some of our users use o365 but would like to use our service for outgoing mails. we are offering smtp sending services. integrating our service in o365 is tricky, as one can only specify a smarthost but microsoft does not offer any kind of authentication for smarthosts.
so i'm asking if someone also noticed that and can recommend best practice to allow o365 to relay via postfix without available sasl authentication in a secure way. I'm just baffled about microsofts move to remove authentication in there exchange cloud version and howto work around that in a reasonable way. Am Sonntag, 16. Juni 2019 schrieb Viktor Dukhovni < postfix-us...@dukhovni.org>: > On Sun, Jun 16, 2019 at 04:00:38PM +0200, Stefan Bauer wrote: > >> We are running a small smtp relay service with postfix for authenticated >> users. Unfortunately office 365 does not offer any smtp authentication >> mechanism when sending mails via connectors to smarthosts. > > There's a giant gap between the first sentence and the second. > You'll need to explain the use-case in considerably more detail. > > Why does Office365 elect to use your relay at all? Do they limit > the traffic so routed to just the authorized users? Are you sure > they can't/won't use a SASL login or TLS client cert to authenticate, > in this context. > > There's no magic, Postfix can only authorize based on IP address, > SASL or TLS auth, possibly further constrained by sender address > (which is never sufficient in isolation). > > -- > Viktor. >
