... or whatever they are called.
Hello,
I come to you for help after a few days of work trying to figure out how
to go around what I understand to be a quirk of the office 365 mail
service. Any help is greatly appreciated, and thank you in advance for it.
So, context:
1) I work for a smallish company with about ~100 users. We have our own
domain and mailserver, running the latest kolab available (which use
postfix as one of it's components). Let's call my domain 'example.com'
2) some of my users are listed on a few "distribution lists" on the
office 365 side. Those "lists" have members from other domains too.
3) whenever one of those other members send mail to one of those lists,
every member gets their copy.
4) whenever one of my users sends an email to a list that he is a member
of, only the members that are not on '@example.com' get their copy. The
'@example.com' sender gets a DSN generated by office 365 saying
something along the lines of
'553 5.7.1 <sending-u...@example.com>: Sender address rejected: not
logged in'
Upon further inspection, I figured out what is probably obvious to you
by now: the office 365 lists do not change the 'Sender:' header of the
original message, and when it comes back to be delivered to its
'@example.com' members, it bumps into...
smtpd_sender_restrictions =
permit_mynetworks,
reject_sender_login_mismatch,
check_policy_service unix:private/sender_policy_incoming
... namely, that reject_sender_login_mismatch policy, because during the
SMTP session the MAIL FROM is set by outlook.com servers as
'sending-u...@example.com' (and those servers have obviously not logged
in as that user).
So, my question to you is, what is the current best practice to deal
with this?
As stated above, thank you in advance for your help.
Best regards,
Mário Barbosa
P.S.: Temporarily, with help of 'smtpd_restriction_classes' and
'check_client_access' I have managed to relax the
'reject_sender_login_mismatch' requirement on mails coming from the
office 365 servers, but I'd like to plug that hole as soon as possible.
