How to configure postfix on Ubuntu to relay emails through Office 365 (SMTP) with TLS

Question

I'm attempting to setup a postfix relay to our new Office365 setup for some internal devices on our network that require this specific setup. I've been trying various sites with configs and troubleshooting tips around the web for the better part of two days but I keep running in to the following error in /etc/log/mail.log when I attempt to send using: mail user@domain.com Any help would be greatly appreciated.

Jun 19 05:41:16 smtphost postfix/smtp[1357]: warning: smtp.office365.com[157.56.96.22]:587 offered null AUTH mechanism list
Jun 19 05:41:17 smtphost postfix/smtp[1357]: warning: SASL authentication failure: No worthy mechs found
Jun 19 05:41:17 smtphost postfix/smtp[1357]: 5E7A32034A: to=<user@domain.com>, relay=smtp.office365.com[157.56.96.22]:587, delay=7289, delays=7283/0.32/5.6/0, dsn=4.7.0, status=deferred (SASL authentication failed; cannot authenticate to server smtp.office365.com[157.56.96.22]: no mechanism available)

Here is the ouput of my postconf -n

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases

append_dot_mydomain = no
biff = no
config_directory = /etc/postfix

inet_interfaces = loopback-only
inet_protocols = ipv4

mailbox_size_limit = 0

mydestination = smtphost, localhost.localdomain, localhost
myhostname = smtphost
mynetworks = 127.0.0.0/8
myorigin = /etc/mailname

readme_directory = no
recipient_delimiter = +

relayhost = smtp.office365.com:587

smtp_always_send_ehlo = yes
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous, noplaintext
smtp_tls_CAfile = /etc/postfix/cacert.pem
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = smtpd
smtpd_sasl_type = dovecot
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes

here are the contents of my sasl_passwd file:

smtp.office365.com 365user@365domain.com:p@ssword

Answer 1

I had a similar problem and used 'smtp_tls_security_level = encrypt' to fix.

Answer 2

According to the this MS Knowledge base article You need a postfix 2.9 or later for relaying to work.

I ended up installing postfix-2.10.1 from source along with cyrus-sasl-2.1.25 (not dovecoat like you seem to be using in your setup) Since my distribution of choice has a to old postfix version in its repositories.

Using the following make flags taken from the postfix documentation here and here

make makefiles CCARGS="-DUSE_SASL_AUTH -DUSE_CYRUS_SASL -DUSE_TLS -I/usr/local/include/sasl -I /usr/local/include " AUXLIBS=" -lsasl2 -lssl -lcrypto"

I still get the message "offered null AUTH mechanism list" in my postfix mail log. But mails are delivered properly.

Note: Using email addresses that differ from the account email address (or alias) are rejected by the microsoft mail servers.

But you can change the FROM: field to whatever you like. If you find a way around this leave a comment.

Answer 3

You need to make sure you've got SASL auth mechanisms installed:

yum install cyrus-sasl-plain cyrus-sasl-scram cyrus-sasl-md5  cyrus-sasl-ntlm