Assume we have a mail server/smarthost running Postfix. We also have Debian boxes with exim4 that want to send mail through our smarthost, perhaps administrative alerts. In some settings, it’s a problem to send out to port 25 (smtp).

Port 587 is explicitly for authenticated clients to securely submit mail to the Mail Submission Agent.

On the smarthost, in /etc/postfix/

submission inet n       -       -       -       -       smtpd
    -o smtpd_enforce_tls=yes
    -o smtpd_sasl_auth_enable=yes
    -o smtpd_client_restrictions=permit_sasl_authenticated,reject

And in /etc/postfix/sasl/smtpd.conf specify only the following mechanisms:

mech_list: PLAIN LOGIN

And make sure the port is open:

~ $  cat /etc/iptables/rules.v4 | grep 587
-A INPUT -p tcp -m tcp --dport 587 -j ACCEPT

On our sending Debian boxes, make sure exim4 is installed and configured, and that the hostname is set correctly:

~ $  hostname -f
~ $  sudo apt-get install exim4
~ $  sudo dpkg-reconfigure exim4-config

Follow the example to supply an appropriate server, login name, and password:

~ $  sudo cat /etc/exim4/passwd.client
# password file used when the local exim is authenticating to a remote
# host as a client.
# see exim4_passwd_client(5) for more documentation
# Example:
### target.mail.server.example:login:password

The user as which exim runs (i.e. “Debian-exim”) must be able to read this file.

Add to /etc/aliases:


and run:

~ #  newaliases

Test like:

~ $  openssl s_client -quiet -starttls smtp -connect


~ $  exim -bp
~ $  exim -qff