Configuring Monit to Send Mail through Office365

microsoft-office-365monitoutlookoutlook-web-appsmtp

I'm trying to configure monit to send emails through Office365. Here's the relevant configuration:

set mailserver smtp.office365.com port 587 username "username" password "password" using tlsv1 with timeout 30 seconds

Unfortunately, it doesn't work. Here's the relevant error from /var/log/monit.log:

[PST Feb 27 06:40:48] error : Sendmail error: 534-5.7.9 Please log in with your web browser and then try again. Learn more at

(Yes, the error is truncated.)

The credentials are correct – I've successfully used them to log in to Office 365/Outlook. I've also used this account to send mail through a Rails app, so I'm assuming the configuration issue is on Monit's end, and not Microsoft's.

It seems someone ran into a similar roadbump here. While I can't find any documentation confirming that Monit supports TLS v1.1, I'd be surprised if it didn't (the spec is 8 years old now).

Is there something I'm missing?

Best Answer

"504 5.7.4 Unrecognized authentication type" is a response to your request. It means you are requesting access via an authentication type that is not supported by the connection.

I am not familiar with MONIT - so I can't help with the configuration completely but review these configuration items:

Be sure that the FROM in the message is the same as the account you are logging in as.
Check the Authentication type directly that is also being passed. If your configuration shows AUTH LOGIN Try to change that to AUTH BASIC.
O365 supports TLS 1.0, 1.1, and 1.2 - however, you must also be sure you have the proper cipher suites enabled that are supported by O365 or a connection will not be made. See here for supported cipher suites: https://technet.microsoft.com/en-us/library/mt163898.aspx To find what you are using or trying to use - you need to do a packet trace - which will show you which protocol you are using, version, and the cipher suite (or if you are not using a compatible one). Use something like WireShark to get this info. All OSes will have a default set of cipher suites enabled - but will let you enable others as well as change the order they are attempted.

SASL Authentication Check List

Base on question and comments, sasl may not be setup correctly. Following check list is created base on Ubunut Guide provided in question.

Check file/etc/postfix/sasl/smtpd.conf, should be like following
```
pwcheck_method: saslauthd
mech_list: plain login
```

Check libsasl installed

dpkg -l | grep sasl

Should have the following (version number may differ)

ii  libsasl2-2           2.1.25.dfsg1-4    Cyrus SASL - authentication abstraction library
ii  libsasl2-modules     2.1.25.dfsg1-4    Cyrus SASL - pluggable authentication modules
ii  sasl2-bin            2.1.25.dfsg1-4    Cyrus SASL - administration programs for SASL users database

Check saslauthd is running
```
ps -ef | grep sasl
```

Check saslauthd PWDIR

grep PWDIR /etc/default/saslauthd

Output should be

PWDIR="/var/spool/postfix/var/run/saslauthd"

Postfix submission/587

/etc/postfix/master.cf

The Ubuntu guide only un-comment one line

submission inet n       -       -       -       -       smtpd

Try ucomment the whole section, including the options following it

submission inet n       -       -       -       -       smtpd
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING

Then restart postfix

sudo service postfix restart

Double check your smtp login name

Since the guide is not using virtual user, your smtp login name should be joe only, not joe@mysite.com. Double check email clients on your deivces/computers/webservices(gmail) are NOT using your email address as smtp login name. (Many do that for you. You will have to manually change it if so.)
Remove Password Map

I believe you are authenticating against local Linux account, not virtual user. Remove the following lines in /etc/postfix/main.cf
```
# password maps will not work. Customer must provide credentials
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
```

Best Answer

Related Solutions

Postfix/SMTPD – Relay Access Denied When Sending Outside Network

Can’t connect to SMTP over 587

SASL Authentication Check List

Postfix submission/587

Related Topic