Postfix and SMTP AUTH on OS X Lion

The standard instructions for configuring postfix to use authenticated SMTP to use authentication when forwarding to a relay host did not work for me on OS X Lion. For future searchers here is how I made it work.

  1. Create the file /etc/postfix/sasl_passwd as described in the standard docs, i.e. at least one line containing:
    server username:password
    and set the permissions using sudo chmod 600 /etc/postfix/sasl_passwd.
  2. Make the db version used by postfix: sudo postmap /etc/postfix/sasl_passwd (the new file will inherit the permissions of the original file).
  3. If you have upgraded from a previous version of OS X, particularly if you modified your postfix configs, follow the advice in the section below before continuing.
  4. To tell postfix to use authenticated SMTP, add the following lines to /etc/postfix/main.cf:

    mydomain = <>
    mydomain_fallback = localhost
    smtp_sasl_auth_enable = yes
    smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd

    If your domain’s MX records do not specify your relayhost then you must also set the relayhost line.
  5. postfix on OS X runs “on demand” so there is no need to instruct it to reload its configuration. The log file is in the standard UNIX location, /var/log/mail.log.

Upgrading from Snow Leopard

I had previously had this postfix setup working under Snow Leopard, and the upgrade process appeared to have preserved my configuration settings so I was surprised to see that after upgrading to Lion, my smarthost was not accepting mail.

Examining the files in /etc/postfix I noticed that in addition to my customised main.cf there was also a file called main.cf.default which was modified the date I had upgraded to Lion. Comparing the two files showed a number of subtle differences but after being unable to determine why postfix was not authenticating to my upstream server, I decided to copy it over my customised main.cf and re-apply my changes.

Having done this, the mailq command gave me the following error:
postfix[17922]: fatal: bad string length 0 < 1: setgid_group =
Setting setgid_group = _postdrop in main.cf fixed that but then I hit another error:
fatal: file /etc/postfix/main.cf: parameter mail_owner: user postfix has same user ID as _postfix
Resolving this required me to change the value of mail_owner from postfix to _postfix but I don’t know if this is a bug in Apple’s supplied main.cf or an artefact of my user and group information evolving from a 10.6 install to 10.7.