A Mail client, configured to use SMTP AUTH, connects to its SMTP server.
The SMTP server responds and offers one or more mechanisms for authentication.
The Mail client chooses a mechanism and submits data for authentication.
The Mail client's data is verified by the authentication service.
The authentication service submits the result (valid user/invalid user) of the verification to the SMTP server.
If the Mail client is a valid user the SMTP server will receive message data otherwise it will end the connection.
A local SMTP server wants to relay messages to a remote SMTP server. It connects to the remote server.
The remote SMTP server responds and offers SMTP AUTH (one or more mechanisms for authentication) to the local server
The local SMTP server looks up for preconfigured information that will tell username and password for the remote server
It submits the given data for authentication
The transmitted data is verified by the remote authentication service. It then submits the result (valid user/invalid user) of the verification to the remote SMTP server
If the local SMTP server is a valid user the SMTP server will allow the messages to be relayed; otherwise it will end the connection.
Now that we have split Authentication for Mail clients from Authentication for Mail servers, find out next what you will need to install and configure to get each of them running. Nonetheless important you should read and understand the job of Cyrus-SASL in SMTP AUTH and which methods and mechanisms to choose from that software to suite your needs best.