I found this hint very useful and wanted to illustrate its use based on the example of gmail as your outgoing SMTP server.
I make no guarantees, but I hope it helps someone. I pieced this information together from lots of useless searches and several useful how-to's and postings. Only the root user should be able to read it.
The MUST_NOPEERMATCH in the smtp_tls_sites file ignores certificate mismatches when negotiating TLS.The *_security_options settings allow postfix to use plain text passwords during authentication (albeit over TLS).You can now check the logs: tail /var/log/mail.logOr, if you're crafty, you'll open a second Terminal window, and before running the tests in the first window, do: tail -f /var/log/mail.logHere are some notes about options that you see in the content above: If that's the case, try: printf "Subject: TestnHello" | sendmail -f second test form specifies the "from" address as you, but can be changed to anything you want as long as it passes muster with your provider's server. Relayhost = # (you can use :port, such as :587)smtp_sasl_auth_enable = yessmtp_use_tls = yessmtp_enforce_tls = yessmtp_sasl_security_options =smtp_sasl_tls_security_options =smtp_sasl_tls_verified_security_options =smtp_tls_loglevel = 2 # optional if you wan to see what's going on with the TLS negotiation in /var/log/mail.logsmtp_sasl_password_maps = hash:/etc/postfix/smtp_sasl_passwordssmtp_tls_per_site = hash:/etc/postfix/smtp_tls_sitestls_random_source = dev:/dev/urandomCreate /etc/postfix/smtp_sasl_passwords with the following contents: username:passwordCreate /etc/postfix/smtp_tls_sites with the following contents: MUST_NOPEERMATCHThen run the following commands: $ cd /etc/postfix$ chmod go-rx smtp_sasl_passwords$ postmap smtp_sasl_passwords$ postmap smtp_tls_sitesTo test, try: echo "Hello" | mail -s "Test" above test may not work if your provider requires a valid source e-mail address.