Outgoing SMTP Authentication
Overview
When you need to route all outgoing mail through your ISP's MTA, and that MTA requires that you authenticate, certain settings in postfix are required.
For this example, we will use mailrelay.example.com as the outgoing relay The authentication user will be username The password will be password
The outbound destination should be the canonical address. postfix will resolve CNAMEs to canonical addresses and then use that to lookup the username and password .
Godaddy example: smtpout.secureserver.net is really smtp.starfieldtech.com, so make sure you enter smtp.starfieldtech.com nslookup smtpout.secureserver.net ... Non-authoritative answer: smtpout.secureserver.net canonical name = smtp.starfieldtech.com. Name: smtp.starfieldtech.com Address: 64.202.165.58
Setting a relay host
Set the relay host in the admin console, MTA tab to point to your ISPs outgoing mail server. Your ISP can tell you the proper value for this. You may have to set the port, as well.
Enabling smtp authentication
Run all these commands as the zimbra user
Create a text file mapping which name/password should be used for each given outbound destination:
echo mailrelay.example.com username:password > /opt/zimbra/conf/relay_password
Create a postfix lookup table
postmap /opt/zimbra/conf/relay_password
Test that the map is okay
postmap -q mailrelay.example.com /opt/zimbra/conf/relay_password
This should return username:password if done right
Make postfix use the above
postconf -e smtp_sasl_password_maps=hash:/opt/zimbra/conf/relay_password postconf -e smtp_sasl_auth_enable=yes
Restart postfix:
postfix reload
Troubleshooting
After sending a test message, check the Log Files for the error:
(Authentication failed: cannot SASL authenticate to server ...: no mechanism available)
You can fix this problem by tweaking the auth mechanisms that postfix is willing to use. First check what auth mechanism postfix is configured to use - by default, you will see:
$ postconf smtp_sasl_security_options smtp_sasl_security_options = noplaintext, noanonymous
Since noplaintext is present, postfix will refuse to use a mechanism that sends passwords in the clear. If your upstream relay host only supports PLAIN or LOGIN mechanisms (both of which send password in the clear), you have to remove noplaintext from smtp_sasl_security_options:
$ postconf -e smtp_sasl_security_options=noanonymous $ postfix reload
If you are concerned about password-in-the-clear and your upstream relay host offers TLS, you might be interested in this smtp_use_tls variable.
See also [1].