Graph and PowerShell Blog

Postfix Articles

Adding a Postfix server for relay to O365

Postfix routing by filtering

When I initially setup Postfix I was aiming to get away from a common setup where all email is routed into one Office365 mailbox using a username and password. Having a connector in-place allows me to use any 'from' address, but with the drawback that emails could still be sent to the Quarantine.

I had assumed with Postfix it was either one or the other but while researching further I found out you can make routing decisions based on email addresses, and get the best from both methods. With Microsoft's High Volume Email (HVE) you currently get 20 free accounts to relay email via.

This means that for some important mails that I never want to get quarantined, I can route them using a HVE account with a username and password. To setup the filtering you must first edit your main.cf file:

/etc/postfix/main.cf
====================
smtp_sender_dependent_authentication = yes
sender_dependent_relayhost_maps = hash:/etc/postfix/sender_relay

smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_sasl_auth_enable = yes # this won't affect your smart-host config

Once this is done we need to create 2 files, one for the filter and one for the account(s) to be used when relaying via smtp-hve.office365.com.

/etc/postfix/sender_relay
=========================
userA@domain.com [smtp-hve.office365.com]:587

/etc/postfix/sasl_passwd
========================
userA@domain.com userA@domain.com:password123

* You should run the following to make sure the file permissions are correct:
chmod 600 /etc/postfix/sasl_passwd

After setting up the files you need to hash them with Postfix and then restart the service.

postmap /etc/postfix/sender_relay
postmap /etc/postfix/sasl_passwd
postfix reload

* If you ever edit the 2 files you need to run postmap again.

In the logs we can see that the relay works straight away:

Jun 24 14:37:39 relay postfix/smtp[54490]: 19CxxxD: to=<sales@domain.com>, relay=smtp-hve.office365.com[172.211.197.77]:587, delay=1.9, delays=0.1/0/1.3/0.45, dsn=2.6.0, status=sent (250 2.6.0 < 36xxx45.x04.1719xxx050.JavaMail.vmuser@server.domain.local > Queued mail for delivery)

One thing to keep in mind is the 'from' address has to match the HVE account. So if you have an app that limits what address you can use you might want to look at Postfix's address rewrite.

Using smtp_generic_maps we can rewrite both from and to addresses. First, we set our main.cf file:

/etc/postfix/main.cf
====================
smtp_generic_maps = hash:/etc/postfix/generic

As before, we edit this new file:

/etc/postfix/generic
====================
test123@domain.com userB@domain.com
@exchange.domain.local userC@domain.com

Finally, we run post map and restart Postfix:

postmap /etc/postfix/generic
postfix reload

Graph and PowerShell Blog	Articles 2024 Postfix routing by filtering Advanced Postfix configuration Installing Exchange 2019 in Azure Landing Zone Upgrading PHP on Windows Adding a Postfix server for relay to O365 O365 Integrated Apps troubleshooting Domino and O365 Co-existence Delegate Control in AD App mail relay via HVE Setting up Mail Relay with HVE Getting BIMI certified Orbea Occam SL H30 Installing FreeSat and Saorview Changing broadband provider Replacing a DIN timer on fuseboard Outlook Desktop Notifications stop working Outlook folders keep moving sort order Teams report uploading to SharePoint with Runbooks Teams PowerShell module can't run CS cmd as App 2023 Cannot map new Shared Mailboxes in O365 Renewing an Exchange 2016 certificate Connect to Compliance PowerShell behind a Proxy Sensitivity Label not shown in Outlook Client Room Finder Error in Outlook Teams not showing Rooms Teams unable to open file Unable to review quarantined mails for shared mailbox Set Locale for various Apps Delegate Sent Items placed into external Tenant Overview of Microsoft Support cases When centralized mail sends via O365 Cleaning up your Windows DNS server Set OneDrive for Business Locale O365 Migration Tips Reporting on successful Azure logons IIS Mapi Queue full with NetScaler Secure Office365 reports with a certificate Using Graph to send emails with inline images Visualizing Graph data with Google Charts Keeping a log of NetScaler AlwaysON connections \| About \| Links

Postfix Routing by Filtering 24-Jun-24 Postfix Articles Adding a Postfix server for relay to O365 Advanced Postfix configuration Postfix routing by filtering Postfix Receive and Forward When I initially setup Postfix I was aiming to get away from a common setup where all email is routed into one Office365 mailbox using a username and password. Having a connector in-place allows me to use any 'from' address, but with the drawback that emails could still be sent to the Quarantine. I had assumed with Postfix it was either one or the other but while researching further I found out you can make routing decisions based on email addresses, and get the best from both methods. With Microsoft's High Volume Email (HVE) you currently get 20 free accounts to relay email via. This means that for some important mails that I never want to get quarantined, I can route them using a HVE account with a username and password. To setup the filtering you must first edit your main.cf file: /etc/postfix/main.cf ==================== smtp_sender_dependent_authentication = yes sender_dependent_relayhost_maps = hash:/etc/postfix/sender_relay smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_sasl_security_options = noanonymous smtp_sasl_auth_enable = yes # this won't affect your smart-host config Once this is done we need to create 2 files, one for the filter and one for the account(s) to be used when relaying via smtp-hve.office365.com. /etc/postfix/sender_relay ========================= userA@domain.com [smtp-hve.office365.com]:587 /etc/postfix/sasl_passwd ======================== userA@domain.com userA@domain.com:password123 * You should run the following to make sure the file permissions are correct: chmod 600 /etc/postfix/sasl_passwd After setting up the files you need to hash them with Postfix and then restart the service. postmap /etc/postfix/sender_relay postmap /etc/postfix/sasl_passwd postfix reload * If you ever edit the 2 files you need to run postmap again. In the logs we can see that the relay works straight away: Jun 24 14:37:39 relay postfix/smtp[54490]: 19CxxxD: to=<sales@domain.com>, relay=smtp-hve.office365.com[172.211.197.77]:587, delay=1.9, delays=0.1/0/1.3/0.45, dsn=2.6.0, status=sent (250 2.6.0 < 36xxx45.x04.1719xxx050.JavaMail.vmuser@server.domain.local > Queued mail for delivery) One thing to keep in mind is the 'from' address has to match the HVE account. So if you have an app that limits what address you can use you might want to look at Postfix's address rewrite. Using smtp_generic_maps we can rewrite both from and to addresses. First, we set our main.cf file: /etc/postfix/main.cf ==================== smtp_generic_maps = hash:/etc/postfix/generic As before, we edit this new file: /etc/postfix/generic ==================== test123@domain.com userB@domain.com @exchange.domain.local userC@domain.com Finally, we run post map and restart Postfix: postmap /etc/postfix/generic postfix reload