On 04/25/2017 01:19 PM, robert.wo...@robertwolfe.org wrote: > On 2017-04-25 01:54, martijn.list wrote: > >> I need to configure a smart host for Exchange Online (Office 365), i.e., >> all email sent with Exchange Online should be relayed through an >> external Postfix server (smarthost). O365 allows a smarthost to be >> configured. Unfortunately you can only configure the hostname (or IP) of >> the smarthost but not some sort of authentication. Because O365 does not >> support an authenticated connection, I need to add filtering based on >> sender domain (assuming that O365 does not allow other users to spoof a >> sender domain). The complicating factor is that I also want the Postfix >> server to accept email for the domains hosted by O365, i.e., Postfix >> should accept the email for my domains and then forward it to O365. > > So by using the term "smart host," I am taking that to mean you are > wanting all email from O365 to be relayed through your postfix box, when > in fact it seems you are wanting to implement some sort of filter, > correct? Or am I misunderstanding your use of the term "smarthost"?
Yes that is correct. The following configuration seems to work. In main.cf: mynetworks = 23.103.132.0/22, 23.103.136.0/21, .. other IP ranges used by O365 smtpd_client_restrictions = check_client_access cidr:/etc/postfix/o365_ip_ranges o365_check_sender_domain = check_sender_access hash:/etc/postfix/o365_authorized_senders, reject_unauth_destination smtpd_restriction_classes = o365_check_sender_domain o365_ip_ranges file: 23.103.132.0/22 o365_check_sender_domain 23.103.136.0/21 o365_check_sender_domain ... other IP ranges used by O365 o365_authorized_senders file: <> OK exchange-online.example.com OK Note: <> is added to allow bounces But perhaps there is an easier/better way. Kind regards, Martijn
