Select Page

Postfix, Office 365, SMTP AUTH and STARTTLS

by | Feb 8, 2014 | evilzenscientist

A fun day.

First up there is a feature gap on Azure – where there is no reverse DNS – i.e. PTR records – for virtual machines.

The main problem I am having since moving things to Azure is that mail delivery from Postfix is getting some hosts rejected – because the receiving MTA receives no host on reverse DNS lookup of the sending MTA. Imagine I sent mail to foo@bar.com – and my MTA is running with a public IP address of {x.x.x.x}. The receiving MTA does a reverse lookup for {x.x.x.x} and finds no record. The mail is bounced.

My solution is to send mail via Office 365 – reconfiguring Postfix to relay via Office 365 using SMTP. The added challenge – Office 365 uses TLS for security and requires STARTTLS.

As I mentioned – a fun day grinding through docs and understanding what was needed to get this to work.

The short version:

This is the additional config for Postfix – here I am using SLES 11 SP2 – this is in /etc/postfix/main.cf

# Use Office 365 as relay

relayhost = [smtp.office365.com]:587

# Use credentials for auth to Office 365
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
smtp_send_dummy_mail_auth = yes
smtp_always_send_ehlo = yes
smtp_tls_security_level = encrypt
smtp_use_tls = yes

smtp_tls_CAfile = /etc/ssl/certs/cacert.pem

# misc
tls_random_source = dev:/dev/urandom

#logging
#smtpd_tls_loglevel = 2
#smtp_tls_loglevel = 2

#enhanced logging for Office 365
#debug_peer_list = smtp.office365.com
#debug_peer_level = 4

The plaintext username/password pair were placed in /etc/postfix/sasl_passwd

[smtp.office365.com]:587        Office 365 authentication:complex password

I also modified /etc/postfix/sender_canonical to remap the default from name to the same name used for Office 365 authentication

wwwrun@myhostname.com  Office 365 authentication name

Finally I found an interesting set of bugs/features in WordPress – where the assumption is that the default PHP mailer is being used and that the wrong from email is being injected into the PHP mailer function. Messy. Opened for two years now.

This was resolved by using the WP Mail Options plugin to overwrite the mail from field.

End result – all working.

Hardware load-in

by | Jan 28, 2014 | evilzenscientist, Uncategorized

Early start this morning – head into Seattle to meet a truck and driver delivering a Perceptive Pixel 55” interactive touch screen for an event this evening.

The screen and PC are not too big – but they are fragile and expensive – so the shipping case is enormous! Over 1200 pounds (500kg) of wood, steel, wheels and hardware.WP_20140128_08_42_42_Pro

Delivery was an adventure; two hotels with similar sounding names within 100 yards of each other; narrow alleys; rubbish collection; cyclists and bad drivers.

WP_20140128_08_24_30_Pro

Eventually the box was unloaded and we went for an unescorted trip through the back offices of a large hotel. Guaranteed to get security interested and come find you 😀

PHP settings

by | Jan 19, 2014 | evilzenscientist, Uncategorized

Every time I move blog server I need to tweak PHP settings.

For my own sanity – here are the main ones:

 

memory_limit = 512MB

max_execution_time = 300

post_max_size = 32M

upload_max_filesize = 512M

Novell layoffs

by | Jan 18, 2014 | evilzenscientist, Uncategorized

Sad to see Novell do another, seemingly fatal, round of layoffs.

The few good people left seem to be gone; those that are left pretty much bare bones product maintenance. Looks like the entire legacy Attachmate product line and the legacy Novell product lines have been merged under a single management structure.

From what I hear it’s “do less, with less” – which is a sad whimper to end with.

Best wishes to those that got let go; it’s a different world outside. Almost six years since I walked away.