Configuring Postfix Relay to Office365 on Proxmox

[CPBPILOT]

Thought I would share this as I have been fighting it for a few days. I was able to finally get postfix setup with office365 so that sendmail would work. This is mostly a copy/paste of this site so I don't claim to be the originator but I had to insure saslauthd was installed and running before it worked. That's the part that was not in the original write-up.​

Step 1: Install Required Packages​

First, update your package list and install the necessary mail utilities:

apt-get update
apt-get install postfix mailutils sasl2-bin libsasl2-modules

Step 2: Configure Postfix​

Edit the main Postfix configuration file:

nano /etc/postfix/main.cf

Modify or add the following lines to configure the relay:

relayhost = [smtp.office365.com]:587
mynetworks = 127.0.0.0/8
inet_interfaces = loopback-only
inet_protocols = ipv4

smtp_use_tls = yes
smtp_always_send_ehlo = yes
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
smtp_tls_security_level = encrypt
smtp_generic_maps = hash:/etc/postfix/generic
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt

Save and exit the file CTRL+X, then Y, then Enter.

Step 3: Configure Authentication (sasl_passwd)​

Create the authentication file:

nano /etc/postfix/sasl_passwd

Add the following line, replacing username@yourdomain.com and password with your Office365 credentials:

[smtp.office365.com]:587 username@yourdomain.com:password

Set the correct permissions and hash the file:

chown root:root /etc/postfix/sasl_passwd
chmod 0600 /etc/postfix/sasl_passwd
postmap /etc/postfix/sasl_passwd

Step 4: Configure Generic Mapping​

Create the generic file:

nano /etc/postfix/generic

Add the following lines:

root@localdomain username@yourdomain.com
@localdomain username@yourdomain.com

Set the correct permissions and hash the file:

chown root:root /etc/postfix/generic
chmod 0600 /etc/postfix/generic
postmap /etc/postfix/generic

Step 5: Ensure saslauthd is Installed and Running​

Check if saslauthd is installed and running:

systemctl status saslauthd

If it is not active, enable and start it:

systemctl start saslauthd

systemctl enable saslauthd

Step 6: Test the Configuration​

Restart Postfix:

systemctl restart postfix

Send a test email:

echo "This is a test email" | mail -s "Relay Test Email" recipient@example.com -a "From: username@yourdomain.com"

Step 7: Troubleshooting​

If you do not receive the test email, check the logs:

tail -f /var/log/mail.log
If sending to another user in the same domain yourdomain.com fails, check the mydestination setting in main.cf and remove yourdomain.com if present.

 

[heubi]

Hi,
I am trying to set up Proxmox Mail Gateway with Sasl-XoAuth2. Could get the token out of M365 but somehow can't get it to run to the end.
Do you have also a "how to do" for PMG to M365.
Regards Heubi

 

[SteveITS]

smtp.office365.com

I hate to rain on your parade but per https://learn.microsoft.com/en-us/e...device-or-application-through-a-cloud-mailbox and https://techcommunity.microsoft.com...c-authentication-deprecation-timeline/4489835, MS is removing SMTP auth. Looks like they pushed it off for another year or more, though.

Direct Send is also discouraged and they intend to disable it by default because spammers figured out how to spoof your domain.

That leaves the SMTP Relay a.k.a. Connector option on that first link, to allow sending by IP address. Which works unless your mail software defaults to using IPv6, because even though MS allows IPv6 connections, MS doesn't let you allow IPv6 addresses.

 

[heubi]

Thanks for reply. That's why I used the Github Sasl-XoAuth2 to work with MFA. The other options are outdated or not working as you already have written.
Or do I misreading here something? I just want setup something what is not working for only another year. Need this to send old Auth for Programms and Printers local. Alternative would be payable email programm but I like to stay local.
Regards Heubi