CSSCurrent en:Microsoft Exchange Online on Cryptshare Appliances: Unterschied zwischen den Versionen
Aus Cryptshare Documentation
Keine Bearbeitungszusammenfassung |
Keine Bearbeitungszusammenfassung |
||
| Zeile 6: | Zeile 6: | ||
=== Installing Postfix === | === Installing Postfix === | ||
< | <pre>apt install Postfix | ||
echo "your-company.com" > /etc/mailname | |||
add-apt-repository ppa:sasl-xoauth2/stable | |||
apt install sasl-xoauth2</pre> | |||
=== Configuring Postfix === | === Configuring Postfix === | ||
Open the file /etc/postfix/main.cf | |||
<code>vim /etc/postfix/main.cf</code> | |||
Configure the main.cf file to refer to the correct domain and hostnames, e.g.: | |||
<pre># See /usr/share/postfix/main.cf.dist for a commented, more complete version | |||
# Debian specific: Specifying a file name will cause the first | |||
# line of that file to be used as the name. The Debian default | |||
# is /etc/mailname. | |||
myorigin = /etc/mailname | |||
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) | |||
biff = no | |||
# appending .domain is the MUA's job. | |||
append_dot_mydomain = no | |||
# Uncomment the next line to generate "delayed mail" warnings | |||
#delay_warning_time = 4h | |||
readme_directory = no | |||
# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 3.6 on | |||
# fresh installs. | |||
compatibility_level = 3.6 | |||
# TLS parameters | |||
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem | |||
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key | |||
smtpd_tls_security_level=may | |||
smtp_tls_CApath=/etc/ssl/certs | |||
smtp_always_send_ehlo = yes | |||
smtp_tls_security_level=encrypt | |||
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt | |||
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache | |||
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination | |||
myhostname = <hostname> | |||
alias_maps = hash:/etc/aliases | |||
alias_database = hash:/etc/aliases | |||
myorigin = /etc/mailname | |||
mydestination = $myhostname, , <hostname>, localhost.localhost, localhost | |||
relayhost = [smtp.office365.com]:587 | |||
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 | |||
inet_interfaces = all | |||
mailbox_size_limit = 0 | |||
recipient_delimiter = + | |||
inet_interfaces = all | |||
inet_protocols = all | |||
smtp_use_tls = yes | |||
smtp_always_send_ehlo = yes | |||
smtp_sasl_auth_enable = yes | |||
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd | |||
smtp_sasl_security_options = noanonymous | |||
smtp_sasl_tls_security_options = | |||
smtp_sasl_mechanism_filter = xoauth2 | |||
smtp_tls_security_level = encrypt | |||
smtp_generic_maps = hash:/etc/postfix/generic | |||
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt</pre> | |||
=== (Optional) Automate Certificate Copy with systemd === | === (Optional) Automate Certificate Copy with systemd === | ||
TBD | TBD | ||
Version vom 16. Februar 2026, 15:56 Uhr
Introduction
The Cryptshare Appliance sends notification emails when updates to the underlying OpenSuse components are available. For this, a local postfix is installed that is usually configured by the Cryptshare Server. However, this is only automatically done, when a regular SMTP server is used as a target for the local postfix. In case, Microsoft Exchange Online is used together with OAuth 2.0 authentication, then the configuration of postfix has to be done manually.
Set-up
Installing Postfix
apt install Postfix echo "your-company.com" > /etc/mailname add-apt-repository ppa:sasl-xoauth2/stable apt install sasl-xoauth2
Configuring Postfix
Open the file /etc/postfix/main.cf
vim /etc/postfix/main.cf
Configure the main.cf file to refer to the correct domain and hostnames, e.g.:
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 3.6 on
# fresh installs.
compatibility_level = 3.6
# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_security_level=may
smtp_tls_CApath=/etc/ssl/certs
smtp_always_send_ehlo = yes
smtp_tls_security_level=encrypt
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = <hostname>
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = $myhostname, , <hostname>, localhost.localhost, localhost
relayhost = [smtp.office365.com]:587
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
inet_interfaces = all
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
smtp_use_tls = yes
smtp_always_send_ehlo = yes
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options =
smtp_sasl_mechanism_filter = xoauth2
smtp_tls_security_level = encrypt
smtp_generic_maps = hash:/etc/postfix/generic
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
(Optional) Automate Certificate Copy with systemd
TBD
Generate an OAuth Token
TBD
Test and Debug
Test the Email Relay with sendmail
Your relay should now be operational. To test the setup from the relay host, you can use the sendmail command directly from the terminal.
- Create a test message file:
From: <sender-mail>To: <recipient-mail>Subject: Test message
Does it work?
- Send the email using
sendmail:root@host:~# cat /tmp/test.txt | sendmail -F <sender-mail> <recipient-mail>