On Sun, 30 Nov 2025 01:11:33 +0100, Jean-Marc Annonier <[email protected]> wrote: > > [1 <text/plain; UTF-8 (7bit)>] > Hello all, > > First forgive me if this topic has already been addressed, if there is a > readily available solution, please let me know! > > For the last 3 years, I've been happily using Opensmtp as an internal relay > to send all my emails from internal hosts via my M365 mailbox. > > On the internal side: Wordpress sites, backup services, virtualisation > services, etc all connecting to Opensmtp with no authentication, no > encryption. Then Opensmtp sends these emails using smtp+tls as shown below. > Sample config: > ------------------- > table secrets file:/etc/mail/secrets > listen on 0.0.0.0 inet4 port 25 > action "relaymydomain" relay host smtp+tls:// > [email protected]:587 auth <secrets> > match from mail-from "[email protected]" for any action "relaymydomain" > > Very easy and very efficient! > > Unfortunately, Microsoft is about to break everything with the > deprecation of Basic Authentication starting from March 2026: Exchange > Online to retire Basic auth for Client Submission (SMTP AUTH) | Microsoft > Community Hub > <https://techcommunity.microsoft.com/blog/exchange/exchange-online-to-retire-basic-auth-for-client-submission-smtp-auth/4114750> > > All authentication now needs to be done through OAuth2 tokens, and unless I > am mistaken, Opensmtp doesn't support OAuth2. I've seen there may be > filters but I don't know where to find them. > > I can fix the Wordpress websites with new plugins that support OAuth2 > (WPO365 is very good). But for older services that don't support OAuth2, > I'm stuck. I've been looking for alternatives on Github but couldn't find a > universal solution. > > As I'm probably not the only one with this problem, I thought I'd reach to > the group to see if anyone has a working solution. >
Implementing XOAUTH2 isn't a big issue to be honest. But an issue that you need to rotate token time to time. Last time when I've checked google OAuth it had lifetime 3600 seconds if I recall right. That makes it quite anoyed. -- wbr, Kirill
