Hi, I have a postfix-3.5.10 server on fedora35 and would like to experiment with relaying outbound mail from my Microsoft 365 test server through my postfix server to the recipient's final destination using certificates as a way to authenticate the sending Microsoft 365 server. Is this possible?
My postfix server is configured to receive mail for my domain (example.com), then forward the mail after having processed it through amavis, through to Microsoft 365 using inbound Connector. I have also built an outbound Connector in Microsoft 365 that routes all outbound mail for my domain to my postfix server so it can be scanned there before being delivered. Inbound mail works fine - my MX record is set to the postfix server, which accepts the mail and sends it through to my Microsoft 365 instance. I can also successfully send outbound mail through this Connector from my Microsoft 365 system to my postfix server, but mail not delivered to the local server is rejected because the Microsoft 365 server is not authorized to relay mail for my domain: Jan 22 12:03:52 xavier postfix-117/smtpd[2918841]: NOQUEUE: reject: RCPT from mail-dm3nam07lp2040.outbound.protection.outlook.com[104.47.56.40]: 554 5.7.1 <mysqlstud...@gmail.com>: Relay access denied; from=<a...@example.org> to=<mysqlstud...@gmail.com> proto=ESMTP helo=<NAM02-DM3-obe.outbound.protection.outlook.com> I would like to set up a digital certificate that's used as a way to authenticate the Microsoft 365 client server connecting to the postfix server in order for it to be able to relay mail to mail servers on the Internet. I recall reading about that many years ago, but I haven't been able to find anything that isn't related to using Microsoft 365 as the relay, or that is using SASL to relay mail TO Microsoft 365, not FROM it. Thanks, Alex
