I know that this thread is a bit old, but it popped up in google while I was trying to setup relaying local email to my external SMTP server (SSL encryption on port 465, plain text authentification).
Postfix version 2.8.0 does not support SMTP client mode on SSL port 465. Instead, one has to use a separate daemon stunnel (refer elsewhere how to set it up and run) to wrap the communication into ssl. Do not forget to check /etc/hosts.allow to allow connections to stunnel ("stunneld: ALL")
Once setup, add this to your stunnel.conf:
accept = 11125
client = yes
connect = your.smtp.server.com:465
and test by running "telnet localhost 11125" - you should be redirected to your.smtp.server.com and get its greetings. Type "quit" to exit.
If you get error with libwrap (check /var/log/...), try adding "libwrap = no" to stunnel.conf and restart stunnel service.
The /etc/postfix/main.cf configuration is similar as above, just the relay host is local:
relayhost = [127.0.0.1]:11125
smtp_sasl_type = cyrus
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_auth_enable = yes
# optional: necessary if email provider
# requires passwords sent in clear text
smtp_sasl_security_options = noanonymous
smtp_sasl_mechanism_filter = plain, login
# optional: necessary if email provider uses load balancing and
# forwards emails to another smtp server
# for delivery (ie: smtp.yahoo.com --> smtp.phx.1.yahoo.com)
smtp_cname_overrides_servername = no
Also do not forget to create the credentials file /etc/postfix/sasl_passwd (set chmod go-rwx to protect it from non-root users):
# The server info must exactly match the value
# for "relayhost" in /etc/postfix/main.cf
and rebuild the password hash by typing "postmap hash:/etc/postfix/sasl_passwd".
Then restart postfix and try "telnet localhost 25" and type
MAIL FROM: <from-email>
RCPT TO: <recipient-email>
Type message here.
The last line leaves DATA mode and email should be relayed by postfix. Watch /var/log files to see if it goes okay.