LiquidFiles Documentation
LiquidFiles Documentation
Last Updated: v3.7

Relay Outgoing Emails with Office 365

Microsoft has announced that they will remove support for SMTP Auth authentication in Office365 in September, 2025. This means that after this date, it will no longer be possible to use Office365 to relay emails using LiquidFiles (and other similar systems). Please see the announcement from Microsoft for more information.

While it's possible to get email relaying working with Office365 up until September 2025, we still don't recommend that you use it. If you use a dedicated email relay service like Amazon SES or SMTP2Go, both you and your users are likely going to be happier.

There's a few major reasons why we recommend against Office365 apart from them deprecating SMTP Auth all together in September 2025:

  1. You need to disable 2-factor authentication in Office365 for them to permit using SMTP authentication, so you'll make Office365 less secure than it could be.
  2. You will need to set the sender address for all outgoing emails to the Email Relay Username. With Amazon SES, SMTP2Go and similar, you can verify your domains so all your users can send messages with their own email addresses so it will look a lot nicer for the end recipient.
  3. Logging and troubleshooting is not as good in Office365 as it is in services that where built from the ground up as email relay services. Office365 is built like an email service and that's what it's great at. The relay function in Office365 seems more like an afterthought.

LiquidFiles requires SMTP Auth authentication

Microsoft has been pushing towards what they call "modern authentication", which is Microsoft speak for the web based authentication method OATH. OATH requires a web browser to authenticate with tokens and is stronger than providing a username and password. But, OATH requires a user to operate the authentication in a browser so it's not something that works for server based systems like LiquidFiles or other functions like a multifunction printer or other systems where a user is not present all the time.

This means that you have to enable SMTP Auth with your Office365 configuration as outlined in this Microsoft Office 365 Support article in order to use Office 365 to relay emails with LiquidFiles (and other similar systems).

If for whatever reason you cannot enable SMTP Auth in Office 365, you will not be able to use Office365 to relay emails from LiquidFiles.

Will LiquidFiles support "Modern Authentication" in future releases?

Very unlikely. “Modern Authentication” is a web based authentication based on OATH and requires a user with a web browser performing the actual authentication. It’s not suitable for, or designed for, server based authentication for systems such as LiquidFiles.

LiquidFiles uses postfix as its MTA and is provided as part of Ubuntu that is the current underlying operating system for LiquidFiles. Postfix does not currently support OATH and it's unlikely that it ever will, given that postfix is built for servers and not users with browsers.

Configuration

When using Office 365 to relay emails, you need to use the Email Sender Address Policy "Email Relay Username" configured in Admin → Configuration → Email.

You also need to configure the Email Relay Host as smtp.office365.com:587 and then add your email relay username and password.

Please see further documentation for Office 365 at the Office 365 Relay Documentation.