CSSCurrent en:Microsoft Exchange Online on Cryptshare Appliances

Aus Cryptshare Documentation
Wechseln zu:Navigation, Suche

Introduction

The Cryptshare Appliance sends notification emails when updates to the underlying OpenSuse components are available. For this, a local postfix is installed that is usually configured by the Cryptshare Server. However, this is only automatically done, when a regular SMTP server is used as a target for the local postfix. In case, Microsoft Exchange Online is used together with OAuth 2.0 authentication, then the configuration of postfix has to be done manually.

Set-up

Installing Postfix

apt install Postfix

echo "your-company.com" > /etc/mailname

add-apt-repository ppa:sasl-xoauth2/stable

apt install  sasl-xoauth2

Configuring Postfix

Open the file /etc/postfix/main.cf

vim /etc/postfix/main.cf

Configure the main.cf file to refer to the correct domain and hostnames, e.g.: 

# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
myorigin = /etc/mailname


smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 3.6 on
# fresh installs.
compatibility_level = 3.6



# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_security_level=may

smtp_tls_CApath=/etc/ssl/certs
smtp_always_send_ehlo = yes
smtp_tls_security_level=encrypt
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = <hostname>
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = $myhostname, , <hostname>, localhost.localhost, localhost
relayhost = [smtp.office365.com]:587
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
inet_interfaces = all
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
smtp_use_tls = yes
smtp_always_send_ehlo = yes
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options =
smtp_sasl_mechanism_filter = xoauth2
smtp_tls_security_level = encrypt
smtp_generic_maps = hash:/etc/postfix/generic
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt

(Optional) Automate Certificate Copy with systemd

TBD

Generate an OAuth Token

TBD

Test and Debug

Test the Email Relay with sendmail

Your relay should now be operational. To test the setup from the relay host, you can use the sendmail command directly from the terminal.

  • Create a test message file:

From: <sender-mail>To: <recipient-mail>Subject: Test message

Does it work?

  • Send the email using sendmail: root@host:~# cat /tmp/test.txt | sendmail -F <sender-mail> <recipient-mail>
Abgerufen von „https://documentation.cryptshare.com/w/index.php?title=CSSCurrent_en:Microsoft_Exchange_Online_on_Cryptshare_Appliances&oldid=53200