postfix auth rejected

I was trying to enable e-mail reporting from a Metropolis ProfitWatch Call Accounting System yesterday, but hit a couple hurdles. First, the ISP didn't provide an e-mail relay service. Second, it seems the metropolis has a very simplistic e-mail client implementation and doesn't appear to accept a port parameter as part of the e-mail client configuration. So it seems to only be capable of transport using port 25, which is rather limiting given that a lot of ISPs block port 25 at this point, but at least the one I was working with wasn't blocking this port.

I use and highly recommend google apps for any domain needing e-mail service. I manage multiple systems, and all have e-mail service, but only local service; none provide relay service to remote users. Therefore the immediate task before me was to take a cloud server providing only local e-mail and turn it into a smart host capable of relaying mail from authenticated senders. I chose one running postfix 2.9 with dovecot, and I struggled with getting authentication rejected messages. Below are the changes I made to get everything working. The big takeaway is that sasl authentication is performed by dovecot, so the two services have to be configured to work together in order to provide sender authentication.


smtp      inet  n       -       -       -       -       smtpd -v
submission inet n       -       -       -       -       smtpd


smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworks reject_unauth_destination
smtpd_tls_security_level = may


service auth {
  # Postfix smtp-auth
  unix_listener /var/spool/postfix/private/auth {
    mode = 0660
    user = postfix
    group = postfix


disable_plaintext_auth = no
auth_mechanisms = plain login

With the verbosity turned up using the -v option in postfix's master.conf, I found some good information helping me identify cause of the failures by monitoring the postfix mail log.

tail -f /var/log/mail.log

Bonus - client test code

This is the code I used as a client during testing. It's very simple Node.JS code requiring nodemailer. It sends e-mail through a host and logs the server response.

var mailHost  = ""
var mailUser  = "username"
var mailPass  = "password"
var mailPort  = 25
var ignoreTLS = false

var mailTO    = ""
var mailFrom  = "Test User <>"

var nodemailer = require("nodemailer")
var Transport = nodemailer.createTransport("SMTP", {
	host   : mailHost, port   : mailPort,
	debug  : true, ignoreTLS: ignoreTLS,
	auth   : {user: mailUser, pass: mailPass}
var mailOptions = {
    from: mailFrom,
    to: mailTo,
    subject: 'Test',
    text: 'This is a test'
Transport.sendMail(mailOptions, function(err, response){