Configure Postfix to use Office365 SMTP Relay on Ubuntu 16.04

In this post I’ll show how to install and configure Postfix on Ubuntu 16.04 to use Office 365 services like smarthost/mail relay.

apt-get upgrade
apt-get update
apt-get install postfix sasl2-bin mailutils

sasl2-bin is an API thet implement Cyrus SASL API, and permit to integrate authentication mechanisms in Postfix
mailutils is a simple mail commands that will help testing our configuration.

During the Postfix configuration in request “General type of mail configuation” select “Internet Site”, and set your “System mail name” to use your FQDN (Fully Qualified Domain Name): in my case mailserver.infpressapochista.local
You can use the next command to obtain your FQDN.

hostname --fqdn

Now we need to define the credentials that will be used to establish the connection with Office 365 smtp server.
Create a file called sasl_passwd in /etc/postfix that contains the credentials: the username and password.

[smtp.office365.com]:587 usernameOffice365@domainOffice365.it:password

Att.: Replace usernameOffice365@domainOffice365.it and password with the appropriate credentials.
Postfix for some config files doesn’t use the flat ascii format, but uses a hash version of the same files that allows quicker lookup/retrieval.
This is one of them !

postmap hash:/etc/postfix/sasl_passwd

This command create an hash version of sasl_passwd plain ascii file: in /etc/postfix you should see sasl_passwd and sasl_passwd.db in the list.

Using Office 365 smtp we can only send mail (FROM field in email header) as the user we are connecting with, or an another account specified in office365 (Send As permission).

For this reason we need to configure postfix to modify the from field for all the outgoing mail.
Create a file called sender_canonical in /etc/postfix.

nano /etc/postfix/sender_canonical

Here you can add the next line.

/.+/ usernameOffice365@domainOffice365.it

Att.: Replace usernameOffice365@domainOffice365.it with the same account used in /etc/postfix/sasl_passwd or an another enabled account.
Create the hash version.

postmap hash:/etc/postfix/sender_canonical

For security purposes let’s make sure the owner of the files created above is the root user and the permissions are 644.

chown root:root /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db  
chmod 644 /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db  
chown root:root /etc/postfix/sender_canonical /etc/postfix/sender_canonical.db  
chmod 644 /etc/postfix/sender_canonical /etc/postfix/sender_canonical.db

I prefer to use TLS to transmit mail.

cp /etc/ssl/certs/thawte_Primary_Root_CA.pem /etc/postfix/cacert.pem

Now we can configure Postfix to use this files. Edit /etc/postfix/main.cf and add/modify the following lines to our main.cf

.....
inet_protocols = ipv4 
relayhost = [smtp.office365.com]:587 
smtp_sasl_auth_enable = yes  
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd  
smtp_sasl_security_options = noanonymous
smtp_tls_security_level = may
sender_canonical_maps = regexp:/etc/postfix/sender_canonical  
smtp_tls_CAfile = /etc/postfix/cacert.pem
smtp_use_tls = yes
.....

Att.: The line inet_protocols = ipv4 force postfix to use only ipv4.

Restart Posfix.

service postfix restart

Now we can send a test message to see if everything worked. Create a file like /etc/postfix/mailtest.txt

to: emailto@domain.it
subject:Subject Test

Att.: Replace emailto@domain.it with the address you want to send your test to.


sendmail -v emailto@domanin.it < /etc/postfix/mailtest.txt Att.: Replace emailto@domain.it with the address you want to send your test to. If your test fails you can check the mail.log file to try and determine why.

tail - f /var/log/mail.log
Att.: After making changes be sure to restart Postfix before testing.
service postfix restart
Linkografia
Relay mail with Office 365 and Postfix
Configure Postfix to Use Gmail SMTP on Ubuntu