Having issues setting Office 365 as relay in postfix
yum install cyrus-sasl cyrus-sasl-plain cyrus-sasl-md5
sasl_passwd:
[smtp.office365.com]:587 user@xompany.com:password
main.cf:
relayhost = [smtp.office365.com]:587
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_auth_enable = yes
smtp_generic_maps = hash:/etc/postfix/generic
smtp_tls_security_level = may
smtp_sasl_security_options = noanonymous
cat /etc/sasl2/smtpd.conf
pwcheck_method: saslauthd
mech_list: plain login
Error:
localhost postfix/smtp[6073]: 60B1E400E9F9: SASL authentication failed; server smtp.office365.com[40.101.77.82] said: 535 5.7.3 Authentication unsuccessful [VI1PR07CA0165.eurprd07.prod.outlook.com]
what am i missing ? I see in some guides SSL certificates are used, if it's a must, what's procedure to obtain them ?
Best Answer
In our case it was the "Azure Security defaults" in https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Properties:
Security Defaults enabled:
SASL authentication failed; server smtp.office365.com[x.y.z.a] said: 535 5.7.3 Authentication unsuccessful
Security Defaults disabled (20min later):
relay=smtp.office365.com[x.y.z.a]:587, delay=17, delays=0.03/0.03/17/0.37, dsn=2.0.0, status=sent (250 2.0.0 OK
We are looking into the security setting exactly preventing SASL Auth.
EDIT: Without "Azure AD Premium" it is only possible to enable/disable AD security Defaults. With default settings, SMTP_Auth is legazy and not supported anymore. I still do not understand why SMTP_Auth is considered legacy
Some Background Information: https://practical365.com/azure-ad/what-are-azure-ad-security-defaults-and-should-you-use-them/