Postfix outgoing/outbound SMTP authentication for

It afforded quite some packet sniffing and debugging to find out the correct settings and encodings.

Here are the settings for postfix outbound/outgoing/upstream SMTP AUTH, and Gentoo:

To /etc/postfix/, add:

smtp_sasl_auth_enable = yes
smtp_sasl_mechanism_filter = plain
smtp_use_tls = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd_outgoing_smtp
smtp_sasl_security_options = noanonymous

For debugging purposes, you might want to temporarily set “smtp_use_tls = no” in order to disable transport layer security encryption. Setting “smtp_sasl_mechanism_filter = plain” is not mandatory but might be helpful if AUTH LOGIN doesn’t seem to work for some reason.

Then create a file /etc/postfix/sasl_passwd_outgoing_smtp (or whatever name you chose) consisting of the following line: login:password

where “login” is your hispeed e-mail address (e.g. and “password” the password for your e-mail account at Don’t even try to use the credentials they sent you by snail mail. These are only valid to setup an initial e-mail account at

Now create a postfix-readable hash database of this text file by executing:

# postmap hash:/etc/postfix/sasl_passwd_outgoing_smtp

reload postfix:

# /etc/init.d/postfix reload

That’s it :) You can now check whether SMTP authentication works by sending a test message to a local and to a remote recipient while monitoring /var/log/messages or /var/log/ (‘tail -f /var/log/messages’ etc.). If necessary, you can temporarily increase the log level of postfix by starting postfix with the “-v” option (adjust /etc/init.d/postfix accordingly). For general debugging of SMTP problems, telnet comes handy.

Use perl to encode your login and password as base64:

$ perl -MMIME::Base64 -e ‘print encode_base64(“name\@hispeed.chname\@hispeed.chpassword”);’

You could also use ‘mimencode’ (or ‘mmencode’ etc.) instead, but using perl is recommended as feeding the special characters (“nul”) to mimencode is pretty error-prone. The above, encoded string is suitable for AUTH PLAIN. Note that you need to specify your credentials as “loginloginpassword” and mask any perl special characters like “@”, “$” etc. with backslashes. denotes the ASCII nul character (0x00). For AUTH LOGIN, separate the login and password, i.e. do

$ perl -MMIME::Base64 -e ‘print encode_base64(“name\”);’
$ perl -MMIME::Base64 -e ‘print encode_base64(“password”);’

If AUTH PLAIN works, your telnet session should look similar to this one:

$ telnet 25
Connected to
Escape character is ‘^]’.
220 ESMTP Sendmail 8.12.6/8.12.6/tornado-1.0; Thu, 2 Jun 2005 18:25:33 +0200
EHLO Hello [cut], pleased to meet you
250-SIZE 10485760
250 HELP
235 2.0.0 OK Authenticated
221 2.0.0 closing connection
Connection closed by foreign host.

For AUTH LOGIN, the login and password need to be separated and submitted separately.


One Reply to “Postfix outgoing/outbound SMTP authentication for”

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.