How can I sent an eMail via smtp.office365.com from an Azure VM with debian installed?

Axel B 20 Reputation points
2023-05-25T19:33:33.9+00:00

I setup my 1st debian azure vm. I want to sent some eMails via smtp from this vm. We are using exchange online and the needed mailbox is already configured. For exchange SPF, DKIM, DMARC is setup.

Exchange online should be connected as smtp service with username (email address) + password

I assume that I have a challenge with MFA or something else.

How can I enable this vm to sent eMails via smtp.office365. com?

Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
7,113 questions
Microsoft Exchange Online Management
Microsoft Exchange Online Management
Microsoft Exchange Online: A Microsoft email and calendaring hosted service.Management: The act or process of organizing, handling, directing or controlling something.
4,174 questions
Not Monitored
Not Monitored
Tag not monitored by Microsoft.
35,947 questions
0 comments
Accepted answer
  1. Konstantinos Passadis 17,286 Reputation points
    2023-05-26T21:30:48.3733333+00:00

    Hello @Axel B !

    To send emails from your Debian VM using the Exchange Online SMTP relay, you need to configure an MTA (Mail Transfer Agent) like Postfix on your VM. Postfix is a widely used, free and open-source mail transfer agent that routes and delivers email on a Linux system.

    Here are the steps:

    Install Postfix: If you don't have Postfix installed, you can install it by running the following commands:

    bash
    1. sudo apt-get update sudo apt-get install postfix mailutils

    During the installation, you'll be asked several questions about your configuration. In most cases, you can choose the default settings.

    Configure Postfix: Once Postfix is installed, you'll need to configure it to use the Exchange Online SMTP relay. You can do this by editing the Postfix configuration file. The location of the configuration file may vary, but it's usually in /etc/postfix/main.cf. Add or modify the following settings:

    bash
    1. relayhost = [smtp.office365.com]:587 smtp_sasl_auth_enable = yes smtp_sasl_security_options = noanonymous smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_use_tls = yes smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt

    Set Up SMTP Credentials: Next, you'll need to set up the SMTP credentials that Postfix will use to authenticate with Exchange Online. These credentials should be stored in a file specified by the smtp_sasl_password_maps setting.

    Create a new file at /etc/postfix/sasl_passwd with the following contents:

    bash
    1. [smtp.office365.com]:587 username@yourdomain.com:password

    Replace username@yourdomain.com and password with the username and password for the mailbox you're using with Exchange Online.

    Update Postfix Maps: Postfix uses lookup tables for many of its settings, so you need to generate these lookup tables with the postmap command:

    bash
    1. sudo postmap /etc/postfix/sasl_passwd

    Set Permissions: The /etc/postfix/sasl_passwd file contains sensitive information, so you should restrict its permissions:

    bash
    1. sudo chown root:root /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db sudo chmod 0600 /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db

    Restart Postfix: Finally, restart Postfix to apply the changes:

    bash
    1. sudo systemctl restart postfix

    Now you should be able to send emails through Exchange Online from your Debian VM.

    Please note:

    1. Make sure the credentials you use do not have MFA enabled as Postfix does not support MFA.
    2. Be aware of Microsoft's sending limits.
    3. Ensure your network security group rules on Azure allow outbound traffic on port 587.

    Also be aware of Port 25 , it is blocked for Outbound from Azure VMs

    https://learn.microsoft.com/en-us/azure/virtual-network/troubleshoot-outbound-smtp-connectivity

    Recommended method of sending email

    We recommend you use authenticated SMTP relay services to send email from Azure VMs or from Azure App Service. (These relay services typically connect through TCP port 587, but they support other ports.) These services are used to maintain IP and domain reputation to minimize the possibility that external domains reject your messages or put them to the SPAM folder. SendGrid is one such SMTP relay service, but there are others. You might also have an authenticated SMTP relay service on your on-premises servers.

    Using these email delivery services isn't restricted in Azure, regardless of the subscription type.

    I hope this helps!

    Kindly mark the answer as Accepted and Upvote in case it helped!

    Regards

    2 people found this answer helpful.

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Kael Yao-MSFT 37,496 Reputation points Microsoft Vendor
    2023-05-26T02:11:04.9233333+00:00

    Hi @Axel B,

    On Exchange Online side if you would like to use basic authentication for SMTP auth, please follow this link to check the requirements:

    Error: Authentication unsuccessful

    In short, you may need to make sure Azure security defaults in your tenant is disabled (which blocks SMTP auth on tenant level), and there is no specific conditional access policy (which blocks SMTP auth on per-user level) applied to the mailbox you are using.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment". 

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.
    0 comments
  2. Axel B 20 Reputation points
    2023-05-26T21:08:19.3533333+00:00

    Security defaults was alreaady disabled.

    I got the hint from MS support to use direct sent or smtp auth. The problem is, that port 25 isn't available.

    How can I enable port 25 for sending eMails?

    0 comments