postfix config for outgoing smarthost with TLS authentication

this is a short how-to, to get your postfix mailserver to send outgoing mail via a smarthost that requires TLS authenticatin:

create a password file with the following contents:

echo "mail.server.com username:password" > /etc/postfix/smarthost_password
chmod 600 /etc/postfix/smarthost_password
postmap /etc/postfix/smarthost_password

edit main.cf

nano /etc/postfix/main.cf

and add / modify these lines:

relayhost = mail.w3design.ch:587
smtp_use_tls=yes
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/smarthost_password
smtp_sasl_security_options = noanonymous
smtp_tls_security_level = encrypt

also make sure you're not creating an open realy server for everybody to use. for example limit your accetpable mail networks to localhost only is a good starting point (in main.cf as well):

mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128

now check your neew config and reload it:

postfix check 
postfix reload 

montior your mail logs and send a test message to see what happens:

tail -f /var/log/mail.* 

in another terminal:

echo "this is a test " | mail mail@psuter.ch -s test