0

Trying to sort through an issue with using Postfix as an SMTP relay. The issue is that for our primary domain, hosted at O365, I get the following error in the Postfix log when I send an email to that domain from Postfix:

530 5.7.57 Client not authenticated to send mail.

This error occurs when mail is sent TO our default email domain: ourcompany.com (not a real domain) All other emails are delivered, even to an additional domains also hosted within the same Exchange environment in the cloud. So, if I send to pete@ourcompany.com I get an error on that delivery. If I send it to pete@ourothercompany.com, also hosted in the same Exchange instance, it is delivered.

What I suspect is that the sending address, which references the default domain, is the source of the issue. The sending/reply to email address is somebody@ourcompany.com and I think the fact that the email from address as @ourcompany.com and being delivered to ourcompany.com is being blocked because either it is detected as a spoof or the email wasn't sent FROM our default domain. The client not authenticated error throws me because the mail is being delivered to, not sent from, our default domain. There shouldn't be a "relay" going on. The Postfix server on our internal network is the "relay".

I have seen plenty of posts like this. Microsoft posts pretty much point to this as being the solution: https://docs.microsoft.com/en-us/exchange/mail-flow-best-practices/how-to-set-up-a-multifunction-device-or-application-to-send-email-using-microsoft-365-or-office-365#option-3-configure-a-connector-to-send-mail-using-microsoft-365-or-office-365-smtp-relay I also saw this: postfix relaying all mail through office365 problems

But my goal isn't to use O365 as a relay. The Postfix server is the relay. I just want the O365 Exchange server not to reject the inbound mail for that domain. Again, all email addresses EXCEPT the default domain emails in Exchange are delivered.

One other tidbit: We also have Barracuda in the mix but the error seems to be coming from Exchange, not Barracuda, so I don't think it is the source of the problem.

The sending server, a CentOS8 VM running Postfix version 3.5.8, has an internal address and a hostname of CentOS8 I added the external IP of our network to the SPF record since the traffic would flow out our default gateway. I have CentOS8.ourcompany.com as an accepted domain in Exchange.

If the goal is not to relay through O365 exchange but simply allow ourdomain.com to accept email sent from this other CentOS8 server, what do I need to do to allow that? It seems simple but I cannot find the solution that works.

Pete Helgren
  • 213
  • 1
  • 3
  • 13
  • So the order is postfix -> barracuda appliance -> NAT -> microsoft, and you are exclusively talking IPv4 on the last hop, correct? – anx Aug 17 '22 at 19:43
  • Yes. AFAIK...I didn't install the infrastructure, I am just a developer trying to send email from a servlet that relays through Postfix. I would have expected that Barracuda would be sending the NDR if it had bounced it (but I don't know for sure). There is a rule that bypasses Barracuda if it is received from an external source and matches the host/domain I am using. – Pete Helgren Aug 18 '22 at 20:13

0 Answers0