Take the following steps to configure Postfix to relay mail to a remote SMTP server with password authentication over SSL. Substitute as required for strings in
italics below.
Address is the fully-qualified domain name of the relay host. The value of
port is usually either 25, 465, or 587.
Username and
password refer to your credentials on the relay host.
Be very careful with these steps. If you make a mistake, your outgoing mail could be relayed to the wrong server.
Update the existing relayhost directive in
/Library/Server/Mail/Config/postfix/main.cf
if necessary:
relayhost = [address]:port
Add the lines:
smtp_sasl_security_options =
smtp_tls_CAfile = /etc/certificates/relayhost.pem
smtp_tls_session_cache_database = btree:$data_directory/smtp_tls_session_cache
Create the file
/Library/Server/Mail/Config/postfix/sasl/passwd
with this content:
[address]:port username:password
Here
address must match $relayhost.
Then create the password database:
sudo postmap /Library/Server/Mail/Config/postfix/sasl/passwd
This action creates the file
/Library/Server/Mail/Config/postfix/sasl/passwd.db
The password database files should be readable
by root only.
Create the file
/etc/certificates/relayhost.pem
with the CA certificate(s) to be trusted for authentication of the remote host. You get those certificates from the service provider. If you can't find a link to download them, try this:
openssl s_client -connect address:port -showcerts < /dev/null | sed -n '/-BEGIN /,/-END /p' | sudo sh -c 'cat > /etc/certificates/relayhost.pem'
The command may produce an error message that isn't necessarily significant.
Finally, restart the Mail service.