Postfix Relay to Office365

linux email postfix microsoft-office-365

I am trying to setup a Postfix server on a Linux box to relay all mail to our Office365 (Exchange, hosted by Microsoft) mail server, but, I keep getting an error regarding the sending address:

BB338140DC1: to= relay=pod51010.outlook.com[157.56.234.118]:587, delay=7.6, delays=0.01/0/2.5/5.1, dsn=5.7.1, status=bounced (host pod51010.outlook.com[157.56.234.118] said: 550 5.7.1 Client does not have permissions to send as this sender (in reply to end of DATA command))

Office 365 requires that the sending address in the MAIL FROM and From: header be the same as the address used to authenticate. I have tried everything I can think of in the config to get this working. My postconf -n:

append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
debug_peer_list = 127.0.0.1
inet_interfaces = loopback-only
inet_protocols = all
mailbox_size_limit = 0
mydestination = xxxxx, localhost.localdomain, localhost
myhostname = localhost
mynetworks = 127.0.0.0/8
recipient_delimiter = +
relay_domains = our.doamin
relayhost = [pod51010.outlook.com]:587
sender_canonical_classes = envelope_sender
sender_canonical_maps = hash:/etc/postfix/sender_canonical
smtp_always_send_ehlo = yes
smtp_sasl_auth_enable = yes
smtp_sasl_mechanism_filter = login
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options =
smtp_tls_CAfile = /etc/postfix/cacert.pem
smtp_tls_loglevel = 1
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes

/etc/postfix/sender_canonical:

www-data                [email protected]
root                    [email protected]
www-data@localhost      [email protected]
root@localhost          [email protected]

Also, sasl_passwd is set to the correct credentials (tested them using swaks multiple times.) Authentication works, and sends the message when the from headers are correct (also tested using swaks, which works)

The emails are coming from PHP, so I have also tried altering the sendmail path in php.ini to use pass the correct from address via -f

So, for some reason, mail coming from www-data and root are not having the from fields rewritten to Office 365's satisfaction, and it won't send the message.

Any postfix gurus out there that can help me setup this relay?


Just in case anyone comes across this later. I DID finally get a proper email relay working. The issues had to do with using an older version of postfix, which formatted the "FROM" element in the envelope in a way that Office 365 didn't like. Updating Postfix to 2.9 or greater (and using a config like the one above) solved the issue.


Solution:

  1. Don't send mail to Office365 as a user from your Office365-hosted e-mail domain. Use a subdomain instead, e.g. [email protected] instead of [email protected]. It wouldn't hurt to set up an SPF record for services.mydomain.com or whatever you decide to use.

  2. Don't authenticate against mail.messaging.microsoft.com as an Office365 user. Just connect on port 25 and deliver the mail to your domain as any foreign SMTP agent would do.

Related

Change how Nagios determines if server is offline?
mod_headers not sending headers when file is PHP
Why are journald logfiles so huge?
SSH Prompts for password even though private keys are available, presented to server and known to it
What does Spanning Tree Protocol (STP) do?
Enable Certificate Enrollment Policy and Request a Cert using PowerShell
Is remounting same file system with different options disruptive for current operations?
Nginx client SSL authentication
How to --enable-dom without recompiling PHP?
What does it mean when Linux has no I/O scheduler
Bottles of beer in level 10
Wii extended range sensor bar