It afforded quite some packet sniffing and debugging to find out the correct settings and encodings.
Here are the settings for postfix outbound/outgoing/upstream SMTP AUTH, smtp.hispeed.ch/cablecom.ch and Gentoo:
To /etc/postfix/main.cf, add:
smtp_sasl_auth_enable = yes
smtp_sasl_mechanism_filter = plain
smtp_use_tls = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd_outgoing_smtp
smtp_sasl_security_options = noanonymous
For debugging purposes, you might want to temporarily set “smtp_use_tls = no” in order to disable transport layer security encryption. Setting “smtp_sasl_mechanism_filter = plain” is not mandatory but might be helpful if AUTH LOGIN doesn’t seem to work for some reason.
Then create a file /etc/postfix/sasl_passwd_outgoing_smtp (or whatever name you chose) consisting of the following line:
where “login” is your hispeed e-mail address (e.g. firstname.lastname@example.org) and “password” the password for your e-mail account at hispeed.ch. Don’t even try to use the credentials they sent you by snail mail. These are only valid to setup an initial e-mail account at hispeed.ch.
Now create a postfix-readable hash database of this text file by executing:
# postmap hash:/etc/postfix/sasl_passwd_outgoing_smtp
# /etc/init.d/postfix reload
That’s it :) You can now check whether SMTP authentication works by sending a test message to a local and to a remote recipient while monitoring /var/log/messages or /var/log/mail.info (‘tail -f /var/log/messages’ etc.). If necessary, you can temporarily increase the log level of postfix by starting postfix with the “-v” option (adjust /etc/init.d/postfix accordingly). For general debugging of SMTP problems, telnet comes handy.
Use perl to encode your login and password as base64:
$ perl -MMIME::Base64 -e ‘print encode_base64(“name\@hispeed.chname\@hispeed.chpassword”);’
You could also use ‘mimencode’ (or ‘mmencode’ etc.) instead, but using perl is recommended as feeding the special characters (“nul”) to mimencode is pretty error-prone. The above, encoded string is suitable for AUTH PLAIN. Note that you need to specify your credentials as “loginloginpassword” and mask any perl special characters like “@”, “$” etc. with backslashes. denotes the ASCII nul character (0x00). For AUTH LOGIN, separate the login and password, i.e. do
$ perl -MMIME::Base64 -e ‘print encode_base64(“name\@hispeed.ch”);’
$ perl -MMIME::Base64 -e ‘print encode_base64(“password”);’
If AUTH PLAIN works, your telnet session should look similar to this one:
$ telnet smtp.hispeed.ch 25
Connected to smtp.hispeed.ch.
Escape character is ‘^]’.
220 smtp.hispeed.ch ESMTP Sendmail 8.12.6/8.12.6/tornado-1.0; Thu, 2 Jun 2005 18:25:33 +0200
250-smtp.hispeed.ch Hello cut.dclient.hispeed.ch [cut], pleased to meet you
250-AUTH PLAIN LOGIN
AUTH PLAIN bmFtZUBoaXNwZWVkLmNoAG5hbWVAaGlzcGVlZC5jaABwYXNzd29yZA==
235 2.0.0 OK Authenticated
221 2.0.0 smtp.hispeed.ch closing connection
Connection closed by foreign host.
For AUTH LOGIN, the login and password need to be separated and submitted separately.