Skip to content
/ postfix-365 Public

Another Postfix relay with OAUTH2 but working with Microsoft 365. Docker version.

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

mauroreggio/postfix-365

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

18 Commits
certs
certs
 
 
keys
keys
 
 
scripts
scripts
 
 
tokens
tokens
 
 
Dockerfile
Dockerfile
 
 
README.md
README.md
 
 
docker-compose.yml
docker-compose.yml
 
 

Repository files navigation

postfix-oauth2 for Microsoft 365

Another Postfix relay docker container with OAUTH2, but working with Microsoft 365

USE IT AT YOUR OWN RISK

Adapted from https://github.com/takeyamajp/docker-postfix
tarickb/sasl-xoauth2 installed into image https://github.com/tarickb/sasl-xoauth2

Usage (work in progres)

  • clone the project (git clone https://github.com/mauroreggio/postfix-365.git)
  • edit docker-compose.yml with right parameters
  • run "docker-compose up" for interactive log on console or
  • run "docker-compose up -d" for run like a daemon in background (docker ps -a for check the status)

Based on Alma Linux 9.5, the active docker do:

  • Read all ENV variables in docker-compose.yml
  • Copy ./scripts folder into the container
  • Use ./scripts/entrypoint.sh as a startup script (that run all other scripts)

After run the container, remember last step: create Initial Access Token
https://github.com/tarickb/sasl-xoauth2#initial-access-token-2
This step consist in:

  • bash into the running container
  • run the script that assist you
  • this create an example@example.com file in /etc/tokens folder of the container, mapped on the ./tokens local folder.
    NOT TESTED: the "sasl-xoauth2-tool" is a perl script. If you desire you can install and run out of the container and create the example@example.com file in the ./tokens local folder. Don't forget to assign postfix:postfix own group:user to the file from the container bash (only first time, is persistent)

My "sasl-xoauth2-tool" example is (pay attention: NO SPACE between = and id code):

sasl-xoauth2-tool get-token outlook \
    /etc/tokens/example@example.com \
    --tenant=your tenant id (no space after =) \
    --client-id=your client id (no space after =) (id of the application created on Azure Entra ID)

PAY ATTENTION TO AUTHENTICATE FROM THE WEB WITH THE RIGHT USER
(In my example authenticate with example@example.com not with tenant global admin)

If msal not found into the container, install it:
(bash into the container)

yum install pip -y
pip install azure-cli

Special instruction for Azure App creation:

  • Use any name you like (it doesn't have to be "sasl-xoauth2").
  • Add "Web Application" with this redirected URI: https://login.microsoftonline.com/common/oauth2/nativeclient
  • You must toggle "Allow public client flows" to "yes".
  • Be sure to select the appropriate type of account (consumer Outlook vs. "organizational directory") -- see #89 for why.

Then, add API permissions for SMTP.Send:

  • From the app registration "API permissions" page, click "add a permission".
  • Click "Microsoft Graph".
  • Enter "SMTP.Send" in the search box.
  • Expand the SMTP permission, then check the SMTP.Send checkbox.

Debug

bash into running container

docker exec -it postfix bash

within the running container

/usr/sbin/postfix -c /etc/postfix start
/usr/sbin/postfix -c /etc/postfix stop

Modify and create a new docker image 

docker build -t localhost/postfix-365:tag .

(or if you want build without any docker cache):

docker build --no-cache -t localhost/postfix-365:1.0.0 .


About

Another Postfix relay with OAUTH2 but working with Microsoft 365. Docker version.

Topics

docker relay oauth2 postfix oauth2-client relay-server microsoft-365 azure-entra-id

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Languages