You may want your Postfix server to relay through other servers that require SMTP authentication. In addition to requiring passwords on your own server, you can configure Postfix to provide login names and passwords when relaying mail through other SMTP servers.
You have to provide Postfix with a password file that contains the credentials it should use when authenticating to other servers. Entries in the password file contain a domain or hostname, username, and password in the form: domain username:password. For the domain or hostname, Postfix first checks for the destination domain from the recipient address. If it doesn't find the domain, it then checks for the hostname it is connecting to. This allows Postfix to work easily with sites that have multiple MX hosts that share the same user database. Use smtp_sasl_password_maps parameter to specify where your password file is.
The client smtp_sasl_security_options parameter works just like server smtpd_sasl_security_options (discussed earlier in the chapter) for the SMTP servers. If you don't specify any options, the default allows all available mechanisms including plaintext but not anonymous logins.
12.5.1 Procedure to Enable SMTP Client Authentication
Use the following steps to configure Postfix to provide a login and password when relaying mail. In this example, you'll set up two different passwords for Postfix to authenticate when relaying through any server for the domain ora.com and through a host called mail.postfix.org:
ora.com kdent:Rumpelstiltskin mail.postfix.org kyle:quixote
# postmap /etc/postfix/sasl_passwd
smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
# postfix reload
Now, when the Postfix SMTP client attempts to relay messages through any of the domains or hosts listed in /etc/postfix/sasl_passwd, it will offer the corresponding authentication credentials. For example, if your Postfix smtp client connects to the server mail.ora.com, it authenticates with the username kdent and the password Rumpelstiltskin.