Postfix, Office 365, SMTP AUTH and STARTTLS

A fun day.

First up there is a feature gap on Azure – where there is no reverse DNS – i.e. PTR records – for virtual machines.

The main problem I am having since moving things to Azure is that mail delivery from Postfix is getting some hosts rejected – because the receiving MTA receives no host on reverse DNS lookup of the sending MTA. Imagine I sent mail to [email protected] – and my MTA is running with a public IP address of {x.x.x.x}. The receiving MTA does a reverse lookup for {x.x.x.x} and finds no record. The mail is bounced.

My solution is to send mail via Office 365 – reconfiguring Postfix to relay via Office 365 using SMTP. The added challenge – Office 365 uses TLS for security and requires STARTTLS.

As I mentioned – a fun day grinding through docs and understanding what was needed to get this to work.

The short version:

This is the additional config for Postfix – here I am using SLES 11 SP2 – this is in /etc/postfix/

# Use Office 365 as relay

relayhost = []:587

# Use credentials for auth to Office 365
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
smtp_send_dummy_mail_auth = yes
smtp_always_send_ehlo = yes
smtp_tls_security_level = encrypt
smtp_use_tls = yes

smtp_tls_CAfile = /etc/ssl/certs/cacert.pem

# misc
tls_random_source = dev:/dev/urandom

#smtpd_tls_loglevel = 2
#smtp_tls_loglevel = 2

#enhanced logging for Office 365
#debug_peer_list =
#debug_peer_level = 4

The plaintext username/password pair were placed in /etc/postfix/sasl_passwd

[]:587        Office 365 authentication:complex password

I also modified /etc/postfix/sender_canonical to remap the default from name to the same name used for Office 365 authentication

[email protected] Office 365 authentication name

Finally I found an interesting set of bugs/features in WordPress – where the assumption is that the default PHP mailer is being used and that the wrong from email is being injected into the PHP mailer function. Messy. Opened for two years now.

This was resolved by using the WP Mail Options plugin to overwrite the mail from field.

End result – all working.

One Reply to “Postfix, Office 365, SMTP AUTH and STARTTLS”

Leave a Reply

Your email address will not be published. Required fields are marked *