A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.
Resources:
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
Interactive (i.e. end-users) Clients should be using OAuth instead of app passwords. This will allow your users to use their own Office365 credentials for SMTP.
For servers and non-interactive clients (e.g. copiers/printers/toasters/coffee makers) I would suggest something along the lines here: https://learn.microsoft.com/en-us/exchange/mail-flow-best-practices/how-to-set-up-a-multifunction-device-or-application-to-send-email-using-microsoft-365-or-office-365#compare-the-options
I use https://github.com/YoRyan/mailrise
Mailrise is apprise under the hood. It's an SMTP server that converts all the emails it receives to push messages depending on the To address in the email.
In my case I have postfix running as an open relay inside my network that then relays to Amazon SES. But I have my own domain.
I imagine doing something similar where you relay to o365 might work.
I think what you're doing is fine, in fact, it's one of the Microsoft recommended methods of doing it.
I've started using SMTP2GO for all my notification. Up to 1000 email/month it's free. So I don't have to rely on Google/Microsoft account/changes that they do every once in a while.
I've been thinking about using that as an SMTP relay as well (Because my email server doesn't have reverse DNS). Would you recommend it?
Definitely! I've been using without any problem the free version.
I haven't found any reason online for not using it either, so I guess I'll just use that. Free account should be more than enough for me too, no way am I going to send more than 1000 emails a month.
If you are just sending notification emails to your own account then you can use SMTP directly to O365 without authentication and it will be delivered as long as it’s being sent within your tenant (if your home IP isn’t in your SPF record it may get delivered to junk however)
This is how we handle scan to email using MFPs in our org. No credentials, or even a mailbox for the outgoing sender, required
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:
| Fewer Letters | More Letters |
|---|---|
| DNS | Domain Name Service/System |
| IP | Internet Protocol |
| SMTP | Simple Mail Transfer Protocol |
[Thread #344 for this sub, first seen 12th Dec 2023, 10:55] [FAQ] [Full list] [Contact] [Source code]
Best bet would be to setup postfix or opensmtpd as an open relay. Just make sure it is only accessible in trusted networks though!!
https://docbot.onetwoseven.one/services/postfix/
You’d want to set the listen address to 0.0.0.0 and use a non-loop back interface.
Just make sure it is only accessible in trusted networks though!!
Aw you're no fun. Next you'll be telling me to block all emails over 500 miles.
You're trading one security issue (profileration of app passwords) to another one (an unauthenticated relay). Is it worth it?
An unauthenticated relay isn't a security problem when it can only send to certain addresses in 365, and isn't even accessible outside the local network.
Well…it is a potential risk that links back to you pretty much directly. What is stopping some rogue sw from sniffing out smtp and then going bananas?
I would look for other ways tbh. Running smtp locally is imo asking for trouble.
It's behind a firewall for one. But even so, you should configure it to only accept connections from the local network, only send via 365, and only to your own address, then the scope is vastly reduced.
threat & impact is essentially identical => "so for SMTP on all my devices at home"; the home environment is a bit swampy, a mix of protected and unprotected network.
A worm/bot sending out mass emails from Business 365 would be perceptually damaging to the business; would advise against SMTP and instead look at other secure methods of provisioning identity that are not quite as labor intensive as sticking credentials in each nook and cranny. Or...simply don't utilize O365....
Having an unauthenticated relay imposes the responsibility to configure it correctly (the "only certain addresses" part) and protect it (the "accessible outside the local network" bit). Are you sure it's not accessible? Did you remember to test with IPv6 too? Will it remain protected after the next time you mess around with your firewall for some totally unrelated reason?
If it works - good for you, but be mindful of all the baggage that comes with a new service.