99eb104966c8 — Joe Ulfers 1 year, 9 months ago 
Mail
patch browse 
1 files changed, 28 insertions(+), 1 deletions(-)

M readme.md

M readme.md +28 -1
@@ 134,6 134,34 @@ vi /etc/httpd/conf.d/ssl.conf
   SSLCertificateFile /etc/letsencrypt/live/qwertywar.com/fullchain.pem
   SSLCertificateKeyFile /etc/letsencrypt/live/qwertywar.com/privkey.pem
 
+After configuring so I can send mail, below, can finally set up certbot to auto-renew with crontab -e
+
+  MAILFROM=joe@legaltextcollector.com
+  * * * 8 0 /usr/local/bin/certbot renew --quiet
+
+There are several way to send mail via o365 https://learn.microsoft.com/en-us/Exchange/mail-flow-best-practices/how-to-set-up-a-multifunction-device-or-application-to-send-email-using-microsoft-365-or-office-365. This might be simplest: allow smtp auth as described in https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/authenticated-client-smtp-submission
+
+  dnf install s-nail postfix cyrus-sasl-plain
+  systemctl enable postfix
+  systemctl start postfix
+
+Create app password
+
+Then got SASL authentication failed; server smtp.office365.com[2603:1036:302:505e::2] said: 535 5.7.139 Authentication unsuccessful, the request did not meet the criteria to be authenticated successfully. https://learn.microsoft.com/en-us/answers/questions/848093/sending-smtp-email-via-our-website-error-535-5-7-1 claims I need to disable security defaults, so I do that. Now back to "offered no compatible authentication mechanisms"
+
+This continues to fail at first, but eventually the error message changes.
+
+SendAsDenied; joe@legaltextcollector.com not allowed to send as root@digital-ocean-web.localdomain; STOREDRV.Submission.Exception:SendAsDeniedException.MapiExceptionSendAsDenied; Failed to process message due to a permanent exception with message [BeginDiagnosticData]Cannot submit message. 0.35250:973F0000, 1.36674:0A000000, 1.61250:00000000, 1.45378:02000000, 1.44866:0D1B0000, 1.36674:0E000000, 1.61250:00000000, 1.45378:121B0000, 1.44866:C0010000, 16.55847:E90D0000, 17.43559:0000000024020000000000000000000000000000, 20.52176:140FBC991C00103100000000, 20.50032:140FBC998B17000000000000, 0.53414:140FBC99, 0.35180:0B020000, 255.23226:140FBC99, 255.27962:0A000000, 255.27962:0E000000, 255.31418:1F000130, 0.35250:140FBC99, 1.36674:0A000000, 1.61250:00000000, 1.45378:02000000, 1.44866:40000000, 1.36674:32000000, 1.61250:00000000, 1.45378:45000000, 1.44866:01000000, 16.55847:BB000000, 17.43559:00000000B8030000000000000000000000000000, 20.52176:140FBC991C0070204800D13D, 20.50032:140FBC998B17101057000000, 0.53414:0A002F3D, 0.35180:0B002900, 255.23226:68000000, 255.27962:0A000000, 255.27962:32000000, 255.17082:DC040000, 0.27745:0A00B680, 4.21921:DC040000, 255.27962:FA000000, 255.1494:03000B67, 0.38698:05000780, 1.41134:46000000, 0.37692:86000000, 0.37948:86000000, 5.33852:00000000534D545000000000, 7.36354:010000000000010986000000, 4.56248:DC040000, 7.40748:010000000000010B86000000, 7.57132:000000000000000086000000, 4.39640:DC040000, 1.63016:32000000, 8.45434:199210B93C92464383A146FC8D4C910A86000000, 1.46798:04000000, 5.10786:0000000031352E32302E363538382E3032373A444D36505231314D42343531363A62643562613534612D623533392D346161382D393736312D3033333263626162613633333A3130343030303A2E4E455420362E302E313800000000, 7.51330:C11DEC3BAB84DB0812000000, 0.39570:12000000, 1.5
+
+When I ``mail -r joe@legaltextcollector.com``, it now goes through.
+
+In crontab, I can use MAILFROM=joe@legaltextcollector.com, but I get cron into a broken state where it isn't sending mail at all for a while. Have to ``systemctl restart crond`` then it's fixed. Restart crond might be necessary for the MAILFROM setting to take effect at all.
+
+
+So trying a "connector" https://admin.exchange.microsoft.com/#/connectors "authenticate by ip address" got error "connect to legaltextcollector-com.mail.protection.outlook.com[104.47.70.110]:25: Connection timed out" which is the same as I had before I set up the connector. Digital Ocean says they're blocking outgoing smtp for new accounts https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-postfix-as-a-send-only-smtp-server-on-ubuntu-22-04 so maybe it's them blocking me rather than Microsoft, didn't try to diagnose. Trashed the connector.
+
+Digital Ocean wants you to use SendGrid. SendGrid has a free plan "forever" https://sendgrid.com/pricing/ so guess I'll try it. I sign up, but they force me to 2-factor-auth and inauspiciously the text messages don't arrive after several tries, so I can't log in. It eventually arrives, but in the meantime, the O365 setup seems to start working after disabling security defaults.
+
 
 todo: retry certbot from scratch, may not need --cert-only
 todo: consider virtualenv for certbot - but this centos global Python 3 already has a mess of package pollution so whatever

          
@@ 141,7 169,6 @@ todo: consider virtualenv for certbot - 
 todo: ipv6 still doesn't connect
 todo: initdb encoding and timezone params - see django requirements https://docs.djangoproject.com/en/4.1/ref/databases/#optimizing-postgresql-s-configuration
 todo: remove cockpit ('activate the webconsole nuisance message')
-todo: root mail
 todo: don't show apache welcome page
 todo: show ServerAdmin in 404 page
 todo: set daemon mode (and run each app as its own user)