Fastmail provides outgoing smtp services to its users via an app-specific password. Postfix configuration can be set to use Fastmail’s servers for smtp with correct authentication headers (dkim, dmarc, spf). Before starting the postfix configuration, follow Fastmail’s directions for creating an app-specific password. Thanks to Tim Wild for noting preparation for the postfix configuration may require setting the server host name.

Install postfix and associated packages for securing the connection. Select Internet Site during installation and set an appropriate FQDN.

$ sudo apt-get install postfix mailutils libsasl2-2 ca-certificates libsasl2-modules

Add the following lines to /etc/postfix/main.cf

relayhost = [smtp.fastmail.com]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_CAfile = /etc/postfix/cacert.pem
smtp_use_tls = yes

The password is stored in the file /etc/postfix/sasl_passwd with the following line. Replace the username with the email address used to connect to the Fastmail web page. The password is the app-specific password generated above.

[smtp.fastmail.com]:587 username:password

Fix the permissions

$ sudo chmod 400 /etc/postfix/sasl_passwd

And tell postfix about the password entry

$ sudo postmap /etc/postfix/sasl_passwd

Make a copy of the certificate for postfix if it was installed with the ca-certificates. If the certificate is not in /etc/ssl/certs, download the certificate directly from Thawte’s Root Certificates page (Thawte Primary Root CA). Thanks to Jim Kalafut for noting the Thawte certificate may not be installed.

$ sudo cp /etc/ssl/certs/Thawte_Premium_Server_CA.pem /etc/postfix/cacert.pem

And reload

$ sudo /etc/init.d/postfix reload

Finally, a test email

$ echo "Test mail from postfix" | mail -s "Test Postfix" you@example.com

Information above based on a similar article located on easyengine.io.