I'm glad you're asking. These are cloud-hosted domains at microsofts exchange online (o365) infrastructure. Each user can set outgoing routing to smarthosts(called connectors) in exchanges admin-center. But - as said, no smtp-authentication is offered.
We're providing sending-capabilities paired with archive & delivery statistics. So our customers can just sign-up for our services, set there relayhost (in postfix terms) and we take care of the rest. Our non-postfix-users, that are having o365 as mail infrastructure, can set as well a smarthost BUT without any smtp-authentication capability. Thats our problem. We would like to accept our customer mails, coming from the MS world, but need some good/strong way, to authenticate them appropriately. so far, only sender-domain/address and MS own-published ip-ranges are factors, we have available. Am So., 16. Juni 2019 um 22:37 Uhr schrieb Viktor Dukhovni < postfix-us...@dukhovni.org>: > On Sun, Jun 16, 2019 at 05:46:52PM +0200, Stefan Bauer wrote: > > > Some of our users use o365 but would like to use our service for outgoing > > mails. We are offering smtp sending services. Integrating our service > in > > o365 is tricky, as one can only specify a smarthost but microsoft does > not > > offer any kind of authentication for smarthosts. > > Are these individual users or cloud-hosted domains? Who's authorized > to ask Microsoft to route their outbound traffic through your relay? > Can you distinguish one such Office365 sender from another? ... > > What's the point (if I may ask) of having their mail sent through > your relay? I assume that Microsoft could quite easily send their > outbound traffic directly to its destination. > > -- > Viktor. >