In your postfix main.cf, enter the following:
smtp_tls_security_level = encrypt
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/smtp_passwd
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
relayhost = [smtp.pobox.com]:587
In /etc/postfix/smtp_passwd, enter:
smtp.pobox.com email@example.com:YOUR PASSWORD
smtp_passwd is a transport map. To compile the hash table that postfix will use, you'll have to run:
Messages sent via Postfix are subject to the same outbound limits as messages sent by other programs, so don't queue 100 messages, then connect and deliver them all at once.... they will start getting rejected once you hit the outbound limits.
The Postfix manual advises that you should "keep the SASL client password file in /etc/postfix, and make the file read+write only for root to protect the username/password combinations against other users. To do so, execute (as root or using sudo):
chown root:root /etc/postfix/smtp_passwd
chmod 600 /etc/postfix/smtp_passwd
After you've executed postmap, also check that smtp_passwd.db is also root:root and 600.
Thanks to rjbs, gevrey and brian.white for supplying the details!