Email configuration for Office 365

I have been trying for many hours now to get email working on a fresh install of freepbx hoping to easily get email to work. I have a licensed user on my account I am trying to use for authentication. I have tried over a 100 tweeks to the settings and checked the logs. I generally either get a bounced message, or an authentication error. I am using the admin module for email and choosing the office 365 option.

It seems like this should be easy but after about 10 hours of failing to get it to work, I am hoping someone can point me in the right direction.

Here is a recent smippit from my log files:

Sep 23 17:46:57 freepbx postfix/smtp[27710]: 6F80962ABF20: to=[email protected], relay=smtp.office365.com[40.97.121.34]:587, delay=7.7, delays=0.01/0/2.5/5.2, dsn=5.7.60, status=bounced (host smtp.office365.com[40.97.121.34] said: 550 5.7.60 SMTP; Client does not have permissions to send as this sender [BN6PR20MB1474.namprd20.prod.outlook.com] (in reply to end of DATA command))

Hi!

maybe?

Good luck and have a nice day!

Nick

Poor SPF record that doesn’t have the IP of the PBX in it. This is a DNS issue for your domain.

I seriously hope they provide a more concise error message for SPF / Sender-Id (MS variant IIRC…)

Most of what I found suggests “Send as” rights such as this:

https://answers.microsoft.com/en-us/msoffice/forum/msoffice_outlook/smtp-relay-error-550-5760-client-does-not-have/7ed99dad-e4c9-4ae9-86dc-e7505d233e6a

By default the Postfix installed on the FreePBX distro tries to send emails from non-existent domains IIRC (which is a big no-no) so what @waldrondigital is suggesting, to remap all of those to real addresses, definitely makes sense…

Considering SPF is meant to be validated by the server receiving the email and what the OP appears to want to do with office 365 servers is relaying it would be a misuse of those records IMHO…

Nick

Some decent replies in here to get someone started. But I get a bit frustrated in that there is no comprehensive guide to setting up FreePBX with Office 365. Regardless if you see the option in the Commercial Admin module. Yes, it gets you closer to getting it to work, but you still have to beat FreePBX/Centos with a stick to get it to work.

I will post a “how to” in a moment. Stand by.

Hi!

What @waldrondigital posted essentially comes from

https://wiki.freepbx.org/display/PPS/Setup+Postfix+Manually

It’s just people don’t realize this is something they, at least currently, have to do that for office 365…

Microsoft servers are in their rights to to refuse to process emails with incorrect/unknown domains (or emall addresses which have not been given proper permissions, ie the “Send as”)…

(As mail admins say, their servers, their rules…)

Anyway, for unknown domains if office 365 didn’t block those they would most likely end up being blocked by the receiving servers.

(My MX for my domains and the ones I setup in the past certainly would…)

Honestly, as far as I am concerned, System Admin Pro should probably set up all these remappings by itself when you tell it you are relaying through office 365 servers (and maybe for other servers as well since it’s not actually acceptable anywhere to send mails from unknown domains) and give it the permission to do it…

On a dedicated system it’s not much of a problem for System Admin Pro to alter Postfix’s configuration in such a way but if that system does more than FreePBX/Asterisk duty then I would be hesitant to have this done automatically, it might corrupt an otherwise working setup…

Have a nice day!

Nick

I hope this can help: Steps to getting FreePBX to work with Office 365 email

Thanks.

Nice. I could seriously use a beginning to end how to guide. A definitive guide would have saved me, and I’m sure many others countless hours of frustration. I’ll be on the lookout for it.

Yep! Read the post just above yours in this thread, I have just posted my write up.

Thank you for putting the writeup together. I completed all the step on your write up.

I am now getting:

Sep 24 00:10:09 freepbx postfix/smtp[6482]: AB2F462ABF38: SASL authentication failed; cannot authenticate to server smtp.office365.com[40.100.162.178]: no mechanism available
Sep 24 00:10:09 freepbx postfix/smtp[6477]: warning: SASL authentication failure: No worthy mechs found
Sep 24 00:10:09 freepbx postfix/smtp[6477]: C0E8F62ABF3B: to=[email protected], relay=smtp.office365.com[40.97.115.50]:587, delay=503, delays=501/0.04/2.1/0, dsn=4.7.0, status=deferred (SASL authentication failed; cannot authenticate to server smtp.office365.com[40.97.115.50]: no mechanism available)

Any ideas?

Check your /etc/postfix/main.cf

Do you have

smtp_generic_maps = hash:/etc/postfix/generic
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options =
smtp_use_tls = yes
smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
relayhost = smtp.office365.com:587
myhostname = yourhostname.WhatEverItIs.com
mydomain = yourhostname.WhatEverItIs.com
myorigin = yourhostname.WhatEverItIs.com

The Commercial System Admin module should set this for you if you used the recommendations in my other post:

Close. I have
smtp_sasl_security_options = noplaintext, noanonymous
rather than
smtp_sasl_security_options =

I also have the:
inet_protocols = ipv4

Just to make sure I undestand. The “yourhostname.WhatEverItIs.com” is the hostname hosted by Office365 for my email, right?

It looks like my local system is trying to handle the email and never passes it on. I’m getting:
status=bounced (unknown user: “MyUserName”)
I am also not seeing “smtp.office365.com” anywhere is the logs.

It seems like when I set my hostname, origin, and domain to something like “freepbx.sagoma.local”, it at least tries to pass the email onto “smtp.office365.com”

Hi!

Please type

postconf -n

at the command line and post the results back…

That will give us all the parameters which have been modified from the default ones…

Edit out your domain name but always in a consistent manner (you could replace it with “example.com” for example…)…

Good luck and have a nice day!

Nick

Here are the results of postconf -n (I replaced my domain with MY OFFICE365 DOMAIN

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
html_directory = no
inet_interfaces = localhost
inet_protocols = ipv4
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost.$mydomain, localhost
mydomain = MY OFFICE365 DOMAIN
myhostname = MY OFFICE365 DOMAIN
myorigin = MY OFFICE365 DOMAIN
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
relayhost = smtp.office365.com:587
sample_directory = /usr/share/doc/postfix-2.10.1/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_generic_maps = hash:/etc/postfix/generic
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options =
smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
smtp_use_tls = yes
unknown_local_recipient_reject_code = 550

Hi!

This means that, by default, your system uses fake email addresses and identifies itself to other system (both in it’s HELO/EHLO greeting and headers) as something which doesn’t exist…

Definitely not something legit, which could have your emails blocked eventually by either Microsoft or another server to which you would like to relay…

Have a nice day!

Nick

You may have noticed:

smtp_sasl_security_options =

Thats probably because I changed it to allow anonymous to it matches what you initially said it should be. It didn’t make any difference in the logs however.

Thanks for the time you are putting into helping me figure this out.

paul

Ok… I fiddled with it a bunch more with office 365 connectors, powershell user settings, etc and I am getting nowhere. I’m ready to punt on Office365 email integration.

I have a static IP going into the office (and my home where I am setting this up) but no domain name associated with it. Do I want to create a domain name in GoDaddy for my IP, and use that domain name to set up the built in mail server in freepbx? Pro’s? Cons? Am I thinking straight? Are there other options that make more sense?

Hi!

Can you post the relevant part of your logs?

Edit out your domain but replace it with something like example.com (or at least something that looks like a real hostname, without spaces like what you replaced it earlier…)…

By thr way, does what you see in hash:/etc/postfix/sasl_passwd makes sense? It should be your credentials IIRC…

Good luck and have a nice day!

Nick

I noticed that I skipped documenting the SASL Security Options in the System Admin module on the Email Setup.

I have SASL Security Options selected as “Disable Security”.

I will go ahead and update the instructions in the original post.