Relay to protection.outlook.com ends in: TenantAttribution; Relay Access Denied [ValidationStatus of '' is EmptyCertificate] #3261
Replies: 2 comments
-
Quick update. If I set the DNS with: dns: I can forward emails to outside using the email relay configured with (No error of TenantAttribution ).. However, then I cannot send emails to any of the domains configured in the postal server. I always receive the error: smtp: Failed: 550 Invalid server token How can I configure postal to allow forwarding emails to the smtp_relays and also to the domains configured inside Postal? Much appreciated in advance. PS: |
Beta Was this translation helpful? Give feedback.
-
Are you specifying these outlook.com's as relays in the config file? Those ones are mostly for when your Postal is in some kind of private network and there is an email gateway to the outside internet. If you're trying to ensure that Postal can only email specific email addresses, that isn't really a feature of Postal and should be set up in whatever software you're using to create the emails. If not, can you tell us a bit more about what you are trying to do? |
Beta Was this translation helpful? Give feedback.
-
Due to subnet division we are trying to configure an email server using postal for several internal company domains.
Postal will be the only one having external access to Outlook (servers does not have internet connection), using, as relay for any external address, an Outlook server (protection.outlook.com).
When we setup the smtp_relays using starttls at Postal, we receive the error from outlook like:
TenantAttribution; Relay Access Denied [ValidationStatus of '' is EmptyCertificate]
We have tried several different setups in term of: no TLS, TLS only or STARTTLS as follows, reporting the following errors:
# smtp_relays: smtp://xxx.mail.protection.outlook.com:25
# smtp_relays: smtp://xxx.mail.protection.outlook.com:25?ssl_mode=tls
We see the error:
Net::SMTPFatalError: 550 5.7.64 TenantAttribution; Relay Access Denied [No TLS] [xxx.prod.outlook.com]
# smtp_relays: smtp://xxx.mail.protection.outlook.com:25?ssl_mode=Auto
# smtp_relays: smtp://xxx.mail.protection.outlook.com:25?ssl_mode=starttls
# smtp_relays: smtp://xxx.mail.protection.outlook.com:25?starttls=when-available
# smtp_relays: smtp://xxx.mail.protection.outlook.com:587?ssl_mode=Auto
# smtp_relays: smtp://xxx.mail.protection.outlook.com:25?starttls=Auto
# smtp_relays: smtp://xxx.mail.protection.outlook.com:25?tls=Auto
we see:
Net::SMTPFatalError: 550 5.7.64 TenantAttribution; Relay Access Denied [ValidationStatus of '' is EmptyCertificate] [xxx.prod.outlook.com]
Hence the question is:
Documentation is not very clear about the smtp_relays parameter *(sorry about that).
I found as reference:
Microsoft definition of the error:
https://learn.microsoft.com/en-us/exchange/troubleshoot/email-delivery/ndr/relay-access-denied-smtp
(Postal's IP is included in the Allowed IPs).
STARTTLS setup:
https://github.com/orgs/postalserver/discussions/2769
#48
https://github.com/orgs/postalserver/discussions/2912
https://github.com/orgs/postalserver/discussions/2886
#277
Conf file V3 parameters:
https://github.com/postalserver/postal/blob/main/doc/config/yaml.yml
Beta Was this translation helpful? Give feedback.
All reactions