#!/bin/bash ####################################################################################################################### # SMTP relay with Office 365 Setup # For Ubuntu / Debian / Raspbian # David Harrop # April 2023 ####################################################################################################################### # Prerequisites: # An office 365 account with a mailbox (NON ADMIN!!) # An app password created for the above office 365 user at https://mysignins.microsoft.com/security-info # SMTP Auth enabled for that user under "manage mail apps in the Office365 admin centre # Prepare text output colours GREY='\033[0;37m' DGREY='\033[0;90m' GREYB='\033[1;37m' LRED='\033[0;91m' LGREEN='\033[0;92m' LYELLOW='\033[0;93m' NC='\033[0m' #No Colour clear SENDER=$SUDO_USER SERVER=$(uname -n) DOMAIN_SEARCH_SUFFIX=$(grep search /etc/resolv.conf | grep -v "#" | sed 's/'search[[:space:]]'//') if ! [ $(id -u) = 0 ]; then echo echo -e "${LGREEN}Please run this script as sudo or root${NC}" 1>&2 exit 1 fi echo echo -e "${LYELLOW}SMTP relay for Office365 setup...${LGREEN}" # Install Posfix echo echo -e "${GREY}Installing Postfix with non-interactive defaults..." sudo apt update -qq >/dev/null 2>&1 DEBIAN_FRONTEND="noninteractive" apt-get install postfix mailutils -qq -y >/dev/null 2>&1 if [ $? -ne 0 ]; then echo -e "${LRED}Postfix install failed. ${GREY}" 1>&2 exit 1 else echo -e "${LGREEN}OK${GREY}" fi # Get the Office365 smtp authentication credentials echo echo -e "${LYELLOW}An Office365 account email account is needed for SMTP relay authentication...${LGREEN}" echo read -p "Enter O365 SMTP auth enabled email : " SMTP_EMAIL read -s -p "Enter the SMTP auth account 'app password': " APP_PWD echo echo # Remove some default Postifx config items that conflict with new entries sudo sed -i '/relayhost/d' /etc/postfix/main.cf sudo sed -i '/smtp_tls_security_level=may/d' /etc/postfix/main.cf # For simple relay outbound only, limit Postfix to just loopback and IPv4 sed -i 's/inet_interfaces = all/inet_interfaces = loopback-only/g' /etc/postfix/main.cf sed -i "s/inet_protocols = all/inet_protocols = ipv4/g" /etc/postfix/main.cf echo -e "${GREY}Configuring Postfix for O365 SMTP relay and TLS auth..." # Add the new Office365 SMTP auth with TLS settings cat </dev/null 2>&1 relayhost = [smtp.office365.com]:587 smtp_use_tls = yes smtp_always_send_ehlo = yes smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_sasl_security_options = noanonymous smtp_sasl_tls_security_options = noanonymous smtp_tls_security_level = encrypt smtp_generic_maps = hash:/etc/postfix/generic smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt EOF if [ $? -ne 0 ]; then echo -e "${LRED}Postfix restart failed. ${GREY}" 1>&2 exit 1 else echo -e "${LGREEN}OK${GREY}" echo fi # Setup the password file and postmap sudo touch /etc/postfix/sasl_passwd cat </dev/null 2>&1 [smtp.office365.com]:587 ${SMTP_EMAIL}:${APP_PWD} EOF sudo chown root:root /etc/postfix/sasl_passwd sudo chmod 0600 /etc/postfix/sasl_passwd sudo postmap /etc/postfix/sasl_passwd # Setup the generic map file sudo touch /etc/postfix/generic cat </dev/null 2>&1 root@${SERVER} ${SMTP_EMAIL} ${SENDER}@${SERVER} ${SMTP_EMAIL} @${DOMAIN_SEARCH_SUFFIX} ${SMTP_EMAIL} EOF sudo chown root:root /etc/postfix/generic sudo chmod 0600 /etc/postfix/generic sudo postmap /etc/postfix/generic # Restart and test echo -e "${GREY}Restarting Postfix..." sudo service postfix restart if [ $? -ne 0 ]; then echo -e "${LRED}Postfix restart failed. ${GREY}" 1>&2 exit 1 else echo -e "${LGREEN}OK${GREY}" fi echo read -p "Enter an email address to test that email relay is working : " TEST_EMAIL echo "This is a test email" | mail -s "SMTP Auth Relay Is Working is working" ${TEST_EMAIL} -a "FROM:${SMTP_EMAIL}" echo -e "${LGREEN}Test message sent.." echo -e ${NC}