Configure Postfix to use Office365 SMTP Relay on Ubuntu 18.04

Configure Postfix to use Office365 SMTP Relay on Ubuntu 18.04

In this post I’ll show how to install and configure Postfix on Ubuntu 16.04 to use Office 365 services like smarthost/mail relay.

apt-get upgrade
apt-get update
apt-get install postfix sasl2-bin mailutils

sasl2-bin is an API thet implement Cyrus SASL API, and permit to integrate authentication mechanisms in Postfix
mailutils is a simple mail commands that will help testing our configuration.

During the Postfix configuration in request “General type of mail configuation” select “Internet Site”, and set your “System mail name” to use your FQDN (Fully Qualified Domain Name): in my case mailserver.infpressapochista.local
You can use the next command to obtain your FQDN.

hostname –fqdn
Now we need to define the credentials that will be used to establish the connection with Office 365 smtp server.
Create a file called sasl_passwd in /etc/postfix that contains the credentials: the username and password.

[smtp.office365.com]:587 usernameOffice365@domainOffice365.it:password
Att.: Replace usernameOffice365@domainOffice365.it and password with the appropriate credentials.
Postfix for some config files doesn’t use the flat ascii format, but uses a hash version of the same files that allows quicker lookup/retrieval.
This is one of them !

postmap hash:/etc/postfix/sasl_passwd
This command create an hash version of sasl_passwd plain ascii file: in /etc/postfix you should see sasl_passwd and sasl_passwd.db in the list.

Using Office 365 smtp we can only send mail (FROM field in email header) as the user we are connecting with, or an another account specified in office365 (Send As permission).

For this reason we need to configure postfix to modify the from field for all the outgoing mail.
Create a file called sender_canonical in /etc/postfix.

nano /etc/postfix/sender_canonical
Here you can add the next line.

/.+/ usernameOffice365@domainOffice365.it
Att.: Replace usernameOffice365@domainOffice365.it with the same account used in /etc/postfix/sasl_passwd or an another enabled account.
Create the hash version.

postmap hash:/etc/postfix/sender_canonical
For security purposes let’s make sure the owner of the files created above is the root user and the permissions are 644.

chown root:root /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db
chmod 644 /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db
chown root:root /etc/postfix/sender_canonical /etc/postfix/sender_canonical.db
chmod 644 /etc/postfix/sender_canonical /etc/postfix/sender_canonical.db
I prefer to use TLS to transmit mail.

cp /etc/ssl/certs/thawte_Primary_Root_CA.pem /etc/postfix/cacert.pem
Now we can configure Postfix to use this files. Edit /etc/postfix/main.cf and add/modify the following lines to our main.cf

…..
inet_protocols = ipv4
relayhost = [smtp.office365.com]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_security_level = may
sender_canonical_maps = regexp:/etc/postfix/sender_canonical
smtp_tls_CAfile = /etc/postfix/cacert.pem
smtp_use_tls = yes
…..
Att.: The line inet_protocols = ipv4 force postfix to use only ipv4.

Restart Posfix.

service postfix restart
Now we can send a test message to see if everything worked. Create a file like /etc/postfix/mailtest.txt

to: emailto@domain.it
subject:Subject Test
Att.: Replace emailto@domain.it with the address you want to send your test to.

sendmail -v emailto@domanin.it < /etc/postfix/mailtest.txt Att.: Replace emailto@domain.it with the address you want to send your test to. If your test fails you can check the mail.log file to try and determine why.

tail – f /var/log/mail.log
Att.: After making changes be sure to restart Postfix before testing.
service postfix restart

Ref::

Configure Postfix to use Office365 SMTP Relay on Ubuntu 16.04

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s