#121 having trouble setting up

[Mark Kovach]

Having trouble setting up emailrelay.auth for oauth. I have a token but its not clear how to setup the emailrelay.auth file.

Is there any information or anyone to help me? Also does the token need to be updated every hour or is there a way so the token I put in the emailrelay.auth file is good for a year or more.

I know the token is working using postman, I can see a successful authentication in Entra for the application emailrelay I created.

I have emailrelay running on ubuntu 22.04

The token I use has a grant type of Password credentials using a username that emailrelay uses.

I tried

client oauth joe@something.com eyJ0eXAiOiJKV1QiLC.....

Nov 12 11:42:54 server-22 systemd[1]: Failed to start LSB: E-MailRelay store-and-forward MTA..
Nov 12 11:42:54 server-22 systemd[1]: emailrelay.service: Failed with result 'exit-code'.
Nov 12 11:42:54 server-22systemd[1]: emailrelay.service: Control process exited, code=exited, status=1/FAILURE
Nov 12 11:42:54 server-22emailrelay[1882623]: ...fail!
Nov 12 11:42:54 server-22 emailrelay[1882628]: emailrelay: error: invalid authorisation secret: line 1: invalid xtext encoding of secret

I noticed in postman under Headers for authorization the value is: Bearer eyJ0eXAiOiJKV1QiLC.....

Any help to would be appreciated. If anyone can help me please msg me

Thanks

[Graeme Walker]

Please take a look at https://sourceforge.net/p/emailrelay/support-requests/121/

Following on from the ugg.li guys' work I wrote this to go into the emailrelay user guide in the next release:

Microsoft 365
-------------
E-MailRelay can forward e-mails to a Microsoft 365 Exchange
server for onward delivery. Set the "--forward-to" address to
"smtp.office365.com:587", and enable authentication and TLS
by using the "--client-auth" and "--client-tls" options,
or add these lines to the "emailrelay.cfg" configuration
file:

    forward-to smtp.office365.com:587 
    client-tls
    client-auth C:/ProgramData/E-MailRelay/emailrelay.auth

The secrets file ("emailrelay.auth") should contain the
credentials for logging in to the Microsoft server, but
because Microsoft's policy is to limit the use of passwords
these credentials will normally have to be OAUTH tokens:

    client oauth:b me@mydomain.onmicrosoft.com dXNlcj1ncmFlbW...

Configure your Microsoft 365 *Exchange* [https://admin.exchange.microsoft.com]
server's 'mail flow' to allow SMTP AUTH and register
E-MailRelay as an authenticating application, and then obtain
a fresh OAUTH token to go into the E-MailRelay secrets file
before forwarding e-mails.

Use the *scripts* [https://github.com/DATA-Systems/E-MailRelay-Token-Updater]
on GitHub from DATA-Systems GmbH to help with this.

I hope that helps. Please feed back any advice for others to follow.

[Mark Kovach]

I run the first script ./create-m365-app-principals.ps1 with no issues, creates the application.

I run the second script and it creates a emailrelay.auth file but the contents are

client oauth:b test TEST_BASE64_ENCODED_XOAUTH2_TOKEN

shouldn't the -UserPrincipialName I used be in there and a token?

I did change below since I don't have emairlrelay actually running here but on my ubuntu server.
$AuthFile = 'C:\ProgramData\E-MailRelay\emailrelay.auth'
to
$AuthFile = '/Users/markk/emailrelay.auth'

[Graeme Walker]

Yes, the "client oauth:b ..." line should include the authentication name and the base64-encoded token, similar to the example in my userguide text. Can you get help from the script authors? It's difficult for me to help because while I did some testing many months ago I no longer have a 365 account and I do not speak powershell.

[Mark Kovach]

I found the problem these lines needed changing, though it didn't say anything about it.

60 $emailrelayClientOauth = "client oauth:b $Username"
61 $emailrelayAuthConfig = "$emailrelayClientOauth $saslXOAuth2"

Thanks