How to receive e-mail alerts from internal devices

zachary715

Maybe it's me, but I find the search function of this website hit or miss, so forgive me if there are already good resources available for this question, and point me to the right place.

Goal:

We have a number of internal devices that have the ability to send logs via e-mail, however I do not currently have anything setup to do this. What I would like ideally is to be able to...

1. Customize the "From" address based on the device being sent or
   1A) Customize or format the subject of the e-mail being sent to more easily identify from what device it's coming (I would think this would rely more on the device sending the email vs the "email server" itself.

2. Specify based on device and log messages different recipients. For instance, we have some engineers who would need to receive these alerts from some devices but not all.

Additional Info:

• We currently are Office365 users.
• Our internal Windows domain is a .local (if that matters)
• For my firewall currently, I'm authenticating logs through my email account and Office365 so it appears as though I'm emailing myself. I've had some difficulty getting this config setup in other devices, and I would just like to customize the "From" if possible based on device without setting up a new mailbox for each device (if possible).

Ideally, I'd do this in a Linux server. I've setup a basic Postfix server after finding Basic Email Sending with Linux. I've got that postfix server sending email direct, but am having trouble connecting other devices to send through it.

Hopefully that's enough info of my goal for someone to help point me in the right direction.

scottalanmiller

That Postfix server needs to be set to accept relay messages from those other machines. Typically this is done by IP address.

black3dynamite

Did you setup the firewall to allow access to postfix?

firewall-cmd --add-service=smtp --permanent
firewall-cmd --reload

NashBrydges

Yeah, I'd love to use a single email relay. I've just been setting up each server with Postfix but that's inefficient. Would love to direct all device emails that can't autosend via Office 365 through this single relay. A how-to would be ideal. I was searching for this very thing here a couple days ago and couldn't find anything.

black3dynamite

In the /etc/postfix/main.cf file, the following would need to be changed:
inet_interfaces needs to be changed from localhost to all
mynetworks should include the networks or hosts that will be accessing your postfix server.

zachary715

Before we get too deep off into postfix specifics, my main question is about the proper or "best" way to accomplish this and whether postfix is that method.

@black3dynamite I'm implementing these steps now. Will test once I've tweaked these settings and see where I get. Thanks

Obsolesce

@zachary715

I'm doing the same thing (also on a .local) using an O365 relay server. It's a Windows Server set up to be an SMTP relay for O365.

If you fire an email to it, it'll relay it to O365, and send as whatever "from address" you use, so long as the SMTP Relay account is able to send on behalf of that email.

What I do, is set up an O365 security group for each email I want to send as.

Example:

• Set up a security group in O365 and set the email to [email protected]
• Give the "smtp relay" account permission to send as/send on behalf on the above.
• Use that email as the "from address", and point your server to the SMTP relay server.

I haven't done it on Linux, so I'm completely unfamiliar with that, but I can walk you through setting it up on a Windows Server using the built-in components (it uses IIS), if you go the Windows Server route.

NashBrydges

@black3dynamite said in How to receive e-mail alerts from internal devices:

In the /etc/postfix/main.cf file, the following would need to be changed:
inet_interfaces needs to be changed from localhost to all
mynetworks should include the networks or hosts that will be accessing your postfix server.

I've also added my fixed IP address to the SPF record in Office 365. I discovered a while ago that without this, emails eventually get blocked as unauthorised to send on behalf of the domain I was using.

NashBrydges

@tim_g said in How to receive e-mail alerts from internal devices:

@zachary715

I'm doing the same thing (also on a .local) using an O365 relay server. It's a Windows Server set up to be an SMTP relay for O365.

If you fire an email to it, it'll relay it to O365, and send as whatever "from address" you use, so long as the SMTP Relay account is able to send on behalf of that email.

What I do, is set up an O365 security group for each email I want to send as.

Example:

• Set up a security group in O365 and set the email to [email protected]
• Give the "smtp relay" account permission to send as/send on behalf on the above.
• Use that email as the "from address", and poing yoru server to the SMTP relay server.

I haven't done it on Linux, so I'm completely unfamiliar with that, but I can walk you through setting it up on a Windows Server using the built-in components (it uses IIS), if you go the Windows Server route.

That works for those devices that can self-authenticate via an actual account on Office 365. That works for my Sophos XG UTM for example but not for the majority of Linux servers I'm running.

zachary715

@nashbrydges said in How to receive e-mail alerts from internal devices:

@black3dynamite said in How to receive e-mail alerts from internal devices:

In the /etc/postfix/main.cf file, the following would need to be changed:
inet_interfaces needs to be changed from localhost to all
mynetworks should include the networks or hosts that will be accessing your postfix server.

I've also added my fixed IP address to the SPF record in Office 365. I discovered a while ago that without this, emails eventually get blocked as unauthorised to send on behalf of the domain I was using.

And I've seen this mentioned, but didn't know if I even needed to go through Office 365 to accomplish this since I'm doing internal only. I was running into this before though when trying to send e-mails from the UPS and they were blocked as spoofed.

scottalanmiller

@zachary715 said in How to receive e-mail alerts from internal devices:

Before we get too deep off into postfix specifics, my main question is about the proper or "best" way to accomplish this and whether postfix is that method.

@black3dynamite I'm implementing these steps now. Will test once I've tweaked these settings and see where I get. Thanks

Yes, that's how we do it.

zachary715

@tim_g said in How to receive e-mail alerts from internal devices:

@zachary715

I'm doing the same thing (also on a .local) using an O365 relay server. It's a Windows Server set up to be an SMTP relay for O365.

If you fire an email to it, it'll relay it to O365, and send as whatever "from address" you use, so long as the SMTP Relay account is able to send on behalf of that email.

What I do, is set up an O365 security group for each email I want to send as.

Example:

• Set up a security group in O365 and set the email to [email protected]
• Give the "smtp relay" account permission to send as/send on behalf on the above.
• Use that email as the "from address", and point your server to the SMTP relay server.

I haven't done it on Linux, so I'm completely unfamiliar with that, but I can walk you through setting it up on a Windows Server using the built-in components (it uses IIS), if you go the Windows Server route.

@Tim_G Looks like a good opportunity for a write-up/guide :winking_face: I'd like to do this Linux first but if all else fails, I will revert to this. Would be nice to have a write-up to fall back on and for others who come looking. I'd love to know how to do it both ways for future use case.

black3dynamite

To have postfix relay to Office 365, you would need to setup postfix to use TLS.

If you are using Fedora make sure you have these packages installed:

sudo dnf -y install postfix cyrus-sasl cyrus-sasl-plain mailx

Installing cyrus-sasl and cyrus-sasl-plain is needed if you want to configure postfix to use TLS.

Start at the section where it talks about configuring postfix to use TLS.
https://gordan.jandreoski.me/how-to-configure-postfix-relay-to-office365-on-ubuntu-14-04/

zachary715

@black3dynamite said in How to receive e-mail alerts from internal devices:

To have postfix relay to Office 365, you would need to setup postfix to use TLS.

If you are using Fedora make sure you have these packages installed:

sudo dnf -y install postfix cyrus-sasl cyrus-sasl-plain mailx

Installing cyrus-sasl and cyrus-sasl-plain is needed if you want to configure postfix to use TLS.

Start at the section where it talks about configuring postfix to use TLS.
https://gordan.jandreoski.me/how-to-configure-postfix-relay-to-office365-on-ubuntu-14-04/

Well this is part of my initial question is DO I NEED IT TO RELAY TO OFFICE365 AT ALL if it'll all be internal devices? You could make the argument I guess that eventually there may be an external device I wanted to use this for so set it up this way, but this is what I'm trying to uncover. Complete noob here.

NashBrydges

@black3dynamite said in How to receive e-mail alerts from internal devices:

To have postfix relay to Office 365, you would need to setup postfix to use TLS.

If you are using Fedora make sure you have these packages installed:

sudo dnf -y install postfix cyrus-sasl cyrus-sasl-plain mailx

Installing cyrus-sasl and cyrus-sasl-plain is needed if you want to configure postfix to use TLS.

Start at the section where it talks about configuring postfix to use TLS.
https://gordan.jandreoski.me/how-to-configure-postfix-relay-to-office365-on-ubuntu-14-04/

For Postfix to enable TLS, all you need to add to the main config file is this line:

smtp_tls_security_level = may

Email headers confirm that emails are encrypted. I've checked on Gmail as well as my Office 365 email.

black3dynamite

@nashbrydges said in How to receive e-mail alerts from internal devices:

@black3dynamite said in How to receive e-mail alerts from internal devices:

To have postfix relay to Office 365, you would need to setup postfix to use TLS.

If you are using Fedora make sure you have these packages installed:

sudo dnf -y install postfix cyrus-sasl cyrus-sasl-plain mailx

Installing cyrus-sasl and cyrus-sasl-plain is needed if you want to configure postfix to use TLS.

Start at the section where it talks about configuring postfix to use TLS.
https://gordan.jandreoski.me/how-to-configure-postfix-relay-to-office365-on-ubuntu-14-04/

For Postfix to enable TLS, all you need to add to the main config file is this line:

smtp_tls_security_level = may

Email headers confirm that emails are encrypted. I've checked on Gmail as well as my Office 365 email.

That's good know.

NashBrydges

@black3dynamite Here is what it looks like at the Gmail end (personal details obfuscated).

zachary715

@black3dynamite said in How to receive e-mail alerts from internal devices:

In the /etc/postfix/main.cf file, the following would need to be changed:
inet_interfaces needs to be changed from localhost to all
mynetworks should include the networks or hosts that will be accessing your postfix server.

Made these changes along with ensuring that SMTP ports were open and I am now receiving email from the UPS device via Postfix.

Settings on UPS:

From: [email protected]
SMTP Server: Postfix server IP Address (192.168.1.x)
Port: 25
No authentication

If this works on the rest of my devices, then I believe we'll be in business and I won't have to involve Office365 at all.

Obsolesce

@nashbrydges said in How to receive e-mail alerts from internal devices:

@tim_g said in How to receive e-mail alerts from internal devices:

@zachary715

I'm doing the same thing (also on a .local) using an O365 relay server. It's a Windows Server set up to be an SMTP relay for O365.

If you fire an email to it, it'll relay it to O365, and send as whatever "from address" you use, so long as the SMTP Relay account is able to send on behalf of that email.

What I do, is set up an O365 security group for each email I want to send as.

Example:

• Set up a security group in O365 and set the email to [email protected]
• Give the "smtp relay" account permission to send as/send on behalf on the above.
• Use that email as the "from address", and poing yoru server to the SMTP relay server.

I haven't done it on Linux, so I'm completely unfamiliar with that, but I can walk you through setting it up on a Windows Server using the built-in components (it uses IIS), if you go the Windows Server route.

That works for those devices that can self-authenticate via an actual account on Office 365. That works for my Sophos XG UTM for example but not for the majority of Linux servers I'm running.

No authentication is needed, that's what the SMTP server is for. For internal devices, so long as they all an SMTP server and port, optionally a from address... that's all that is needed. The SMTP server (O365 Relay) takes care of the auth.

Obsolesce

@zachary715 said in How to receive e-mail alerts from internal devices:

@black3dynamite said in How to receive e-mail alerts from internal devices:

To have postfix relay to Office 365, you would need to setup postfix to use TLS.

If you are using Fedora make sure you have these packages installed:

sudo dnf -y install postfix cyrus-sasl cyrus-sasl-plain mailx

Installing cyrus-sasl and cyrus-sasl-plain is needed if you want to configure postfix to use TLS.

Start at the section where it talks about configuring postfix to use TLS.
https://gordan.jandreoski.me/how-to-configure-postfix-relay-to-office365-on-ubuntu-14-04/

Well this is part of my initial question is DO I NEED IT TO RELAY TO OFFICE365 AT ALL if it'll all be internal devices? You could make the argument I guess that eventually there may be an external device I wanted to use this for so set it up this way, but this is what I'm trying to uncover. Complete noob here.

You don't need a relay if whatever is sending alerts/emails does full authentication by itself. The problem is that many things do not, and many do not even do authentication at all and just have a spot for server and port only.