Postfix: Configuring Smarhost with TLS and Authentication

Configuring mutt as you mail client does force you to configure a mail server on you local system, as mutt cannot send mails by itself. When I chose to use mutt, I decided to set up postfix to drop my sent mail to my usual mailserver. This mailserver does run on port 465, uses TLS and needs authentication.

Therefore, I added

relayhost =
smtp_sasl_auth_enable = yes
smtp_use_tls = yes
smtp_enforce_tls = yes
smtp_sasl_password_maps = hash:/etc/postfix/smtp_sasl_passwords
smtp_tls_per_site = hash:/etc/postfix/smtp_tls_sites

to my /etc/postfix/ Most of the configuration options are self-explaining. We can see that mail should be sent through ≶somehost> using tls and sasl_auth. Sasl_auth is used to provide authentication to the mailserver.

It will read its usernames and passwords from the sasl_database create from /etc/postfix/smtp_sasl_passwords. You need to create this file (and make it read only for root, as it does contain your password in plain text). This file contains password in the following form:

.. :

After you created that file, you need to run postmap /etc/postfix/smtp_sasl_passwords, which will create /etc/postfix/smtp_sasl_passwords.db for you.

If your smtp-server does not have a self-signed certificate, you need to create /etc/postfix/smtp_tls_sites which needs to contain


Afterwards, you need to run postmap on this file again. Start postfix afterwards and check /var/log/mail.log for any errors (or successful startup).