I spent some time today configuring [Postfix][] so I could send mail
from home via [[SMTPS|STMP]].  Verizon, our ISP, blocks port 25 to
external domains, forcing all outgoing mail through their
`outgoing.verizon.net` exchange server.  In order to accept mail, they
also require you authenticate with your Verizon username and password,
so I wanted to use an encrypted connection.

For the purpose of this example, our Verizon username is `jdoe`, our
Verizon password is `YOURPASS`, you're running a local Postfix server
on `mail.example.com` for your site at `example.com`, and `12345` is a
free local port.

    # cat /etc/postfix/main.cf
    myhostname = mail.example.com
    relayhost = [127.0.0.1]:12345
    smtp_sasl_auth_enable = yes
    smtp_sasl_password_maps = hash:/etc/postfix/saslpass
    sender_canonical_maps = hash:/etc/postfix/sender_canonical
    # cat /etc/postfix/saslpass
    [127.0.0.1]:12345 jdoe@verizon.net:YOURPASS
		# postmap /etc/postfix/saslpass
		# cat /etc/postfix/sender_canonical
		root@mail.example.com jdoe@example.com
    root@example.com jdoe@example.com
    root@localhost jdoe@example.com
    jdoe@mail.example.com jdoe@example.com
    jdoe@localhost jdoe@example.com
		# postmap /etc/postfix/sender_canonical
    # cat /etc/stunnel/stunnel.conf
    [smtp-tls-wrapper]
    accept = 12345
    client = yes
    connect = outgoing.verizon.net:465
    # /etc/init.d/stunnel restart
    # postfix reload

Test with:

    $ echo 'testing 1 2' | sendmail you@somewhere.com

Here's what's going on:

* You hand an outgoing message to your local Postfix, which decides to
  send it via port `12345` on your localhost (`127.0.0.1`) (`relayhost`).
* Stunnel picks up the connection from Postfix, encrypts everything,
  and forwards the connection to port 465 on `outgoing.verizon.net`
  (`stunnel.conf`).
* Postfix identifies itself as `mail.example.com` (`myhostname`), and
  authenticates using your Verizon credentials (`smtp_sasl_…`).
* Because Verizon is picky about the `From` addresses it will accept,
  we use `sender_canonical` to map addresses to something simple that
  we've tested.

And that's it :p.  If you're curious, there's more detail about all
the Postfix config options in the [postconf][] man page, and there's
good SASL information in the [SASL_README][].

There's also a [blog post by Tim White][TW] which I found useful.
Because Verizon lacks [STARTTLS][] support, his approach didn't work
for me out of the box.

[Postfix]: http://www.postfix.org/
[postconf]: http://www.postfix.org/postconf.5.html
[SASL_README]: http://www.postfix.org/SASL_README.html
[TW]: http://www.zulius.com/how-to/set-up-postfix-with-a-remote-smtp-relay-host/
[STARTTLS]: http://en.wikipedia.org/wiki/STARTTLS

[[!tag tags/linux]]
[[!tag tags/tools]]
[[!tag tags/web]]