Postfix Relay to Office365

Question

I am trying to setup a Postfix server on a Linux box to relay all mail to our Office365 (Exchange, hosted by Microsoft) mail server, but, I keep getting an error regarding the sending address:

BB338140DC1: to= relay=pod51010.outlook.com[157.56.234.118]:587, delay=7.6, delays=0.01/0/2.5/5.1, dsn=5.7.1, status=bounced (host pod51010.outlook.com[157.56.234.118] said: 550 5.7.1 Client does not have permissions to send as this sender (in reply to end of DATA command))

Office 365 requires that the sending address in the MAIL FROM and From: header be the same as the address used to authenticate. I have tried everything I can think of in the config to get this working. My postconf -n:

append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
debug_peer_list = 127.0.0.1
inet_interfaces = loopback-only
inet_protocols = all
mailbox_size_limit = 0
mydestination = xxxxx, localhost.localdomain, localhost
myhostname = localhost
mynetworks = 127.0.0.0/8
recipient_delimiter = +
relay_domains = our.doamin
relayhost = [pod51010.outlook.com]:587
sender_canonical_classes = envelope_sender
sender_canonical_maps = hash:/etc/postfix/sender_canonical
smtp_always_send_ehlo = yes
smtp_sasl_auth_enable = yes
smtp_sasl_mechanism_filter = login
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options =
smtp_tls_CAfile = /etc/postfix/cacert.pem
smtp_tls_loglevel = 1
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes

/etc/postfix/sender_canonical:

www-data                address@mydomain.com
root                    address@mydomain.com
www-data@localhost      address@mydomain.com
root@localhost          address@mydomain.com

Also, sasl_passwd is set to the correct credentials (tested them using swaks multiple times.) Authentication works, and sends the message when the from headers are correct (also tested using swaks, which works)

The emails are coming from PHP, so I have also tried altering the sendmail path in php.ini to use pass the correct from address via -f

So, for some reason, mail coming from www-data and root are not having the from fields rewritten to Office 365's satisfaction, and it won't send the message.

Any postfix gurus out there that can help me setup this relay?

Answer 1

Just in case anyone comes across this later. I DID finally get a proper email relay working. The issues had to do with using an older version of postfix, which formatted the "FROM" element in the envelope in a way that Office 365 didn't like. Updating Postfix to 2.9 or greater (and using a config like the one above) solved the issue.

Answer 2

Solution:

1. Don't send mail to Office365 as a user from your Office365-hosted e-mail domain. Use a subdomain instead, e.g. address@services.mydomain.com instead of address@mydomain.com. It wouldn't hurt to set up an SPF record for services.mydomain.com or whatever you decide to use.

2. Don't authenticate against mail.messaging.microsoft.com as an Office365 user. Just connect on port 25 and deliver the mail to your domain as any foreign SMTP agent would do.

Answer 3

I've found that some SASL auth modules were missing. The following fixed it:

yum install cyrus-sasl-plain  cyrus-sasl-scram cyrus-sasl-md5  cyrus-sasl-ntlm

(plain module was probably enough)