Configure Postfix to use Office365 SMTP Relay on Ubuntu 18.04

Configure Postfix to use Office365 SMTP Relay on Ubuntu 18.04

In this post I’ll show how to install and configure Postfix on Ubuntu 16.04 to use Office 365 services like smarthost/mail relay.

apt-get upgrade
apt-get update
apt-get install postfix sasl2-bin mailutils

sasl2-bin is an API thet implement Cyrus SASL API, and permit to integrate authentication mechanisms in Postfix
mailutils is a simple mail commands that will help testing our configuration.

During the Postfix configuration in request “General type of mail configuation” select “Internet Site”, and set your “System mail name” to use your FQDN (Fully Qualified Domain Name): in my case mailserver.infpressapochista.local
You can use the next command to obtain your FQDN.

hostname –fqdn
Now we need to define the credentials that will be used to establish the connection with Office 365 smtp server.
Create a file called sasl_passwd in /etc/postfix that contains the credentials: the username and password.

[smtp.office365.com]:587 usernameOffice365@domainOffice365.it:password
Att.: Replace usernameOffice365@domainOffice365.it and password with the appropriate credentials.
Postfix for some config files doesn’t use the flat ascii format, but uses a hash version of the same files that allows quicker lookup/retrieval.
This is one of them !

postmap hash:/etc/postfix/sasl_passwd
This command create an hash version of sasl_passwd plain ascii file: in /etc/postfix you should see sasl_passwd and sasl_passwd.db in the list.

Using Office 365 smtp we can only send mail (FROM field in email header) as the user we are connecting with, or an another account specified in office365 (Send As permission).

For this reason we need to configure postfix to modify the from field for all the outgoing mail.
Create a file called sender_canonical in /etc/postfix.

nano /etc/postfix/sender_canonical
Here you can add the next line.

/.+/ usernameOffice365@domainOffice365.it
Att.: Replace usernameOffice365@domainOffice365.it with the same account used in /etc/postfix/sasl_passwd or an another enabled account.
Create the hash version.

postmap hash:/etc/postfix/sender_canonical
For security purposes let’s make sure the owner of the files created above is the root user and the permissions are 644.

chown root:root /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db
chmod 644 /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db
chown root:root /etc/postfix/sender_canonical /etc/postfix/sender_canonical.db
chmod 644 /etc/postfix/sender_canonical /etc/postfix/sender_canonical.db
I prefer to use TLS to transmit mail.

cp /etc/ssl/certs/thawte_Primary_Root_CA.pem /etc/postfix/cacert.pem
Now we can configure Postfix to use this files. Edit /etc/postfix/main.cf and add/modify the following lines to our main.cf

…..
inet_protocols = ipv4
relayhost = [smtp.office365.com]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_security_level = may
sender_canonical_maps = regexp:/etc/postfix/sender_canonical
smtp_tls_CAfile = /etc/postfix/cacert.pem
smtp_use_tls = yes
…..
Att.: The line inet_protocols = ipv4 force postfix to use only ipv4.

Restart Posfix.

service postfix restart
Now we can send a test message to see if everything worked. Create a file like /etc/postfix/mailtest.txt

to: emailto@domain.it
subject:Subject Test
Att.: Replace emailto@domain.it with the address you want to send your test to.

sendmail -v emailto@domanin.it < /etc/postfix/mailtest.txt Att.: Replace emailto@domain.it with the address you want to send your test to. If your test fails you can check the mail.log file to try and determine why.

tail – f /var/log/mail.log
Att.: After making changes be sure to restart Postfix before testing.
service postfix restart

Ref::

Configure Postfix to use Office365 SMTP Relay on Ubuntu 16.04

Enable MySQL Server Remote Connection in Ubuntu

Enable MySQL Server Remote Connection in Ubuntu

By default MySQL Server on Ubuntu run on the local interface, This means remote access to the MySQL Server is not Allowed. To enable remote connections to the MySQL Server we need to change value of the bind-address in the MySQL Configuration File.

First, Open the /etc/mysql/mysql.conf.d/mysqld.cnf file (/etc/mysql/my.cnf in Ubuntu 14.04 and earlier versions).

vim /etc/mysql/mysql.conf.d/mysqld.cnf

Under the [mysqld] Locate the Line,

bind-address = 127.0.0.1

And change it to,

bind-address = 0.0.0.0

systemctl restart mysql.service

Now Ubuntu Server will allow remote access to the MySQL Server, But still you need to configure MySQL users to allow access from any host.

For example, when you create a MySQL user, you should allow access from any host.

CREATE USER ‘username’@’%’ IDENTIFIED BY ‘password’;

Or Allow from Specific IP Address,

CREATE USER ‘username’@’192.168.1.100’ IDENTIFIED BY ‘password’;

The output should show that MySQL Server running on the socket 0 0.0.0.0:3306 instead of 127.0.0.1:3306.

MySQL Server running on the socket 0 0.0.0.0:3306
You can also try to telnet to the MySQL port 3306 from a remote host. For example, if the IP Address of your Ubuntu Server is 192.168.1.10, Then from the remote host execute,

telnet 192.168.1.10 3306

You can also run the nmap command from a remote computer to check whether MySQL port 3306 is open to the remote host.

nmap 192.168.1.10

The output should list MySQL port 3306 and the STATe should be open. If the MySQL port 3306 not open, Then there is a firewall which blocks the port 3306.

Troubleshoot Ubuntu MySQL Remote Access
To make sure that, MySQL server listens on all interfaces, run the netstat command as follows.

netstat -tulnp | grep mysql

How to Create a New User

Log in to the MySQL server.
Log in to MySQL with the command mysql -u root -p
Type the MySQL root user password.

CREATE USER ‘newuser’@’localhost’ IDENTIFIED BY ‘password’;
GRANT ALL PRIVILEGES ON * . * TO ‘newuser’@’localhost’;
FLUSH PRIVILEGES;

How To Grant Different User Permissions

Issue the MySQL command:
To allow specific IP for specifi user
GRANT ALL ON wordpressdb.* TO ‘wpadmin’@’192.168.1.100’ IDENTIFIED BY ‘%u#098Tl3’ WITH GRANT OPTION;

To allow any IP for specifi user
GRANT ALL ON wordpressdb.* TO ‘wpadmin’@’%’ IDENTIFIED BY ‘%u#098Tl3’ WITH GRANT OPTION;

Flush the MySQL privileges with the command
FLUSH PRIVILEGES;

Exit out of the MySQL prompt with the command exit;