Postfix mit Smarthost


1. Create password maps file (it assigns username/passwords to specified mail servers). You can choose any name, let's say it is /etc/postfix/relay_passwd. It's content should be as follows: USERNAME:PASSWORD 
 Note: Replace USERNAME and PASSWORD with your DNS EXIT mail relay username and PASSWORD.   

2. Set proper permissions for that file:    
# chown root:root /etc/postfix/relay_passwd  
# chmod 600 /etc/postfix/relay_passwd     

3. Create hash from maps file (remember to do it each time you change your maps file):   
#  postmap /etc/postfix/relay_passwd   

4. Configure your /etc/postfix/    

a) Without encryption but with authentication:
relayhost = []
smtp_fallback_relay = []
smtp_sasl_auth_enable = yes  
smtp_sasl_password_maps = hash:/etc/postfix/relay_passwd  
smtp_sasl_security_options =  noanonymous

Note: If your ISP blocks outgoing port 25. You can choose to use alternative SMTP ports by appending the port at the end:
relayhost = []:26

b) With encryption and authentication:
relayhost = []:465
### Note:the line in relay_passwd has to contain the full relayhost name; here: "[]:465"
smtp_sasl_password_maps = hash:/etc/postfix/relay_passwd  
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
smtp_tls_CApath = /etc/ssl/certs
smtp_use_tls = yes
smtp_enforce_tls = yes
smtp_tls_security_level = may
## if only ipv4 available use only this:
inet_protocols = ipv4

When using tls then create your own certificate, either by creating an official one or an self-signed:
# cd /etc/ssl/private/
# openssl genrsa -out selfmail.key 2048
# openssl req -new -key selfmail.key -out selfmail.csr
# openssl x509 -req -days 3650 -in selfmail.csr -out selfmail.cert -signkey selfmail.key

Using tls needs the tlsmanager in the ensure that this line is active:
tlsmgr    unix  -       -       n       1000?   1       tlsmgr

5. Reload or restart your postfix:  
# /etc/init.d/postfix restart

Other notes about postfix:
If the above settings don't work, you need to make sure the SASL support (smtp authentication) is compiled into Postfix. To do so, you may need to upgrade to latest version of Postfix.