Postfix is a powerful open source email server with many customization options available built-in. I recently had a requirement to configure an organization-wide email server to do SMTP relay for Office365 and allow our Java, JS and Python applications to send emails from different Office365 email IDs based on the details of the sender's subject(s).
Before thinking about multiple email id's and sender based relay in postfix. We covered basic setup and sent out our test emails.
I will divide this article into four parts or subtopics
- Configuring Postfix SMTP relay for Office 365 and testing with unique email id/domain
- Configuring Postfix SMTP relay for multiple domains and sender-based relay
- SMTP Relay Troubleshooting and Email Delivery Troubleshooting
- Check your email score (or) spam test result
Before we continue with these three steps, I'd like to take you on a quick tour of the three different connection methodologies you can have with Office365. Knowing which one you are using will help you troubleshoot faster when you run into one.
Three supported integration typesoffice 365.
If you browse the Internet, you will find many articles with different methods to configure POSTFIX SMTP relay or to connect your application or device and relay your emails. So I'm listing the three different types of integrations we can do with Office365 to send email.
1. SMTP client submission
The client must be connected to the server “smtp.office365.com” on port 587 and in this approach we can send emails to internal and external recipients.
2. Drop shipping
In this method, we are connecting to our organization's mail server hostname (MX) whose name ends with "mail.protection.outlook.com"
In my case,gritfy-com.mail.protection.outlook.comit's my mail server. to find out your organization's email server MX record usagehttps://mxtoolbox.com/
With this method, the email cannot be sent to recipients outside your organization
3. Office 365 SMTP relay (discussed in this post)
In this method, we are connecting to our organization's mail server hostname (MX) whose name ends with "mail.protection.outlook.com"
There is a connector set up in Office 365 for emails sent from your organization's email server. In our case it is suffix.
In this method, we can send mail to external recipients, as well as an internal organization.
SimpleSMTP relaycom Postfix Office365
As shown in method 3 above, we are going to set up an SMTP relay with connectors in Office365 and Postfix to send emails to internal and external recipients.
Let's start by installing the postfix mail server on your Linux host. you have to choose your appropriate package manager likemmmoapt-get
Postfix mail server installation
In my case it's CentOS so I'm going with yum
yum install postfijo
Update Postfix configuration
if you go to/etc/postfijodirectory and list the files, you will find a set of configuration files already present and let's update some of the settings to make SMTP relay work through office365
Update relay host in postfix config
the first file we will make changes to isprincipal.cffile and you have to find and update the parameter calledrelay_host=if commented, uncomment
You will use your organization's MX server endpoint with port number 25. In my case it is
relayhost = [gritfy-com.mail.protection.outlook.com]:25
Update outgoing SMTP relay settings
The sameprincipal.cffile add the following lines to the end of the file, The configuration is to enable a Security file using sasl_passwd where we would be setting our email and password. We can also configure outgoing mail to be encrypted with TLS usingsmtp_tls_security_leveloption, but in this post, we are going without TLS
smtp_sasl_auth_enable = yessmtp_sasl_password_maps = hash:/etc/postfix/sasl_passwdsmtp_sasl_security_options = noanonymous smtp_tls_security_level = may header_size_limit = 409600
So we define thepassword_mapsinside the main.cf file, but you haven't created it yet. so our next step is to create one and it should be in the/etc/postfijodirectory with namesasl_password
Create sasl_passwd file with authentication information
Create a new file called sasl_passwd in /etc/postfix and enter your Office365 account details.
It is recommended that this account does not have administrator privileges, assasl_passwordThe file would contain this password as clear text.
Here is the contents of my sasl_passwd file for your reference.
[gritfy-com.mail.protection.outlook.com]:25[email protected]:Secure passwordPostfix reads the login information from the database file, so it is necessary to convert this file to a *.db format. be able to do that
you can use the command
mapa postal /etc/postfix/sasl_passwd
after successful execution of this command you can see that a new file with the same name will be created with.dbextension
By default these files would have global read permissions which would allow all users connected to the server to read the files. To avoid it, consider setting some file permissions as below. this would allow only owners to read and write the file and restrict everyone else
sudo chmod 0600 /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db
Now we have configured postfix mail server but since we are using SMTP relay method of Office365 integration we need to create our Office365 connector which requires Office365 admin privileges.
Create connector in Office365
To create a connector in Office365, you must have the Global Administrator or Exchange Administrator role.
Sign in to the Office365 Exchange admin page andmail flowoption would find an option calledconnectorsclick on it to create a new connector
After clicking on the Connectors, you will be asked for some details where you need to choose the Connector to allow clients based on Certificate or IP.
In this post, we are going to use the IP method where the Office365 Connector allows client applications like Postfix to send emails when they come from a specific public IP address.
So if you are implementing this in your organization it is recommended to have a static public IP enabled for your Linux server. for AWS users it is even simpler as you can assign an Elastic IP to your instance where you are setting this up.
Take a look at this screen log of me doing the same setup.
Update the SPF record with your public IP (to prevent your email ending up as SPAM)
All the steps we've done so far are enough to get your email out of Postfix Relay.
We must do one more thing to save our emails that end up in the SPAM folder.
If you're in the AWS world, you can easily do this on Route53. if you're on public providers like GoDaddy and Bluehost, you'll need to find their technical documentation on how to add that new SPF record.
Basically, our goal here is to add our public ipv4 IP to the SPF record. It would be like this, you can keep adding many ipv4 records as you add more
v=spf1 ip4:49.205.79.85 includes:spf.protection.outlook.com -all
To create SPF records in the correct syntax you can useSPF record generator
To validate your SPF record, you can use thissuperherramienta mxtoolbox
Whitelist Your Server URL in Office365
Also, you need to whitelist your server's IP for Office365 to accept your connection request on port 25 and honor your email delivery.
Exchange Admin Center -> Connection Filter -> Add Allowed IP Address
If your IP is not whitelisted, you may see some errors like below.
30 de julho 22:35:57 mwiapp01 postfix/smtp[18821]: AC8A74078131: to=<[email protected]>, relay=gritfy-com.mail.protection.outlook.com[104.47.100.36]:25, delay=5.9, delays=0.09/0.05/4.1/1.6, dsn=5.7.750, status=bounced (gritfy host- com.mail.protection.outlook.com[104.47.100.36] said: 550 5.7.750 Service Unavailable Client cannot send from unregistered domains For more information, visit http://go.microsoft.com/fwlink/? LinkId=526653.AS (800051)[MA1IND01FT006.eop-IND01.prod.protection.outlook.com] (in response to the end of the DATA command))Restart Postfix and send an email to test it
Now go back to the server and restart your postfix using yoursystemctloServicecommand and after validating the start of services. a test email can be sent to validate your configuration
echo "Some email to test"|mailx -s "Test email" -r[email protected] [email protected]
If everything went well, you should see your email.status=senton your email record usually located at/var/log/maillog
Jul 30 10:44:32 pmpp01 postfix/smtp[19253]: 60DAF4078131: to=<[email protected]>, relay=gritfy-com.mail.protection.outlook.com[104.47.100.36]:25, delay=7.2, delays=0.05/0.03/4/3.1, dsn=2.6.0, status=sent (250 2.6. 0 <5f234d49.DY75T7s4TYaD7ECn%[email protected]> [ InternalId= 23136988825661 , Hostname = MA1PR01MB3468 .INDPRD01 .PROD : eliminado
multiple domains andsender-based relayPostFIX Office365
You can have more than one repeater in Postfix, and configure Postfix to choose repeater settings and credentials based on the sender's email ID.
For example, if you want to send emails from two different users on the same domain, you can do
[email protected][email protected]
or if you want to send emails from two different domains and email ids you can also do that with postfix
[email protected][email protected]
So how to get sender based SMTP relay in postfix?
If you're trying to use two different Office365 accounts, you'll need to follow the same steps as we did above. Since this post is about Office365 and postfix, let me assume the other account is also hosted on Office365.
Therefore, you must also perform these steps again on the other email domain. in my case it ismiddlewareinventory.comas I already did these steps togrify.com
- Create a connector in corresponding Office365 and allow your server IP
- Whitelist your IP in Exchange connection filter
- Update your SPF record and add the IP of the server your Postfix is running on
I assume that you performed these steps without any problems. Let's move on to the postfix configuration section.
Update the Postfix main.cf configuration to support sender-based relaying
If you are following single SMTP relay and this multiple SMTP relay you need to update some values. If you are configuring sender-based relaying directly, just copy and paste these values into your/etc/postfix/main.cffile at the bottom
smtp_sasl_auth_enable = yessmtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd_mapssmtp_sasl_security_options = noanonymoussmtp_tls_security_level = mayheader_size_limit = 4096000inet_protocols = allsmtp_sender_dependent_authentication = yessender_dependent_relayhost_maps = hash:/etc/postfix/relay_by_sender
If you look at the configuration, there are two files (maps) that we need to create and put on the server. First, let's create the/etc/postfix/relay_by_senderfile needed for sender dependent relay in Postfix
Create a relay_by_sender file for Postfix and keep the mail server details (MX)
Withinrelay_by_senderfile, we need to paste the following content. Be sure to update these values with the smart host (mail server) details of your mail server.
[email protected][gritfy-com.mail.protection.outlook.com]:25[email protected][devopsjunction.mail.protection.outlook.com]:25
After saving the file in/etc/postfix/relay_by_sendernow you need to create a DB file for postfix to use. using the postmap command
mapa postal /etc/postfix/relay_by_sender
Create Sasl_Passwd_maps file with relays and credentials
Now we need to provide credentials for the two relays we created. then create a file below/etc/postfijowith the namesasl_passwd_maps
[gritfy-com.mail.protection.outlook.com]:25[email protected]:Micontraseñasecret[devopsjunction.mail.protection.outlook.com]:25[email protected]:Clave
and just like you did before you need to create the db file using postmap
mapa postal /etc/postfix/sasl_passwd_maps
Reload or restart the Postfix server and test the relays
You have now made the necessary changes for your sender-based broadcasts to work. So go ahead and restart/reload your postfix server
service postfix reload (or) service postfix reset
Send some test emails to validate that the emails are going through the correct relays.
To test the first sender with gritfy.com. Mention the return address with-rwhen sending your email.
echo "Some email to test"|mailx -s "Test email" -r[email protected] [email protected]
To test the second sender with devopsjunction.com, update the sender address after-rand hit
echo "Some email to test"|mailx -s "Test email" -r[email protected] [email protected]
to know which relay the email is going through and see if it was sent to the recipient or not. use the email registration which is usually found at/var/log/maillog
31 de julho 00:58:35 mwiapp01 postfix/smtp[26151]: 28D5A4078131: to=<[email protected]>,relay=gritfy-com.mail.protection.outlook.com[104.47.100.36]:25, delay=7.8, delays=0.06/0.05/4.2/3.5, dsn=2.6,0,status=sent(250 2.6.0 <5f236cb4.kaTYiINfdbNN2Gyr%[email protected]> [InternalId=22905060593379, Hostname=MAXPR01MB4031.INDPRD01.PROD.OUTLOOK.COM] 8684 bytes at 0.610, 13.883 KB/s Mail queued for delivery) Jul 31 00:58:35 mwiapp01 postfix/qmgr:42875.A] eliminated
So we have successfully tested single and multiple sender relay with Office365 and Postfix
Now I want to provide some links to help you troubleshoot SMTP relay and troubleshoot your configuration.
Problems solutionSMTP relay issues
I already faced some errors while implementing this configuration and I found some articles on the internet that helped me. I am listing them here for your reference.
This type of SMTP relay is a bit complex but highly customizable and programmable as it connects directly to the Office365 MX Server or Smart Host. There are many restrictions to identify and ensure that you are not a spammer.
Like IP restrictions and blocks, etc., and the other issue could be SPF and IP whitelisting. So make sure you do everything discussed in this post without missing out yet if you run into problems here are some links I can refer you to
- Microsoft Article on SMTP Relay Troubleshooting
- Five possible main causes for relay access denied and how to fix it
- IP blacklist checker and email delivery issue finder
Test SMTP settings score or spam test result
I recommend testing your SMTP configuration by sending an email to the dynamic email id generated byhttps://www.mail-tester.com/
Visit the web page and copy the dynamic email id shown on the screen and once the email is sent. Check your score. I would list your spam and email setup issues with possible solutions
I have prepared this article in the hope that it serves as a one-page reference when you want to configure Postfix Office365 SMTP relay and troubleshoot issues. I hope it helps.
Ask me questions using comments
Health
Sarav Ak
follow usFacebookoGoreFor more how-to videos and tutorials.Subscribe to our channelSiga-me no LinkedinMy profileFor any question or to hire us[email protected]If you like this item. Show your support!Buy me a coffee.
Sign up to receive exclusive "subscriber only" content
More than middleware inventory
- (Video) Send Only SMTP Server using Postfix and Mailutils
Ansible lineinfile multiple lines - Replace multiple lines | DevOps Crossover
In this post, we'll see how to use Ansible's lineinfile module to replace multiple lines at once. How to use multiple regular expressions or Regex at the same time. How to combine multiple lines. For this example, let's take the apache file httpd.conf...
FAQs
Does Office 365 allow SMTP relay? ›
SMTP relay lets Microsoft 365 or Office 365 relay emails on your behalf by using a connector that's configured with your public IP address or a TLS certificate.
What is the difference between Office 365 direct send and SMTP relay? ›Microsoft 365 or Office 365 SMTP relay is similar to direct send except that it can send mail to external recipients. Due to the added complexity of configuring a connector, direct send is recommended over Microsoft 365 or Office 365 SMTP relay, unless you must send email to external recipients.
Why is my SMTP relay not sending mail? ›Verify that your firewall or antivirus software is not blocking the outgoing mail server/SMTP relay. Try turning off your firewall or antivirus software and sending a message. If the message goes through, you need to adjust your firewall or antivirus software's settings.
What SMTP server to use for Office 365? ›| Device or Application setting | Value |
|---|---|
| Server/smart host | smtp.office365.com |
| Port | Port 587 (recommended) or port 25 |
| TLS/StartTLS | Enabled |
| Username/email address and password | Enter the sign in credentials of the hosted mailbox being used |
Simple Mail Transfer Protocol (SMTP) is a straightforward process that allows users to send, relay, and monitor outgoing emails. An SMTP relay service—also commonly known as an SMTP gateway service—takes this a step further by allowing you to send more transaction and marketing-related emails.
Can I use any SMTP server to send emails? ›Yes! You can. If you're using other email clients, such as Thunderbird or Outlook, you can use the Gmail SMTP server details to still send emails via your Gmail account. However, remember that SMTP is just for sending email.
When should I use an SMTP relay service? ›An SMTP relay service is the best way to manage batch sends and automated emails. Sending over SMTP through a trusted 3rd party will help you ensure that you don't experience deliverability issues and that your mail keeps flowing to the inbox without any issues.
How do you check SMTP relay server is working or not? ›- Step 1: Install the Telnet Client on your computer. ...
- Step 2: Find the FQDN or IP address of the destination SMTP server. ...
- Step 3: Use Telnet on Port 25 to test SMTP communication. ...
- Step 4: Success and error messages in the Telnet Session.
- Check the SMTP server settings. SMTP server address—Check the host name or network address of the SMTP e-mail server. ...
- Check the SMTP authentication settings. Check whether the e-mail server requires authentication. ...
- Test SMTP settings by sending a test e-mail. If you are unable to send a test e-mail:
Click the Delivery tab, then the Outbound Security button. Select Basic Authentication or OAuth Authentication. Enter the credentials of a Office 365 user who you want to use to relay SMTP mail. Select TLS Encryption, then click OK.
Is postfix a POP or IMAP? ›
Postfix is a mail transfer agent and does not implement POP or IMAP. This chapter looks at how Postfix delivers messages and how they are read by POP/IMAP servers.
How do you install and configure postfix as a send only SMTP server? ›- Prerequisites.
- Step 1 — Installing Postfix.
- Step 2 — Configuring Postfix.
- Step 3 — Testing the SMTP Server.
- Step 4 — Forwarding System Mail.
- Step 5 — Enabling SMTP Encryption.
- Conclusion.
| Email Provider | IMAP Settings |
|---|---|
| Microsoft 365 Outlook Hotmail Live.com | Server: outlook.office365.com Port: 993 Encryption: SSL/TLS |
| MSN | Server: imap-mail.outlook.com Port: 993 Encryption: SSL/TLS |
SMTP Port 587
Whereas port 25 is the recommended port number for SMTP communications between mail servers (i.e., for relaying messages), port 587 is the one recommended for message submissions by mail clients to mail servers.
The maximum number of email messages you can send is 300 per day. For Microsoft 365 subscribers the daily recipients limit is 5,000 with the maximum recipients per message being 500.
Do I need SMTP server to send email? ›Why You Need An SMTP Server? Without an SMTP server, you cannot send your email to its destination. When you click the “send” button from your email client, your email messages get automatically converted into a string of codes and are transferred to your SMTP server.
Can you use Gmail as an SMTP relay? ›If your organization uses Microsoft Exchange or another SMTP service or server, you can set up the SMTP relay service to route outgoing mail through Google. You can use it to: Filter messages for spam and viruses before they reach external recipients. Apply email security and advanced Gmail settings to outgoing ...
What is SMTP relay for mass emails? ›An SMTP relay is an email relay service that routes high volumes of email messages through SMTP servers so they don't end up in the spam folder. A relay, or mail relay, describes the zig-zag process of passing an email from one email server to another until it reaches the recipient.
Which is the free SMTP server for sending bulk email? ›- Google.
- Amazon SES.
- Moosend.
- SMTP2GO.
- Postmark.
- SocketLabs.
- Pepipost.
- Mailgun.
- Sendinblue.
- SendGrid.
- Elastic Email.
- Amazon SES.
- Mailjet.
What are the limitations of SMTP? ›
The main drawback of sending through an SMTP server is that it is insecure, it can be easily hacked. There are so-called “fake emails” that are messages sent using any address (for example billgates@microsoft.com) to any recipient. Another disadvantage is the server limitation.
How to setup SMTP relay connector Office 365? ›Step 1: Log in to your Office 365 tenant, open the Exchange Admin center and click Mail flow, and click Connectors. Step 2: Click the “+” symbol to create a new connector. Step 3: Under Select your Mail Flow Scenario, set the "From" field as Partner Organization, and the "To" field as Office 365.
Is not authorized to relay messages through the Office 365 email servers? ›It's likely that the email server isn't correctly set up to receive and relay messages from your organization. To fix this issue, forward this non-delivery report (NDR) to your email admin.
How to configure IIS for relay with Office 365? ›Select Start > Administrative Tools > Internet Information Services (IIS) 6.0. Expand the current server, right-click the SMTP Virtual Server, and then select Properties. On the General tab, select Advanced > Add. In the IP Address box, specify the address of the server that's hosting the SMTP server.
Does Office 365 SMTP require TLS? ›To provide the best-in-class encryption to our customers, Microsoft has deprecated Transport Layer Security (TLS) versions 1.0 and 1.1 in Office 365 and Office 365 GCC. However, you can continue to use an unencrypted SMTP connection without any TLS. We don't recommend email transmission without any encryption.
What are the throttling limits for Office 365 SMTP relay? ›Additional throttling limits for the SMTP Authentication protocol are: 30 messages per minute. Recipient rate limit of 10,000 recipients per day.