 todd-GX270 postfix/smtp[14955]: connect to smtp.gmail.com[74.125.142.108]:25: Connection timed out
    Mar 13 16:25:12 todd-GX270 postfix/smtp[14952]: F0F732AE82C: to=, relay=none, delay=95588, delays=95528/0.08/60/0, dsn=4.4.1, status=deferred (connect to smtp.gmail.com[74.125.142.109]:25: Connection timed out)
    Mar 13 16:25:12 todd-GX270 postfix/smtp[14954]: 0488B2AE859: to=, relay=none, delay=810, delays=749/0.14/60/0, dsn=4.4.1, status=deferred (connect to smtp.gmail.com[74.125.142.108]:25: Connection timed out)
    Mar 13 16:25:12 todd-GX270 postfix/smtp[14955]: 83DAC2AE84E: to=, relay=none, delay=653, delays=593/0.14/60/0, dsn=4.4.1, status=deferred (connect to smtp.gmail.com[74.125.142.108]:25: Connection timed out)
    Mar 13 16:25:13 todd-GX270 postfix/smtp[14953]: connect to smtp.gmail.com[74.125.142.109]:25: Connection timed out
    Mar 13 16:25:13 todd-GX270 postfix/smtp[14953]: 62F252AE84F: to=, relay=none, delay=7338, delays=7277/0.12/61/0, dsn=4.4.1, status=deferred (connect to smtp.gmail.com[74.125.142.109]:25: Connection timed out)
    

    thanks
    Bob

  11. Hi ,

    i have configured tls in postfix as relay host , but while sending mails using openssl i am getting below error , i am not sure this error related to my postfix error or client side relay server issue .

    test.mail.com postfix/smtp[56450]: DD26420E05: to=, relay=smtp.postfix.com.com[10.3.41.12]:587, delay=24, delays=21/0.05/2.1/0.25, dsn=4.7.0, status=deferred (host smtp.postfix.com.com[10.3.41.12] said: 403 4.7.0 Authentication required (in reply to MAIL FROM command))

  12. This isn’t working for me.

    I have systems users, they need to be able to auth as plain or login, no ssl/tls, no mysql surely someone has made a simple configuration that work.

    Please give me a plug and play solution, if you try to teach me why it doesn’t work we will go no where as I need it up immediatley, can learn after it’s working from the working solution.

  13. Dear Sir,

    I am facing an issue with IMAP-proxy server.
    as per my findings SMTP is responding to mobile outgoing server.
    we can receive mail on mobiles but unable to sent.
    outlook with the same credentials is working fine, i have restarted postfix,imap,nginx services but problem not resolved.
    may be authentication is working properly between smtp or mobiles.
    please help me on this…

    regards
    ashish

Leave a Comment