CASA: Configurar postfix para SMTP Olutlook Microsoft 365

apt purge postfix
rm -R /etc/postfix/
apt autoremove
  • Lo instalamos
apt install postfix
  • Configuramos
  • Instalamos los plugins necesarios
apt-get install libsasl2-modules postfix sasl2-bin mailutils
  • Creamos el archivo
nano /etc/postfix/sasl_passwd
  • Agregamos el contenido
[smtp.office365.com]:587 gustavomatamoros@sada.services:$Acu2
  • Ejecutamos
postmap /etc/postfix/sasl_passwd
  • Creamos el archivo
nano /etc/postfix/sender_canonical
  • Agregamos
/.+/ gustavomatamoros@sada.services
  • Ejecutamos
postmap /etc/postfix/sender_canonical
  • Damos permisos
chown root:root /etc/postfix/{sasl_passwd,sasl_passwd.db,sender_canonical,sender_canonical.db}

chmod 640 /etc/postfix/{sasl_passwd,sasl_passwd.db,sender_canonical,sender_canonical.db}
  • Descargamos los certificados de Microsoft
openssl s_client -showcerts -starttls smtp -crlf -connect smtp.office365.com:587
  • Esto nos da un resultado muy grande pero lo que ocupamos es
-----BEGIN CERTIFICATE-----
MIIIpjCCB46gAwIBAgIQCACUn3NeL11NFs4ZgWZ3LDANBgkqhkiG9w0BAQsFADBL
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMSUwIwYDVQQDExxE
aWdpQ2VydCBDbG91ZCBTZXJ2aWNlcyBDQS0xMB4XDTIzMDUzMTAwMDAwMFoXDTI0
MDUzMDIzNTk1OVowajELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24x
EDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlv
bjEUMBIGA1UEAxMLb3V0bG9vay5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQDSP3wx9A56ytyHv748rWr7WjhP+5Q7mBpMiMm+2BudGuzQjw4eA0wU
UCi6K0zV4JauF0EbqcZ4bzcr8bT4ki9e9d+6hiUXYh2u+WoMpnPHz7yDxBN8+im4
GIfZN3CmMtJRqVd5HKiynB8dqBuI9tbPklyng1WziCw07DTz17OLt9MQ1wg1ezjn
Z6znl/e1JoZ1tZ14OR7xd+6poYq2ThRdX/I4AXyrW56iYr2t0d/Im4ep4LYdudJK
DkK8/QBrLzbDWsnhc9cW3t7PDPiSoMqTsJX+2CsPVfHCqt7HMA/tEHnQrczaDlXj
Tk+11tRaFE0wWkrA/q64DnzKN9z+O9rhAgMBAAGjggVlMIIFYTAfBgNVHSMEGDAW
gBTdUdCiMXOpc66PtAF+XYxXy5/w9zAdBgNVHQ4EFgQU4lD1PnBEebsQtvssi/xn
dTZVky4wggIQBgNVHREEggIHMIICA4IWKi5jbG8uZm9vdHByaW50ZG5zLmNvbYIN
Ki5ob3RtYWlsLmNvbYIWKi5pbnRlcm5hbC5vdXRsb29rLmNvbYIKKi5saXZlLmNv
bYIWKi5ucmIuZm9vdHByaW50ZG5zLmNvbYIMKi5vZmZpY2UuY29tgg8qLm9mZmlj
ZTM2NS5jb22CDSoub3V0bG9vay5jb22CFyoub3V0bG9vay5vZmZpY2UzNjUuY29t
ghthdHRhY2htZW50Lm91dGxvb2subGl2ZS5uZXSCHWF0dGFjaG1lbnQub3V0bG9v
ay5vZmZpY2UubmV0giBhdHRhY2htZW50Lm91dGxvb2sub2ZmaWNlcHBlLm5ldIIW
YXR0YWNobWVudHMub2ZmaWNlLm5ldIIaYXR0YWNobWVudHMtc2RmLm9mZmljZS5u
ZXSCHWNjcy5sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tgiFjY3Mtc2RmLmxvZ2lu
Lm1pY3Jvc29mdG9ubGluZS5jb22CC2hvdG1haWwuY29tghZtYWlsLnNlcnZpY2Vz
LmxpdmUuY29tgg1vZmZpY2UzNjUuY29tggtvdXRsb29rLmNvbYISb3V0bG9vay5v
ZmZpY2UuY29tghRzdWJzdHJhdGUub2ZmaWNlLmNvbYIYc3Vic3RyYXRlLXNkZi5v
ZmZpY2UuY29tMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYI
KwYBBQUHAwIwgY0GA1UdHwSBhTCBgjA/oD2gO4Y5aHR0cDovL2NybDMuZGlnaWNl
cnQuY29tL0RpZ2lDZXJ0Q2xvdWRTZXJ2aWNlc0NBLTEtZzEuY3JsMD+gPaA7hjlo
dHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRDbG91ZFNlcnZpY2VzQ0Et
MS1nMS5jcmwwPgYDVR0gBDcwNTAzBgZngQwBAgIwKTAnBggrBgEFBQcCARYbaHR0
cDovL3d3dy5kaWdpY2VydC5jb20vQ1BTMHwGCCsGAQUFBwEBBHAwbjAlBggrBgEF
BQcwAYYZaHR0cDovL29jc3B4LmRpZ2ljZXJ0LmNvbTBFBggrBgEFBQcwAoY5aHR0
cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0Q2xvdWRTZXJ2aWNlc0NB
LTEuY3J0MAwGA1UdEwEB/wQCMAAwggF+BgorBgEEAdZ5AgQCBIIBbgSCAWoBaAB2
AO7N0GTV2xrOxVy3nbTNE6Iyh0Z8vOzew1FIWUZxH7WbAAABiHPjiFgAAAQDAEcw
RQIhAIgoAG656l1lBI6vP8zUGTxA/QIvLjulSSayNd08PUwBAiAPLQRPzOaMzLsU
g4Xp9R88M+Wm4o2nipJXRtVD9yW4EQB3AEiw42vapkc0D+VqAvqdMOscUgHLVt0s
gdm7v6s52IRzAAABiHPjiEAAAAQDAEgwRgIhALi+C0tOTGeemCifitSAxdfln8nY
k1VRKUTFgjqm/p0vAiEAjF3dK6sS9Wbw/weQ1pi0tkSO0KQYA6oTSIhjwvZnT6IA
dQDatr9rP7W2Ip+bwrtca+hwkXFsu1GEhTS9pD0wSNf7qwAAAYhz44gSAAAEAwBG
MEQCICgExL+8ML6+4J52fBP5nK+5T4x7cS34NbwxbT554KXyAiBcOuIC7S168a2b
MKntFE1VRnhPY0M/xZHyCHO/yj+5yjANBgkqhkiG9w0BAQsFAAOCAQEAZOaObK71
hjUmNGwYqjTohL1ayFkpE84oT+9S9ehURtgcKoG054OBhYkhiy/hfUic6aKc8q4f
gag4skiNRe473/+TffYDuCodfYryS4JNy/UWwuBSkya4pekAhpDNPRKMlMW8LXJJ
oZcDgmP9YlQO0VGrhC1p8bVRmoyroHrdqMDdJklXMTXvfqQH6ul7cH74wI6CLpDD
0LqlhP3aAPMJp75qU/jupekkBWHmFlAzyeFDDlvImDftrgJVGxrBzZXJvibB8oWp
XEZza3Y1AxwFxuaJcFkT1TsMqbHYGgrR+2lKKZnUqQsv+YMkL/9uPBEw+fcelIX/
lhYiACHJ2xQVvQ==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIE5jCCA86gAwIBAgIQDxcaSMbyI4CSGM0u1t3A6DANBgkqhkiG9w0BAQsFADBh
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD
QTAeFw0yMDA5MjUwMDAwMDBaFw0zMDA5MjQyMzU5NTlaMEsxCzAJBgNVBAYTAlVT
MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxJTAjBgNVBAMTHERpZ2lDZXJ0IENsb3Vk
IFNlcnZpY2VzIENBLTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDR
rfaHFHlUJ1fHLwVoPJs8zWfsRRAshPKkR8TZU0JFCbvk/jPB17xGL9GL5re1Z3h8
anC+/bjltlTPTF6suCJ0c1UpCHPIZPfQlQkOeYNQv1/11MybQmGOgAS5QarOThKZ
m6zWxb5bAnO1FqSrcWLUmOpAOYWm9rsv6OeHwov2nDLN7Pg+v4nndCOCS9rqv3Om
JTz9v6nlaP/4MKJgxzsuo/PFfzs7/Q8xoXx0D9C/FMS9aPGl52un35sAfkYlTubo
E/P2BsfUbwsnIEJdYbw/YNJ8lnLJfLCL//lIBVME+iKvt81RXW3dkHQD8DNP9MfA
PlZGR69zIIvcej6j8l3/AgMBAAGjggGuMIIBqjAdBgNVHQ4EFgQU3VHQojFzqXOu
j7QBfl2MV8uf8PcwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUwDgYD
VR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjASBgNV
HRMBAf8ECDAGAQH/AgEAMHYGCCsGAQUFBwEBBGowaDAkBggrBgEFBQcwAYYYaHR0
cDovL29jc3AuZGlnaWNlcnQuY29tMEAGCCsGAQUFBzAChjRodHRwOi8vY2FjZXJ0
cy5kaWdpY2VydC5jb20vRGlnaUNlcnRHbG9iYWxSb290Q0EuY3J0MHsGA1UdHwR0
MHIwN6A1oDOGMWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2Jh
bFJvb3RDQS5jcmwwN6A1oDOGMWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdp
Q2VydEdsb2JhbFJvb3RDQS5jcmwwMAYDVR0gBCkwJzAHBgVngQwBATAIBgZngQwB
AgEwCAYGZ4EMAQICMAgGBmeBDAECAzANBgkqhkiG9w0BAQsFAAOCAQEANJE52TD/
zFvmYQGp0P3ntVzclyqsN7Aga/s2SmhGoow32hcBWc6OVgQILYjXndBwRdTn6/97
nb+5a0sEfMoc7mto2ALmLim+XgZ6bg2nQX1A2lWYUoFou0YDHzGsKUNcLQOjoJU4
t9UMxv6+Je7RB77+j3mVmsNxBF13Q+LEHWiY+IJSazVqv7w73izbAFo6cF9sK0hp
qdmSKdB/MNfnT9YF4/WYlyCwFhpaK3mPuU2XiOzGswPhMMRwgawnk4XTNemtHPSq
fP/JzQHsefL75Tx5c8tHJAcp3C/QD+JcUUHocUPuW62x79wO9pNl5N5U4jIVFa4k
x6pNQytYvwMPeg==
-----END CERTIFICATE-----
  • Copiamos ese contenido y abrimos el archivo
nano /etc/postfix/cacert.pem
  • Abrimos el archivo
nano /etc/postfix/main.cf
  • Verificamos que myhostname sea igual al que configuramos
myhostname = PC-ABAJO
  • Comentamos las lineas
#smtp_tls_security_level=may
#relayhost =
#inet_interfaces = all
  • Agregamos al final
# Enable auth
smtp_sasl_auth_enable = yes
# Set username and password
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
# Turn on tls encryption 
smtp_tls_security_level = may
header_size_limit = 4096000
# Set external SMTP relay host here IP or hostname accepted along with a port number. 
relayhost = [smtp.office365.com]:587
# accept email from our web-server only 
inet_interfaces = 127.0.0.1
sender_canonical_maps = regexp:/etc/postfix/sender_canonical
smtp_tls_CAfile = /etc/postfix/cacert.pem
smtp_use_tls = yes
smtp_always_send_ehlo = yes
  • RESULTADO
# See /usr/share/postfix/main.cf.dist for a commented, more complete version# Debian specific:  Specifying a file name will cause the first# line of that file to be used as the name.  The Debian default# is /etc/mailname.#myorigin = /etc/mailnamesmtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)biff = no# appending .domain is the MUA's job.append_dot_mydomain = no# Uncomment the next line to generate "delayed mail" warnings#delay_warning_time = 4hreadme_directory = no# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 3.6 on# fresh installs.compatibility_level = 3.6# TLS parameterssmtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pemsmtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.keysmtpd_tls_security_level=maysmtp_tls_CApath=/etc/ssl/certs#smtp_tls_security_level=maysmtp_tls_session_cache_database = btree:${data_directory}/smtp_scachesmtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destinationmyhostname = PC-ABAJOalias_maps = hash:/etc/aliasesalias_database = hash:/etc/aliasesmydestination = $myhostname, PC-ABAJO, localhost.localdomain, , localhost#relayhost = mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128mailbox_size_limit = 0recipient_delimiter = +#inet_interfaces = allinet_protocols = ipv4# Enable authsmtp_sasl_auth_enable = yes

# Set username and password
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
# Turn on tls encryption 
smtp_tls_security_level = may
header_size_limit = 4096000
# Set external SMTP relay host here IP or hostname accepted along with a port number. 
relayhost = [smtp.office365.com]:587
# accept email from our web-server only 
inet_interfaces = 127.0.0.1
sender_canonical_maps = regexp:/etc/postfix/sender_canonical
smtp_tls_CAfile = /etc/postfix/cacert.pem
smtp_use_tls = yes
smtp_always_send_ehlo = yes
  • Reiniciamos el servicio
systemctl stop postfix
systemctl start postfix
systemctl status postfix
  • Verificamos que el servicio esta esperando en el puerto 25
netstat -tulpn | grep :25
  • Resultado
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      44098/master
  • Puede que se haya desinstalado mailutils, lo verificamos
apt install mailutils -y
  • Eliminamos correos pendientes por aquello
postsuper -d ALL
  • Probamos el envió
echo "Este es el contenido del mensaje." | mail -s "Servidor:PC_ABAJO" -a "From: gustavomatamoros@sada.services" gustavomatamoros@sada.services
  • Podemos ver la cola con
tail -f /var/log/mail.log
  • Si necesitamos limpiar la cola de mensajes
postsuper -d ALL