Postfix outgoing/outbound SMTP authentication for smtp.hispeed.ch/cablecom.ch

It afforded quite some packet sniffing and debugging to find out the correct settings and encodings.

Here are the settings for postfix outbound/outgoing/upstream SMTP AUTH, smtp.hispeed.ch/cablecom.ch and Gentoo:

To /etc/postfix/main.cf, add:

smtp_sasl_auth_enable = yes
smtp_sasl_mechanism_filter = plain
smtp_use_tls = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd_outgoing_smtp
smtp_sasl_security_options = noanonymous

For debugging purposes, you might want to temporarily set “smtp_use_tls = no” in order to disable transport layer security encryption. Setting “smtp_sasl_mechanism_filter = plain” is not mandatory but might be helpful if AUTH LOGIN doesn’t seem to work for some reason.

Then create a file /etc/postfix/sasl_passwd_outgoing_smtp (or whatever name you chose) consisting of the following line:

smtp.hispeed.ch login:password

where “login” is your hispeed e-mail address (e.g. name@hispeed.ch) and “password” the password for your e-mail account at hispeed.ch. Don’t even try to use the credentials they sent you by snail mail. These are only valid to setup an initial e-mail account at hispeed.ch.

Now create a postfix-readable hash database of this text file by executing:

# postmap hash:/etc/postfix/sasl_passwd_outgoing_smtp

reload postfix:

# /etc/init.d/postfix reload

That’s it :) You can now check whether SMTP authentication works by sending a test message to a local and to a remote recipient while monitoring /var/log/messages or /var/log/mail.info (‘tail -f /var/log/messages’ etc.). If necessary, you can temporarily increase the log level of postfix by starting postfix with the “-v” option (adjust /etc/init.d/postfix accordingly). For general debugging of SMTP problems, telnet comes handy.

Use perl to encode your login and password as base64:

$ perl -MMIME::Base64 -e ‘print encode_base64(“name\@hispeed.chname\@hispeed.chpassword”);’
bmFtZUBoaXNwZWVkLmNoAG5hbWVAaGlzcGVlZC5jaABwYXNzd29yZA==

You could also use ‘mimencode’ (or ‘mmencode’ etc.) instead, but using perl is recommended as feeding the special characters (“nul”) to mimencode is pretty error-prone. The above, encoded string is suitable for AUTH PLAIN. Note that you need to specify your credentials as “loginloginpassword” and mask any perl special characters like “@”, “$” etc. with backslashes. denotes the ASCII nul character (0x00). For AUTH LOGIN, separate the login and password, i.e. do

$ perl -MMIME::Base64 -e ‘print encode_base64(“name\@hispeed.ch”);’
bmFtZUBoaXNwZWVkLmNo
$ perl -MMIME::Base64 -e ‘print encode_base64(“password”);’
cGFzc3dvcmQ=

If AUTH PLAIN works, your telnet session should look similar to this one:

$ telnet smtp.hispeed.ch 25
Trying 62.2.95.12…
Connected to smtp.hispeed.ch.
Escape character is ‘^]’.
220 smtp.hispeed.ch ESMTP Sendmail 8.12.6/8.12.6/tornado-1.0; Thu, 2 Jun 2005 18:25:33 +0200
EHLO smtp.hispeed.ch
250-smtp.hispeed.ch Hello cut.dclient.hispeed.ch [cut], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE 10485760
250-DSN
250-AUTH PLAIN LOGIN
250-STARTTLS
250-DELIVERBY
250 HELP
AUTH PLAIN bmFtZUBoaXNwZWVkLmNoAG5hbWVAaGlzcGVlZC5jaABwYXNzd29yZA==
235 2.0.0 OK Authenticated
QUIT
221 2.0.0 smtp.hispeed.ch closing connection
Connection closed by foreign host.

For AUTH LOGIN, the login and password need to be separated and submitted separately.

CategoriesITTags

One Reply to “Postfix outgoing/outbound SMTP authentication for smtp.hispeed.ch/cablecom.ch”

Leave a Reply

Your email address will not be published. Required fields are marked *

5 × = 50

This site uses Akismet to reduce spam. Learn how your comment data is processed.