SMTP Client Authentication

You may want your Postfix server to relay through other servers that require SMTP authentication. In addition to requiring passwords on your own server, you can configure Postfix to provide login names and passwords when relaying mail through other SMTP servers.

You have to provide Postfix with a password file that contains the credentials it should use when authenticating to other servers. Entries in the password file contain a domain or hostname, username, and password in the form: domain username:password. For the domain or hostname, Postfix first checks for the destination domain from the recipient address. If it doesn't find the domain, it then checks for the hostname it is connecting to. This allows Postfix to work easily with sites that have multiple MX hosts that share the same user database. Use smtp_sasl_password_maps parameter to specify where your password file is.

The client smtp_sasl_security_options parameter works just like server smtpd_sasl_security_options (discussed earlier in the chapter) for the SMTP servers. If you don't specify any options, the default allows all available mechanisms including plaintext but not anonymous logins.

12.5.1 Procedure to Enable SMTP Client Authentication

Use the following steps to configure Postfix to provide a login and password when relaying mail. In this example, you'll set up two different passwords for Postfix to authenticate when relaying through any server for the domain and through a host called

  1. Create a file called /etc/postfix/sasl_passwd with entries for each host, login, and password combination you need. Your file should resemble the following: kdent:Rumpelstiltskin kyle:quixote
  2. Execute postmap on the file:

    # postmap /etc/postfix/sasl_passwd
  3. Edit to turn on client authentication. Notice that you are now setting smtp_sasl_auth_enable instead of smtpd_sasl_auth_enable as you did to turn on authentication at the server. You must also set smtp_sasl_password_maps to point to the password file you created:

    smtp_sasl_auth_enable = yes
    smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
  4. Reload Postfix so that it recognizes the changes in its configuration file:

    # postfix reload

Now, when the Postfix SMTP client attempts to relay messages through any of the domains or hosts listed in /etc/postfix/sasl_passwd, it will offer the corresponding authentication credentials. For example, if your Postfix smtp client connects to the server, it authenticates with the username kdent and the password Rumpelstiltskin.



Postfix Architecture

General Configuration and Administration

Queue Management

Email and DNS

Local Delivery and POP/IMAP

Hosting Multiple Domains

Mail Relaying

Mailing Lists

Blocking Unsolicited Bulk Email

SASL Authentication

Transport Layer Security

Content Filtering

External Databases

Appendix A. Configuration Parameters

Appendix B. Postfix Commands

Appendix C. Compiling and Installing Postfix

Appendix D. Frequently Asked Questions

Postfix(c) The Definitive Guide
Postfix: The Definitive Guide
ISBN: 0596002122
EAN: 2147483647
Year: 2006
Pages: 130
Authors: Kyle Dent D. © 2008-2020.
If you may any questions please contact us: