Relay Outgoing Emails with Office 365
While it's possible to get email relaying working with Office365, we don't recommend that you use it. If you use a dedicated email relay service like Amazon SES or SMTP2Go, both you and your users are likely going to be happier.
There's a few major reasons why we recommend against Office365:
- You need to disable 2-factor authentication in Office365 for them to permit using SMTP authentication, so you'll make Office365 less secure than it could be.
- You will need to set the sender address for all outgoing emails to the Email Relay Username. With Amazon SES, SMTP2Go and similar, you can verify your domains so all your users can send messages with their own email addresses so it will look a lot nicer for the end recipient.
- Logging and troubleshooting is not as good in Office365 as it is in services that where built from the ground up as email relay services. Office365 is built like an email service and that's what it's great at. The relay function in Office365 seems more like an afterthought.
- Looking ahead where Microsoft is heading with Office365 (see the next section), it would not be surprising if SMTP auth relays through Office365 stopped working all together at some point.
LiquidFiles requires SMTP Auth authentication
Microsoft has been pushing towards what they call "modern authentication", which is Microsoft speak for the web based authentication method OATH. OATH requires a web browser to authenticate with tokens and is stronger than providing a username and password. But, OATH requires a user to operate the authentication in a browser so it's not something that works for server based systems like LiquidFiles or other functions like a multifunction printer or other systems where a user is not present all the time.
This means that you have to enable SMTP Auth with your Office365 configuration as outlined in this Microsoft Office 365 Support article in order to use Office 365 to relay emails with LiquidFiles (and other similar systems).
If for whatever reason you cannot enable SMTP Auth in Office 365, you will not be able to use Office365 to relay emails from LiquidFiles.
Will LiquidFiles support "Modern Authentication" in future releases?
Very unlikely. “Modern Authentication” is a web based authentication based on OATH and requires a user with a web browser performing the actual authentication. It’s not suitable for, or designed for, server based authentication for systems such as LiquidFiles.
LiquidFiles uses postfix as its MTA and is provided as part of CentOS 7 that is the current underlying operating system for LiquidFiles. Postfix does not currently support OATH and it's unlikely that it ever will, given that postfix is built for servers and not users with browsers. But even if postfix did add support for OATH, it wouldn’t be added to the postfix in CentOS 7. CentOS 7 is in maintenance mode and no major new updates will happen so for LiquidFiles v3.x we can guarantee that OATH/modern authentication will not happen.
In 2023 we will be looking at migrating from CentOS 7 to something that will be supported beyond 2024 and there will be an updated postfix in whatever replacement Linux we'll select. If postfix does add support for OATH authentication in the next couple of years, LiquidFiles will be able to add support for this within 6 months or so after it’s been added to the postfix version in whatever linux variant we’ll end up using after CentOS 7 (we release 2 major updates to LiquidFiles each year).
When using Office 365 to relay emails, you need to use the Email Sender Address Policy "Email Relay Username" configured in Admin → Configuration → Email.
You also need to configure the Email Relay Host as smtp.office365.com:587 and then add your email relay username and password.
Please see further documentation for Office 365 at the Office 365 Relay Documentation.