More and more ISPs require customers to use the ISP’s own SMTP server for sending mail (to effectively block spam coming from hijacked customer workstations). Or you simply might want to send outgoing mail using your own SMTP mail server somewhere in the Internet, which should only accept encrypted, authenticated connection requests.
If you’re lucky, you can configure postfix on your Snow Leopard Server (and later) using the supplied ‘Server Admin’ GUI tool and enter your authentication credentials and the name of your (or your ISP’s) SMTP server there. This is explained in the following Youtube video: Using Your ISPs Mail Server in Snow Leopard Server.
In my case, this wasn’t sufficient, i.e. didn’t work and hence I had to use the CLI tool instead (which appears to be buggy, see later). The configuration of outgoing SMTP authentication for postfix on Mac OS X Snow Leopard Server is analogous to my quite old post about configuring SMTP auth for postfix on Linux, only the commands slightly differ.
Here are the commands I had to use:
# serveradmin settings mail:postfix:smtp_sasl_mechanism_filter = "plain"
mail:postfix:smtp_sasl_mechanism_filter = “plain”
# serveradmin settings mail:postfix:smtp_sasl_security_options = "noanonymous"
mail:postfix:smtp_sasl_security_options = “noanonymous”
# serveradmin settings mail:postfix:smtp_use_tls = "yes"
mail:postfix:smtp_use_tls = “1”
The last command reveals a bug in the ‘serveradmin’ tool which will prevent postfix from working correctly as the value is set to “1” instead of “yes”! As a workaround, you need to manually set the value to “yes” in /etc/postfix/main.cf:
# vi /etc/postfix/main.cf
smtp_use_tls = yes
# vi /etc/postfix/sasl/passwd
# cat /etc/postfix/sasl/passwd
smtp.mydomain.com login:password
# postmap hash:/etc/postfix/sasl/passwd
# serveradmin stop mail
mail:state = “STOPPED”
# serveradmin start mail
mail:state = “RUNNING”
Done that, you can test the new settings by composing and sending a message using the ‘mail’ command:
# mail -s "a test message" myaddress@mydomain.com
(enter the body text and finish editing the message by entering a dot on an empty line)
Check the mail queue with
# mailq
Requeue messages that couldn’t be delivered using
# postqueue -f
[Edit 20130401: Fixed some typos, clarified the phrasing, anonymized data]