postfix config for outgoing smarthost with TLS authentication

this is a short how-to, to get your postfix mailserver to send outgoing mail via a smarthost that requires TLS authenticatin:

create a password file with the following contents:

echo " username:password" > /etc/postfix/smarthost_password
chmod 600 /etc/postfix/smarthost_password
postmap /etc/postfix/smarthost_password


nano /etc/postfix/

and add / modify these lines:

relayhost =
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/smarthost_password
smtp_sasl_security_options = noanonymous
smtp_tls_security_level = encrypt

also make sure you're not creating an open realy server for everybody to use. for example limit your accetpable mail networks to localhost only is a good starting point (in as well):

mynetworks = [::ffff:]/104 [::1]/128

now check your neew config and reload it:

postfix check 
postfix reload 

montior your mail logs and send a test message to see what happens:

tail -f /var/log/mail.* 

in another terminal:

echo "this is a test " | mail -s test