Postfix relaying through windows smtp relay Send as issue
by 6dret43 from LinuxQuestions.org on (#4VJNX)
Hi guys,
First I would like to thank the opportunity to post my issue here and I hope it is interesting for everyone reading.
Ok, so I will describe the environment first. I have got a win2016 server with the smtp virtual server running on it, which is working fine because on the same server runs the WSUS service and sends the email notifications fine through the smtp service.
This smtp service authenticates against office365 and relays the emails correctly.
ok, so then, I say, I have another server, which is an ubuntu server, setup for the Nagios monitoring, and I also need this to send emails, so I installed postfix on it. Now I have been already troubleshooting this and I am pretty advanced I think, the postfix sends the email to the windows smtp service fine, but at the end I get a sendasDeniedException error, I understand that the office365 account is trying to send an email with the postfix sender which is root@hostname.domain and it won't allow.
Some of the main postfix config files..
/etc/postfix/main.cf
Code:# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = yes
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
debug_peer_list = 192.168.19.245
# TLS parameters
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = srvfpamonp02
#myorigin = $myhostname
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,
mynetworks = 192.168.18.0/24, 192.168.19.0/24, /127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
recipient_delimiter = +
inet_protocols = all
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_local_domain =
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
mynetworks_style = subnet
relayhost = [srvfpawsus01.fp.local]
#transport_maps = hash:/etc/postfix/transport
#relay_domnains = fp.local
smtp_sasl_password_maps = hash:/etc/postfix/smtp_sasl_password_map
#inet_protocols = ipv4
smtp_sasl_auth_enable = yes
debug_peer_level = 10and here is the windows smtp relay log
Code:40.101.92.178 - OutboundConnectionResponse [23/Nov/2019:13:18:45 +0100] "- -?220 MRXP264CA0031.outlook.office365.com Microsoft ESMTP MAIL Service ready at Sat, 23 Nov 2019 12:18:44 +0000 SMTP" 0 109
40.101.92.178 - OutboundConnectionCommand [23/Nov/2019:13:18:45 +0100] "EHLO -?SRVFPAWSUS01.fp.local SMTP" 0 4
40.101.92.178 - OutboundConnectionResponse [23/Nov/2019:13:18:45 +0100] "- -?250-MRXP264CA0031.outlook.office365.com Hello [41.63.161.35] SMTP" 0 60
40.101.92.178 - OutboundConnectionCommand [23/Nov/2019:13:18:45 +0100] "STARTTLS - SMTP" 0 8
40.101.92.178 - OutboundConnectionResponse [23/Nov/2019:13:18:45 +0100] "- -?220 2.0.0 SMTP server ready SMTP" 0 27
40.101.92.178 - OutboundConnectionCommand [23/Nov/2019:13:18:46 +0100] "EHLO -?SRVFPAWSUS01.fp.local SMTP" 0 4
40.101.92.178 - OutboundConnectionResponse [23/Nov/2019:13:18:46 +0100] "- -?250-MRXP264CA0031.outlook.office365.com Hello [41.63.161.35] SMTP" 0 60
40.101.92.178 - OutboundConnectionCommand [23/Nov/2019:13:18:46 +0100] "AUTH - SMTP" 0 4
40.101.92.178 - OutboundConnectionResponse [23/Nov/2019:13:18:46 +0100] "- -?334 UGFzc3dvcmQ6 SMTP" 0 16
40.101.92.178 - OutboundConnectionResponse [23/Nov/2019:13:18:47 +0100] "- -?235 2.7.0 Authentication successful SMTP" 0 35
40.101.92.178 - OutboundConnectionCommand [23/Nov/2019:13:18:47 +0100] "MAIL -?FROM:<root@srvfpamonp02.localdomain> SIZE=581 SMTP" 0 4
40.101.92.178 - OutboundConnectionResponse [23/Nov/2019:13:18:47 +0100] "- -?250 2.1.0 Sender OK SMTP" 0 19
40.101.92.178 - OutboundConnectionCommand [23/Nov/2019:13:18:47 +0100] "RCPT -?TO:<fgarciad@axpe.com> ORCPT=rfc822;fgarciad@axpe.com SMTP" 0 4
40.101.92.178 - OutboundConnectionResponse [23/Nov/2019:13:18:48 +0100] "- -?250 2.1.5 Recipient OK SMTP" 0 22
40.101.92.178 - OutboundConnectionCommand [23/Nov/2019:13:18:48 +0100] "BDAT -?581 LAST SMTP" 0 4
40.101.92.178 - OutboundConnectionResponse [23/Nov/2019:13:18:49 +0100] "- -?554 5.2.0 STOREDRV.Submission.Exception:SendAsDeniedException.MapiExceptionSendAsDenied; Failed to process message due to a permanent exception with message Cannot submit message. 0.35250:0A000B81, 1.36674:0A000000, 1.61250:00000000, 1.45378:02000000, 1.44866:D51C0000, 1.36674:0E000000, 1.61250:00000000, 1.45378:DA1C0000, 1.44866:08010000, 16.55847:3C0E0000, 17.43559:0000000004020000000000000000000000000000, 20.52176:140FAA891600101043050000, 20.50032:140FAA898617000000000000, 0.35180:48050000, 255.23226:0A001081, 255.27962:0A000000, 255.27962:0E000000, 255.31418:0A001181, 0.35250:0A000000, 1.36674:0A000000, 1.61250:00000000, 1.45378:02000000, 1.44866:1E000000, 1.36674:32000000, 1.61250:00000000, 1.45378:23000000, 1.44866:01000000, 16.55847:8A000000, 17.43559:0000000000030000000000000100000000000000, 20.52176:140FAA89160070200A001681, 20.50032:140FAA89861710106B050000, 0.35180:0A001781, 255.23226:4800D13D, 255.27962:0A000000, 255.27962:32000000, 255.17082:DC040000, 0.27745:75050000, 4.21921:DC040000, 255.27 SMTP" 0 1725
40.101.92.178 - OutboundConnectionCommand [23/Nov/2019:13:18:49 +0100] "QUIT - SMTP" 0 4
40.101.92.178 - OutboundConnectionResponse [23/Nov/2019:13:18:49 +0100] "- -?221 2.0.0 Service closing transmission channel SMTP" 0 46
40.101.92.178 - OutboundConnectionResponse [23/Nov/2019:13:18:49 +0100] "- -?220 MRXP264CA0045.outlook.office365.com Microsoft ESMTP MAIL Service ready at Sat, 23 Nov 2019 12:18:48 +0000 SMTP" 0 109
40.101.92.178 - OutboundConnectionCommand [23/Nov/2019:13:18:49 +0100] "EHLO -?SRVFPAWSUS01.fp.local SMTP" 0 4
40.101.92.178 - OutboundConnectionResponse [23/Nov/2019:13:18:49 +0100] "- -?250-MRXP264CA0045.outlook.office365.com Hello [41.63.161.35] SMTP" 0 60
40.101.92.178 - OutboundConnectionCommand [23/Nov/2019:13:18:49 +0100] "STARTTLS - SMTP" 0 8
40.101.92.178 - OutboundConnectionResponse [23/Nov/2019:13:18:49 +0100] "- -?220 2.0.0 SMTP server ready SMTP" 0 27Maybe someone has an idea on how to make the email sender be always the actual office365 account that is actually authenticating against officr365 even though the email is coming from another machine.
First I would like to thank the opportunity to post my issue here and I hope it is interesting for everyone reading.
Ok, so I will describe the environment first. I have got a win2016 server with the smtp virtual server running on it, which is working fine because on the same server runs the WSUS service and sends the email notifications fine through the smtp service.
This smtp service authenticates against office365 and relays the emails correctly.
ok, so then, I say, I have another server, which is an ubuntu server, setup for the Nagios monitoring, and I also need this to send emails, so I installed postfix on it. Now I have been already troubleshooting this and I am pretty advanced I think, the postfix sends the email to the windows smtp service fine, but at the end I get a sendasDeniedException error, I understand that the office365 account is trying to send an email with the postfix sender which is root@hostname.domain and it won't allow.
Some of the main postfix config files..
/etc/postfix/main.cf
Code:# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = yes
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
debug_peer_list = 192.168.19.245
# TLS parameters
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = srvfpamonp02
#myorigin = $myhostname
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,
mynetworks = 192.168.18.0/24, 192.168.19.0/24, /127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
recipient_delimiter = +
inet_protocols = all
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_local_domain =
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
mynetworks_style = subnet
relayhost = [srvfpawsus01.fp.local]
#transport_maps = hash:/etc/postfix/transport
#relay_domnains = fp.local
smtp_sasl_password_maps = hash:/etc/postfix/smtp_sasl_password_map
#inet_protocols = ipv4
smtp_sasl_auth_enable = yes
debug_peer_level = 10and here is the windows smtp relay log
Code:40.101.92.178 - OutboundConnectionResponse [23/Nov/2019:13:18:45 +0100] "- -?220 MRXP264CA0031.outlook.office365.com Microsoft ESMTP MAIL Service ready at Sat, 23 Nov 2019 12:18:44 +0000 SMTP" 0 109
40.101.92.178 - OutboundConnectionCommand [23/Nov/2019:13:18:45 +0100] "EHLO -?SRVFPAWSUS01.fp.local SMTP" 0 4
40.101.92.178 - OutboundConnectionResponse [23/Nov/2019:13:18:45 +0100] "- -?250-MRXP264CA0031.outlook.office365.com Hello [41.63.161.35] SMTP" 0 60
40.101.92.178 - OutboundConnectionCommand [23/Nov/2019:13:18:45 +0100] "STARTTLS - SMTP" 0 8
40.101.92.178 - OutboundConnectionResponse [23/Nov/2019:13:18:45 +0100] "- -?220 2.0.0 SMTP server ready SMTP" 0 27
40.101.92.178 - OutboundConnectionCommand [23/Nov/2019:13:18:46 +0100] "EHLO -?SRVFPAWSUS01.fp.local SMTP" 0 4
40.101.92.178 - OutboundConnectionResponse [23/Nov/2019:13:18:46 +0100] "- -?250-MRXP264CA0031.outlook.office365.com Hello [41.63.161.35] SMTP" 0 60
40.101.92.178 - OutboundConnectionCommand [23/Nov/2019:13:18:46 +0100] "AUTH - SMTP" 0 4
40.101.92.178 - OutboundConnectionResponse [23/Nov/2019:13:18:46 +0100] "- -?334 UGFzc3dvcmQ6 SMTP" 0 16
40.101.92.178 - OutboundConnectionResponse [23/Nov/2019:13:18:47 +0100] "- -?235 2.7.0 Authentication successful SMTP" 0 35
40.101.92.178 - OutboundConnectionCommand [23/Nov/2019:13:18:47 +0100] "MAIL -?FROM:<root@srvfpamonp02.localdomain> SIZE=581 SMTP" 0 4
40.101.92.178 - OutboundConnectionResponse [23/Nov/2019:13:18:47 +0100] "- -?250 2.1.0 Sender OK SMTP" 0 19
40.101.92.178 - OutboundConnectionCommand [23/Nov/2019:13:18:47 +0100] "RCPT -?TO:<fgarciad@axpe.com> ORCPT=rfc822;fgarciad@axpe.com SMTP" 0 4
40.101.92.178 - OutboundConnectionResponse [23/Nov/2019:13:18:48 +0100] "- -?250 2.1.5 Recipient OK SMTP" 0 22
40.101.92.178 - OutboundConnectionCommand [23/Nov/2019:13:18:48 +0100] "BDAT -?581 LAST SMTP" 0 4
40.101.92.178 - OutboundConnectionResponse [23/Nov/2019:13:18:49 +0100] "- -?554 5.2.0 STOREDRV.Submission.Exception:SendAsDeniedException.MapiExceptionSendAsDenied; Failed to process message due to a permanent exception with message Cannot submit message. 0.35250:0A000B81, 1.36674:0A000000, 1.61250:00000000, 1.45378:02000000, 1.44866:D51C0000, 1.36674:0E000000, 1.61250:00000000, 1.45378:DA1C0000, 1.44866:08010000, 16.55847:3C0E0000, 17.43559:0000000004020000000000000000000000000000, 20.52176:140FAA891600101043050000, 20.50032:140FAA898617000000000000, 0.35180:48050000, 255.23226:0A001081, 255.27962:0A000000, 255.27962:0E000000, 255.31418:0A001181, 0.35250:0A000000, 1.36674:0A000000, 1.61250:00000000, 1.45378:02000000, 1.44866:1E000000, 1.36674:32000000, 1.61250:00000000, 1.45378:23000000, 1.44866:01000000, 16.55847:8A000000, 17.43559:0000000000030000000000000100000000000000, 20.52176:140FAA89160070200A001681, 20.50032:140FAA89861710106B050000, 0.35180:0A001781, 255.23226:4800D13D, 255.27962:0A000000, 255.27962:32000000, 255.17082:DC040000, 0.27745:75050000, 4.21921:DC040000, 255.27 SMTP" 0 1725
40.101.92.178 - OutboundConnectionCommand [23/Nov/2019:13:18:49 +0100] "QUIT - SMTP" 0 4
40.101.92.178 - OutboundConnectionResponse [23/Nov/2019:13:18:49 +0100] "- -?221 2.0.0 Service closing transmission channel SMTP" 0 46
40.101.92.178 - OutboundConnectionResponse [23/Nov/2019:13:18:49 +0100] "- -?220 MRXP264CA0045.outlook.office365.com Microsoft ESMTP MAIL Service ready at Sat, 23 Nov 2019 12:18:48 +0000 SMTP" 0 109
40.101.92.178 - OutboundConnectionCommand [23/Nov/2019:13:18:49 +0100] "EHLO -?SRVFPAWSUS01.fp.local SMTP" 0 4
40.101.92.178 - OutboundConnectionResponse [23/Nov/2019:13:18:49 +0100] "- -?250-MRXP264CA0045.outlook.office365.com Hello [41.63.161.35] SMTP" 0 60
40.101.92.178 - OutboundConnectionCommand [23/Nov/2019:13:18:49 +0100] "STARTTLS - SMTP" 0 8
40.101.92.178 - OutboundConnectionResponse [23/Nov/2019:13:18:49 +0100] "- -?220 2.0.0 SMTP server ready SMTP" 0 27Maybe someone has an idea on how to make the email sender be always the actual office365 account that is actually authenticating against officr365 even though the email is coming from another machine.