Issue with Initial Token Generation

Hello,

First of all, thank you for your excellent work. I apologize for my English as I am using Google Translate.

I have followed the instructions to install the plugin and I am now trying to generate the initial token for integration with Outlook. However, I am encountering an issue during the generation of the initial token. I used the following command: sasl-xoauth2-tool get-token outlook --client-id=eexxxxxx-xxxx-xxxx-xxxx-xxxxxxa54369.

The result of this command is a redirection URL to the Microsoft login site. I have successfully opened this URL in my browser and logged in. I replaced "consumers" with my tenant ID. Below is what I am getting: sasl-xoauth2-tool get-token outlook --client-id=eexxxxxx-xxxx-xxxx-xxxx-xxxxxxa54369 Please enter OAuth2 client secret (not always required; Azure docs are unclear): tExxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Please visit the following link in a web browser, then paste the resulting URL:

https://login.microsoftonline.com/consumers/oauth2/v2.0/authorize?client_id=eexxxxxx-xxxx-xxxx-xxxx-xxxxxxa54369&response_type=code&redirect_uri=https%3A%2F%2Flogin.microsoftonline.com%2Fcommon%2Foauth2%2Fnativeclient&response_mode=query&scope=openid+offline_access+https%3A%2F%2Foutlook.office.com%2FSMTP.Send

Resulting URL: https://login.microsoftonline.com/325xxxxx-xxxx-xxxx-xxxx-xxxxxxxxxa2c/oauth2/nativeclient?code=0.AXMAN5tcMuxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxxxxxxxx--DLA3VO7QrddgJg7WevrAgDs_wUA9P8ykQerNYse69AuUeMxTk54jgt8qpv1OBQvd-v1M05qswCZJtq-xn2sSwI5a3A_2CUY1w9-FPNZ1XNLsZEMPPov-yRWkMW0E4yzGTl39Gn7KVB9uROci_o5VOMSJ6lfdCHYoHOXlyX8iLQ_eXMaYeOWo-ttR3jxefXXjWgOpSuESUKT6AZik7TezgVFhn4Rk4XTMLOmwcSw2X90VMEFiUXF21KM9TBpkiqpuroeaInTlPdk3x-FSpaDKaDw96w3zdah_0yZcpElAXeHRYyWQ_q2BktijSPrU5d_NyTKhdqhjdS7VYkdlmT77U2NpafD0eReoSNYl9pAIwKQ7OoSNg0_a2xOxgIPNQXyTisA-klxvH7kJl9l51r3ShQZDgQOfv6XHzXDDXyqy2jMQ3dEZFIWxo1yceXjsd4nYhncK3DzHq6z8hovoqfBssHnqW1bk0lFx_ABOkPXHcSsqejy0lrXarnrHabFV5-vFGZUu5btWwQRQ5wL2_aLN3nI7Q6M0MiTvyz24xr43gLHDXhaA7vNDS1iXIRDYAR-0xwGX4dKpJ7hrnWRjFQPca6yeM6hrizOiQNt3G4r1eyXaspgfBNNCjRkKnXR_r90j8ZXWwlLmaRyDkbDeL91wAJ69l27DhUfx-xxxxxxxxxxxxxxxxxxx_9Enle5UpIJXtA9BFf6MLzsaNuQgTuco9MHwJuWb5Kv2REZuLo45MTuDCdYMBCaVO_5IcjaPJpmmNmBA4-dapNGn6unxijQiZePWSR-fbTDqy2r_WZl23vrgw9UZAnf8BcFuXCZ8orExm_rtdcVm8BYy9yb21oBHc0yJvVxpNZbRTP6q-b1joTnwjQXsg4D0g8nLNr7LWQL&session_state=f399xxxx-xxxx-xxxx-xxxx-xxxxxxcd0432 Traceback (most recent call last): File "/usr/bin/sasl-xoauth2-tool", line 311, in main() File "/usr/bin/sasl-xoauth2-tool", line 304, in main args.func(args) File "/usr/bin/sasl-xoauth2-tool", line 204, in subcommand_get_token get_token_outlook( File "/usr/bin/sasl-xoauth2-tool", line 183, in get_token_outlook code = outlook_get_authorization_code(client_id, tenant) File "/usr/bin/sasl-xoauth2-tool", line 146, in outlook_get_authorization_code raise Exception(f"Resulting URL does not contain expected prefix: {OUTLOOK_REDIRECT_URI}") Exception: Resulting URL does not contain expected prefix: https://login.microsoftonline.com/common/oauth2/nativeclient

Thank you for your assistance.

Hey there this is the correct syntax try this way sasl-xoauth2-tool get-token --client-id=(Application (client) ID from AAD) --tenant=(Directory (tenant) ID from AAD) outlook /var/spool/postfix/etc/tokens/username@domain.onmicrosoft.com

specify tenant Id if your app is created for communication in tenant purpose.

Note: If you have specified client secret value in sas-xoauth2.conf file please don't enter when it prompts for client secret value hope it helps.

You mentioned that you "replaced 'consumers' with my tenant ID" -- can you be more specific about where you did this? Which URL did you modify? And why?

Also yes if you have a tenant ID you should pass it to sasl-xoauth2-tool on the command line.

Thank you, I managed to generate the initial token. However, I had to manually create the "tokens" folder. I restarted the Postfix service and performed a test sending, but I'm still encountering errors : Jun 19 15:18:39 postfixrelay postfix/smtp[7824]: 572B33010C0: SASL authentication failed; server smtp.office365.com[52.98.207.2] said: 451 4.7.0 Temporary server error. Please try again later. PRX5 [LO4P123CA05763.PROD.OUTLOOK.COM 2023-06-19T15:18:39.723Z 08DB709194] Jun 19 15:18:41 postfixrelay postfix/smtp[7824]: 572B330: SASL authentication failed; server smtp.office365.com[52.97.211.178] said: 451 4.7.0 Temporary server error. Please try again later. PRX5 [LO4P123CA0425.GBRP123.PROD.OUTLOOK.COM 2023-06-19T15:18:41.013Z 08DB707C] Jun 19 15:18:42 postfixrelay postfix/smtp[7824]: 572B33010C0: SASL authentication failed; server smtp.office365.com[40.99.218.82] said: 451 4.7.0 Temporary server error. Please try again later. PRX5 [LO0P123CA0006.GBRP123.PROD.OUTLOOK.COM 2023-06-19T15:18:42.340Z 08DB70657556C723] Jun 19 15:18:43 postfixrelay postfix/smtp[7824]: 572B33010C0: to=nom@domain.fr, relay=smtp.office365.com[40.99.202.82]:587, delay=5.1, delays=0.03/0.2/4.9/0, dsn=4.7.0, status=deferred (SASL authentication failed; server smtp.office365.com[40.99.202.82] said: 451 4.7.0 Temporary server error. Please try again later. PRX5 [LO4P265C7.GBRP265.PROD.OUTLOOK.COM 2023-06-19T15:18:43.423Z 08DB706])

Please make sure you've followed all the steps in the README, especially around Postfix configuration. I don't see any error messages from sasl-xoauth2 in your log snippet, which leads me to believe Postfix isn't trying to use it at all.

Jun 20 12:00:23 postfixrelay smtp: 3FC71300EB1: SASL authentication failed; cannot authenticate to server smtp.office365.com[40.99.151.162]: bad protocol / cancel Jun 20 12:00:23 postfixrelay sasl-xoauth2: auth failed: Jun 20 12:00:23 postfixrelay sasl-xoauth2: 2023-06-20 12:00:23: Client: created Jun 20 12:00:23 postfixrelay sasl-xoauth2: 2023-06-20 12:00:23: Client::DoStep: called with state 0 Jun 20 12:00:23 postfixrelay sasl-xoauth2: 2023-06-20 12:00:23: Client::InitialStep: TriggerAuthNameCallback err=0 Jun 20 12:00:23 postfixrelay sasl-xoauth2: 2023-06-20 12:00:23: Client::InitialStep: TriggerPasswordCallback err=0 Jun 20 12:00:23 postfixrelay sasl-xoauth2: 2023-06-20 12:00:23: TokenStore::Read: file=/etc/tokens/login@domain.com Jun 20 12:00:23 postfixrelay sasl-xoauth2: 2023-06-20 12:00:23: TokenStore::Read: refresh=0.AXMAN5tcMuXKkEa898YhNBXKLN7BgO5H0QtAvTmFQNilQ2lzALQ.AgABAAEAAAD--DLA3VO7QrddgJg7WevrAgDs_wUA9P_28wna85SMZ3AqVOGe2Z7VXIcxb-q26xZ02ui0IOkA7irhrAlqCkCGEgr1xX8u4p7w5xhrVwDWJwTaUd2-HV29hmqfMWFUY04LIGMKffB6ZRqRRUrcd1i_1Ruxf_2FJYoLGTMJEszolEA25cm62klNe1ZPXVSEFikMpSwexj3HoSvuVjiEM8pj7BDo3-OfyOWQBUTv81QatUy9ybQR5z4YEInqXeJqq8a4Z747ShP_qAUpZEYcg48IcNBcNi3xvwRTJd8a-x5wHXC2Pk4E6yPKoMeZNAkuzmSh9NlVvzL0XI8Bul6_wv8_vbymKQyn8bQq81yfUhcr3V0K0Pch34wfcTR9tHPyaBgFhL186Flgn182MjWFct72AZ2JqcIrVmFt_3tfeV12_uYXh_dP0Dd2RAUOQWf_6JnkdwMHmEvnr9LvMrE25aRl_hvhf9Jtzy_ffNFT5aQwSeF83rfjxmpMdf5DH5xijWBuu0URk8-lh954REUePQfIVnYHbHjhl7fEW82hY2xQQmXBGdtUwcvust, access=eyJ0eXAiOiJKV1QiLCJub25jZSI6Il93cFFtbGNWZnFFOUctazhHTWZzVmxjbG14THpmdjBkYUl3ZTNCWlBXQ0UiLCJhbGciOiJSUz Jun 20 12:00:23 postfixrelay sasl-xoauth2: 2023-06-20 12:00:23: TokenStore::GetAccessToken: token expired. refreshing. Jun 20 12:00:23 postfixrelay sasl-xoauth2: 2023-06-20 12:00:23: TokenStore::Refresh: attempt 1 Jun 20 12:00:23 postfixrelay sasl-xoauth2: 2023-06-20 12:00:23: TokenStore::Refresh: token_endpoint: https://login.microsoftonline.com/32xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxc/oauth2/v2.0/token Jun 20 12:00:23 postfixrelay sasl-xoauth2: 2023-06-20 12:00:23: TokenStore::Refresh: request: client_id=exxxxxxx-d147-xxxx-bd39-xxxxxxxxxxxxxx9&client_secret=tExxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxrqbsk&grant_type=refresh_token&refresh_token=0.AXMAN5tcMuXKkEa898YhNBXKLN7BgO5H0QtAvTmFQNilQ2lzALQ.AgABAAEAAAD--DLA3VO7QrddgJg7WevrAgDs_wUA9P_28wna85SMZ3AqVOGe2Z7VXIcxb-q26xZ02ui0IOkA7irhrAlqCkCGEgr1xX8u4p7w5xhrVwDWJwTaUd2-HV29hmqfMWFUY04LIGMKffB6ZRqRRUrcd1i_1Ruxf_2FJYoLGTMJEszolEA25cm62klNe1ZPXVSEFikMpSwexj3HoSvuVjiEM8pj7BDo3-OfyOWQBUTv81QatUy9ybQR5z4YEInqXeJqq8a4Z747ShP_qAUpZEYcg48IcNBcNi3xvwRTJd8a-x5wHXC2Pk4E6yPKoMeZNAkuzmSh9NlVvzL0XI8Bul6_wv8_vbymKQyn8bQq81yfUhcr3V0K0Pch34wfcTR9tHPyaBgFhL186Flgn182MjWFct72AZ2JqcIrVmFt_3tfeV12_uYXh_dP0Dd2RAUOQWf_6JnkdwMHmEvnr9LvMrE25aRl_hvhf9Jtzy_ffNFT5aQwSeF83rfjxmpMdf5DH5xijWBuu0URk8-lh954REUePQfI Jun 20 12:00:23 postfixrelay sasl-xoauth2: 2023-06-20 12:00:23: TokenStore::Refresh: http error: error setting certificate file: /etc/ssl/certs/ca-certificates.crt Jun 20 12:00:23 postfixrelay sasl-xoauth2: 2023-06-20 12:00:23: Client::DoStep: new state 0 and err -5 Jun 20 12:00:23 postfixrelay sasl-xoauth2: 2023-06-20 12:00:23: Client: destroyed Jun 20 12:00:23 postfixrelay smtp: 3FC71300EB1: to=rcpt@domain.com, relay=smtp.office365.com[40.100.174.194]:587, delay=1.1, delays=0.04/0.26/0.81/0, dsn=4.7.0, status=deferred (SASL authentication failed; cannot authenticate to server smtp.office365.com[40.100.174.194]: bad protocol / cancel) Jun 20 12:00:23 postfixrelay sasl-xoauth2: auth failed: Jun 20 12:00:23 postfixrelay sasl-xoauth2: 2023-06-20 12:00:23: Client: created Jun 20 12:00:23 postfixrelay sasl-xoauth2: 2023-06-20 12:00:23: Client::DoStep: called with state 0 Jun 20 12:00:23 postfixrelay sasl-xoauth2: 2023-06-20 12:00:23: Client::InitialStep: TriggerAuthNameCallback err=0 Jun 20 12:00:23 postfixrelay sasl-xoauth2: 2023-06-20 12:00:23: Client::InitialStep: TriggerPasswordCallback err=0 Jun 20 12:00:23 postfixrelay sasl-xoauth2: 2023-06-20 12:00:23: TokenStore::Read: file=/etc/tokens/login@domain.com Jun 20 12:00:23 postfixrelay sasl-xoauth2: 2023-06-20 12:00:23: TokenStore::Read: refresh=0.AXMAN5tcMuXKkEa898YhNBXKLN7BgO5H0QtAvTmFQNilQ2lzALQ.AgABAAEAAAD--DLA3VO7QrddgJg7WevrAgDs_wUA9P_28wna85SMZ3AqVOGe2Z7VXIcxb-q26xZ02ui0IOkA7irhrAlqCkCGEgr1xX8u4p7w5xhrVwDWJwTaUd2-HV29hmqfMWFUY04LIGMKffB6ZRqRRUrcd1i_1Ruxf_2FJYoLGTMJEszolEA25cm62klNe1ZPXVSEFikMpSwexj3HoSvuVjiEM8pj7BDo3-OfyOWQBUTv81QatUy9ybQR5z4YEInqXeJqq8a4Z747ShP_qAUpZEYcg48IcNBcNi3xvwRTJd8a-x5wHXC2Pk4E6yPKoMeZNAkuzmSh9NlVvzL0XI8Bul6_wv8_vbymKQyn8bQq81yfUhcr3V0K0Pch34wfcTR9tHPyaBgFhL186Flgn182MjWFct72AZ2JqcIrVmFt_3tfeV12_uYXh_dP0Dd2RAUOQWf_6JnkdwMHmEvnr9LvMrE25aRl_hvhf9Jtzy_ffNFT5aQwSeF83rfjxmpMdf5DH5xijWBuu0URk8-lh954REUePQfIVnYHbHjhl7fEW82hY2xQQmXBGdtUwcvust, access=eyJ0eXAiOiJKV1QiLCJub25jZSI6Il93cFFtbGNWZnFFOUctazhHTWZzVmxjbG14THpmdjBkYUl3ZTNCWlBXQ0UiLCJhbGciOiJSUz Jun 20 12:00:23 postfixrelay sasl-xoauth2: 2023-06-20 12:00:23: TokenStore::GetAccessToken: token expired. refreshing. Jun 20 12:00:23 postfixrelay sasl-xoauth2: 2023-06-20 12:00:23: TokenStore::Refresh: attempt 1 Jun 20 12:00:23 postfixrelay sasl-xoauth2: 2023-06-20 12:00:23: TokenStore::Refresh: token_endpoint: https://login.microsoftonline.com/32xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxc/oauth2/v2.0/token Jun 20 12:00:23 postfixrelay sasl-xoauth2: 2023-06-20 12:00:23: TokenStore::Refresh: request: client_id=exxxxxxx-d147-xxxx-bd39-xxxxxxxxxxxxxx9&client_secret=tExxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxrqbsk&grant_type=refresh_token&refresh_token=0.AXMAN5tcMuXKkEa898YhNBXKLN7BgO5H0QtAvTmFQNilQ2lzALQ.AgABAAEAAAD--DLA3VO7QrddgJg7WevrAgDs_wUA9P_28wna85SMZ3AqVOGe2Z7VXIcxb-q26xZ02ui0IOkA7irhrAlqCkCGEgr1xX8u4p7w5xhrVwDWJwTaUd2-HV29hmqfMWFUY04LIGMKffB6ZRqRRUrcd1i_1Ruxf_2FJYoLGTMJEszolEA25cm62klNe1ZPXVSEFikMpSwexj3HoSvuVjiEM8pj7BDo3-OfyOWQBUTv81QatUy9ybQR5z4YEInqXeJqq8a4Z747ShP_qAUpZEYcg48IcNBcNi3xvwRTJd8a-x5wHXC2Pk4E6yPKoMeZNAkuzmSh9NlVvzL0XI8Bul6_wv8_vbymKQyn8bQq81yfUhcr3V0K0Pch34wfcTR9tHPyaBgFhL186Flgn182MjWFct72AZ2JqcIrVmFt_3tfeV12_uYXh_dP0Dd2RAUOQWf_6JnkdwMHmEvnr9LvMrE25aRl_hvhf9Jtzy_ffNFT5aQwSeF83rfjxmpMdf5DH5xijWBuu0URk8-lh954REUePQfI Jun 20 12:00:23 postfixrelay sasl-xoauth2: 2023-06-20 12:00:23: TokenStore::Refresh: http error: error setting certificate file: /etc/ssl/certs/ca-certificates.crt Jun 20 12:00:23 postfixrelay sasl-xoauth2: 2023-06-20 12:00:23: Client::DoStep: new state 0 and err -5 Jun 20 12:00:23 postfixrelay sasl-xoauth2: 2023-06-20 12:00:23: Client: destroyed

The relevant error here is:

Jun 20 12:00:23 postfixrelay sasl-xoauth2: 2023-06-20 12:00:23: TokenStore::Refresh: http error: error setting certificate file: /etc/ssl/certs/ca-certificates.crt

Did you follow the steps in the "SSL/TLS Certificates" part of the README?

Hello,

I apologize, but I am still experiencing the issue. I have followed the instructions in the "README.md" file under the "SSL/TLS Certificates" section. I have also verified the permissions on the directories. However, I am still encountering the following error:

Jun 21 13:03:41 postfix smtp: 93D52C0F31: to=name@domain.fr, relay=smtp.office365.com[52.98.201.82]:587, delay=0.77, delays=0.01/0/0.76/0, dsn=4.7.0, status=deferred (SASL authentication failed; cannot authenticate to server smtp.office365.com[52.98.201.82]: bad protocol / cancel) Jun 21 13:03:41 postfix sasl-xoauth2: auth failed: Jun 21 13:03:41 postfix sasl-xoauth2: 2023-06-21 15:03:41: Client: created Jun 21 13:03:41 postfix sasl-xoauth2: 2023-06-21 15:03:41: Client::DoStep: called with state 0 Jun 21 13:03:41 postfix sasl-xoauth2: 2023-06-21 15:03:41: Client::InitialStep: TriggerAuthNameCallback err=0 Jun 21 13:03:41 postfix sasl-xoauth2: 2023-06-21 15:03:41: Client::InitialStep: TriggerPasswordCallback err=0 Jun 21 13:03:41 postfix sasl-xoauth2: 2023-06-21 15:03:41: TokenStore::Read: file=/etc/tokens/login@domain.org Jun 21 13:03:41 postfix sasl-xoauth2: 2023-06-21 15:03:41: TokenStore::Read: refresh=0.AXMAN5tcMuXKkEa898YhNBXKLN7BgO5H0QtAvTmFQNilQ2lzALQ.AgABAAEAAAD--DLA3VO7QrddgJg7WevrAgDs_wUA9P9pwQu3tgExmbb03VWhsgQw4EhOPaw7-yedo10I62Dqnv0n-RkohZcbJer7QhYfx7CRyzi3F1R_DAt5Go2H_N-XLIDhh7BXdm8u8X3l5J_2hpAFMJHsF6unwUjxtC7yT4h3JouuaP62jJYmxyc0I0wuKVEbtNl4l6S4IIaT1ZLFIHb7zoYuPEBWI4f_MAo6uBQ_wz2de05eq73jL1lw-Xf1szS7TXK-hAYF5KpI58S6k284xJfZvY95HKotJNE8VfuWj58_LuqGob8OSdn3qYaFFKQ_SXtC8Nn7sWOqYhQ3rYgKDJiVYRnf8sOXYn7VLAB2tThA2dKG8a4fueavfZYeZTi5HX3rQ9wlFj0QLtuU1riuAIjEfor3vFJMhSt7_tmI5mMCcjC0jO4Ig7NWr_73_VRYqOvnWtZKvMbkABKu3COBAc6NqzH0y24IUOS4zrRDJyngkwYyYLPslfxrC4jZtdNUbcG72ckhN40qHWXgUivlxzi6bvRYTBBinOohN7L3aFRrr1UHRnm-sbomrHWGV8l8AA0YvDgmBH3vRNIoQipAeZMgut6xFoBUgdw0h6lSuryX9qYJNQcibozDcGpV7BPgyc-ifnX5VFjzVcmeW9TY2TYRsLC88vG3oG5uIb1qPjOfwDmaZWhn1fxt_CYN4Ob3d31SdgWW9Gapx3yeop4bLcvfE9r5NDVncBDi53FZpRjgQOXPlzWjtMbs0BmJtOJ0JWLHE7eexDXHNdfK1ay3l6HN62ms_kQFlLCQU4k62PEDcaqawGur35FCXMUu, access=eyJ0eXAiOiJKV1QiLCJub25jZSI6ImEtelFJbVpOWHFwbWM2OHMyOXY4UWgwUjYtQXpGVkktaHNLNHRTSmRaUVUiLCJhbGciOiJSUz Jun 21 13:03:41 postfix sasl-xoauth2: 2023-06-21 15:03:41: TokenStore::GetAccessToken: token expired. refreshing. Jun 21 13:03:41 postfix sasl-xoauth2: 2023-06-21 15:03:41: TokenStore::Refresh: attempt 1 Jun 21 13:03:41 postfix sasl-xoauth2: 2023-06-21 15:03:41: TokenStore::Refresh: token_endpoint: https://login.microsoftonline.com/325c9b37-cae5-4690-bcf7-c6213415ca2c/oauth2/v2.0/token Jun 21 13:03:41 postfix sasl-xoauth2: 2023-06-21 15:03:41: TokenStore::Refresh: request: client_id=ee80c1de-d147-400b-bd39-8540d8a54369&client_secret=tER8Q~dr6-iwGykCUAg3zHlNRKcLVO5X3W4rqbsk&grant_type=refresh_token&refresh_token=0.AXMAN5tcMuXKkEa898YhNBXKLN7BgO5H0QtAvTmFQNilQ2lzALQ.AgABAAEAAAD--DLA3VO7QrddgJg7WevrAgDs_wUA9P9pwQu3tgExmbb03VWhsgQw4EhOPaw7-yedo10I62Dqnv0n-RkohZcbJer7QhYfx7CRyzi3F1R_DAt5Go2H_N-XLIDhh7BXdm8u8X3l5J_2hpAFMJHsF6unwUjxtC7yT4h3JouuaP62jJYmxyc0I0wuKVEbtNl4l6S4IIaT1ZLFIHb7zoYuPEBWI4f_MAo6uBQ_wz2de05eq73jL1lw-Xf1szS7TXK-hAYF5KpI58S6k284xJfZvY95HKotJNE8VfuWj58_LuqGob8OSdn3qYaFFKQ_SXtC8Nn7sWOqYhQ3rYgKDJiVYRnf8sOXYn7VLAB2tThA2dKG8a4fueavfZYeZTi5HX3rQ9wlFj0QLtuU1riuAIjEfor3vFJMhSt7_tmI5mMCcjC0jO4Ig7NWr_73_VRYqOvnWtZKvMbkABKu3COBAc6NqzH0y24IUOS4zrRDJyngkwYyYLPslfxrC4jZtdNUbcG72ckhN40qHWXgUivlxzi6bvRYTBBinOohN7L3aFRrr1UHRnm-sbomrHWGV8l8AA0YvDgmBH3vRNIoQipAeZMgut6xFoBUgdw0h6lSuryX9qYJNQcibozDcGpV7BPgyc-ifnX5VFjzVcmeW9TY2TYRsLC88vG3oG5uIb1qPjOfwDmaZWhn1fxt_CYN4Ob3d31SdgWW9Gapx3yeop4bLcvfE9r5NDVncBDi53FZpRjgQOXPlzWjtMbs0BmJtOJ0JWLHE7eexDXHNdfK1ay3l6HN62 Jun 21 13:03:41 postfix sasl-xoauth2: 2023-06-21 15:03:41: TokenStore::Refresh: http error: error setting certificate file: /etc/ssl/certs/ca-certificates.crt Jun 21 13:03:41 postfix sasl-xoauth2: 2023-06-21 15:03:41: Client::DoStep: new state 0 and err -5 Jun 21 13:03:41 postfix sasl-xoauth2: 2023-06-21 15:03:41: Client: destroyed

I have confirmed that the SSL certificate file "/etc/ssl/certs/ca-certificates.crt" exists and has the correct permissions. I have also tried reloading the SSL certificates and restarting the postfix service, but the issue persists.

Could you please provide further assistance in resolving this problem? I would greatly appreciate any guidance or suggestions you can provide.

Thank you.

Best regards,

Can you tell me a little more about your environment? What distribution are you running? Do you have chroot enabled for Postfix? If you do, you'll actually want to have the certificate file in /var/spool/postfix/etc/ssl/certs/ca-certificates.crt instead.

Thank you for your response and assistance. I have provided the requested information below:

Distribution: Ubuntu 22.04.2 LTS

CHROOT enabled: service type private unpriv chroot wakeup maxproc command + args smtp inet n - y - - smtpd smtp unix - - y - - smtp

Certificate Presence: admin@postfix:~$ ls /var/spool/postfix/etc/ssl/certs/ 3c9a4d3b.0 a94d09e5.0 ca-certificates.crt

Thank you for your continued support.

Might ca-certificates.crt be a symlink? Can you provide the output of ls -l /var/spool/postfix/etc/ssl/certs/ca-certificates.crt?

ls -l /var/spool/postfix/etc/ssl/certs/ca-certificates.crt -rw-r--r-- 1 root root 208567 juin 21 16:26 /var/spool/postfix/etc/ssl/certs/ca-certificates.crt

Can you verify that curl is able to use that certificate bundle?

curl --cacert /var/spool/postfix/etc/ssl/certs/ca-certificates.crt https://google.com/

" curl --cacert /var/spool/postfix/etc/ssl/certs/ca-certificates.crt https://google.com/

301 Moved

The document has moved here. "

Just to be clear, are your Postfix logs still showing the same error? Or is it something else now? Given all this I'm not sure why else you'd still be seeing TokenStore::Refresh: http error: error setting certificate file or similar messages.

I restarted the Postfix service and attempted to send an email. I encountered different errors this time, and the certificate error is no longer present. Here are the relevant log entries: Jun 21 17:02:10 postfix systemd[1]: postfix.service: Deactivated successfully. Jun 21 17:02:10 postfix systemd[1]: Stopped Postfix Mail Transport Agent. Jun 21 17:02:10 postfix systemd[1]: Stopping Postfix Mail Transport Agent... Jun 21 17:02:10 postfix systemd[1]: Stopping Postfix Mail Transport Agent (instance -)... Jun 21 17:02:10 postfix postfix/postfix-script[1319]: stopping the Postfix mail system Jun 21 17:02:10 postfix postfix/master[976]: terminating on signal 15 Jun 21 17:02:10 postfix systemd[1]: postfix@-.service: Deactivated successfully. Jun 21 17:02:10 postfix systemd[1]: Stopped Postfix Mail Transport Agent (instance -). Jun 21 17:02:10 postfix systemd[1]: postfix@-.service: Consumed 4.792s CPU time. Jun 21 17:02:10 postfix systemd[1]: Starting Postfix Mail Transport Agent (instance -)... Jun 21 17:02:10 postfix postfix/postfix-script[1452]: warning: not owned by root: /var/spool/postfix/etc/tokens Jun 21 17:02:10 postfix postfix/postfix-script[1453]: warning: not owned by root: /var/spool/postfix/etc/tokens/rcpt@domain.com Jun 21 17:02:10 postfix postfix/postfix-script[1461]: warning: /var/spool/postfix/etc/tokens/rcpt@domain.com and /etc/tokens/rcpt@domain.com differ Jun 21 17:02:10 postfix postfix/postfix-script[1482]: starting the Postfix mail system Jun 21 17:02:10 postfix postfix/master[1484]: daemon started -- version 3.6.4, configuration /etc/postfix Jun 21 17:02:10 postfix systemd[1]: Started Postfix Mail Transport Agent (instance -). Jun 21 17:02:11 postfix systemd[1]: Starting Postfix Mail Transport Agent... Jun 21 17:02:11 postfix systemd[1]: Finished Postfix Mail Transport Agent. Jun 21 17:02:21 postfix postfix/pickup[1485]: DF823C0F1E: uid=1000 from=rcpt@domain.com Jun 21 17:02:21 postfix postfix/cleanup[1493]: DF823C0F1E: message-id=20230621150221.DF823C0F1E@postfix.domain.org Jun 21 17:02:21 postfix postfix/qmgr[1486]: DF823C0F1E: from=rcpt@domain.com, size=351, nrcpt=1 (queue active) Jun 21 17:02:23 postfix postfix/smtp[1495]: DF823C0F1E: SASL authentication failed; server smtp.office365.com[52.97.212.82] said: 451 4.7.0 Temporary server error. Please try again later. PRX5 [LO4P123CA0285.GBRP123.PROD.OUTLOOK.COM 2023-06-21T15:02:23.423Z 08DB71E34D01A053] Jun 21 17:02:24 postfix postfix/smtp[1495]: DF823C0F1E: SASL authentication failed; server smtp.office365.com[40.99.214.130] said: 451 4.7.0 Temporary server error. Please try again later. PRX5 [LO4P265CA0243.GBRP265.PROD.OUTLOOK.COM 2023-06-21T15:02:24.700Z 08DB722DC8BB9EE6] Jun 21 17:02:26 postfix postfix/smtp[1495]: DF823C0F1E: SASL authentication failed; server smtp.office365.com[40.99.201.226] said: 451 4.7.0 Temporary server error. Please try again later. PRX5 [LO4P265CA0178.GBRP265.PROD.OUTLOOK.COM 2023-06-21T15:02:26.047Z 08DB704BFA3D3220] Jun 21 17:02:27 postfix postfix/smtp[1495]: DF823C0F1E: to=name@domain.com, relay=smtp.office365.com[52.97.129.66]:587, delay=5.4, delays=0.04/0.25/5.1/0, dsn=4.7.0, status=deferred (SASL authentication failed; server smtp.office365.com[52.97.129.66] said: 451 4.7.0 Temporary server error. Please try again later. PRX5 [LO2P265CA0249.GBRP265.PROD.OUTLOOK.COM 2023-06-21T15:02:27.237Z 08DB71FECE4FF1B3])

I don't see any errors from sasl-xoauth2 in that set of log entries -- do you still have the plug-in enabled?

compatibility_level = 3.6 relayhost = [smtp.office365.com]:587

smtp_use_tls = yes smtp_tls_CApath=/etc/ssl/certs smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt smtp_tls_security_level=encrypt smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

smtp_sasl_auth_enable = yes smtp_sasl_security_options = noanonymous smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_sasl_mechanism_filter = xoauth2

sender_canonical_classes = envelope_sender, header_sender sender_canonical_maps = regexp:/etc/postfix/sender_canonical_maps smtp_header_checks = regexp:/etc/postfix/header_check

I'm not sure what to make of the "451 4.7.0 Temporary server error" messages you're seeing. Maybe sasl-xoauth2 is working fine and there really is just a temporary server error on Microsoft's end? What does your /etc/sasl-xoauth2.conf look like?

{ "client_id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "client_secret": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "token_endpoint": "https://login.microsoftonline.com/32xxxx-xxxx-xxxx-bcf7-c6213415xxxx/oauth2/v2.0/token", "log_full_trace_on_failure": "yes", "log_to_syslog_on_failure": "yes" }

I found this information on the Internet. Could this be the cause of my issue? (link: https://serverfault.com/questions/907219/office365-relay-postfix-authentication-unsuccessful)

In our case it was the "Azure Security defaults" in https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Properties:

Security Defaults enabled:

SASL authentication failed; server smtp.office365.com[x.y.z.a] said: 535 5.7.3 Authentication unsuccessful

Security Defaults disabled (20min later):

relay=smtp.office365.com[x.y.z.a]:587, delay=17, delays=0.03/0.03/17/0.37, dsn=2.0.0, status=sent (250 2.0.0 OK

We are looking into the security setting exactly preventing SASL Auth.

EDIT: Without "Azure AD Premium" it is only possible to enable/disable AD security Defaults. With default settings, SMTP_Auth is legazy and not supported anymore. I still do not understand why SMTP_Auth is considered legacy

Some Background Information: https://practical365.com/azure-ad/what-are-azure-ad-security-defaults-and-should-you-use-them/

I don't believe so, no. I'd expect a different error message in that case. Are you still seeing this issue? Was the "Temporary server error" indeed temporary?

Thank you for your response. I'm still experiencing the same issue, and the error message remains unchanged. Here's the error message I'm receiving: Jun 26 09:09:10 postfix postfix/smtp[19387]: D24CB1A0EDA: SASL authentication failed; server smtp.office365.com[52.98.227.98] said: 451 4.7.0 Temporary server error. Please try again later. PRX5 [LO3P265CA0027.GBRP265.PROD.OUTLOOK.COM 2023-06-26T07:09:10.026Z 08DB756F8EC19505]

Regarding your question about whether the error is indeed temporary, I haven't observed any changes in the error message or the ability to send emails successfully.

Additionally, I noticed that the library "libsasl-xoauth2.so" is located in "/usr/lib/x86_64-linux-gnu/sasl2/libsasl-xoauth2.so." I attempted the following command to check for the presence of "sasl-xoauth2.conf," but it didn't make any difference: strings /usr/lib/x86_64-linux-gnu/sasl2/libsasl-xoauth2.so | grep sasl-xoauth2.conf /etc/sasl-xoauth2.conf I appreciate your continued assistance in resolving this issue.

Do you see any error messages from sasl-xoauth2 itself in your logs?

I have noticed something. When I reboot the postfix server, I lose the certificate and I receive the following logs:

Jun 26 09:43:46 postfix sasl-xoauth2: 2023-06-26 09:43:46: TokenStore::GetAccessToken: token expired. refreshing. Jun 26 09:43:46 postfix sasl-xoauth2: 2023-06-26 09:43:46: TokenStore::Refresh: attempt 1 Jun 26 09:43:46 postfix sasl-xoauth2: 2023-06-26 09:43:46: TokenStore::Refresh: token_endpoint: https://login.microsoftonline.com/325c9b37-cae5-4690-bcf7-c6213415ca2c/oauth2/v2.0/token Jun 26 09:43:46 postfix sasl-xoauth2: 2023-06-26 09:43:46: TokenStore::Refresh: request: client_id=ee80c1de-d147-400b-bd39-8540d8a54369&client_secret=tER8Q~dr6-iwGykCUAg3zHlNRKcLVO5X3W4rqbsk&grant_type=refresh_token&refresh_token=0.AXMAN5tcMuXKkEa898YhNBXKLN7BgO5H0QtAvTmFQNilQ2lzALQ.AgABAAEAAAD--DLA3VO7QrddgJg7WevrAgDs_wUA9P84M6DDq3mo2bm5mLUlqIBt-rQJrUVNeSdJaLCehaI3GOzgt-hbsXrAJfppT12yK7-12mpS-0vgGKAdo5PTrMVoSZNsIpF7p50hh--zM_MgcG2Q6kjst9kCTuQ-fAColrB2IjtULJgwsjb_Y0Xx4Ez1y7WF5NVmHxKFhK7waAeMQX_lklhLgczOw8jfxo9BLoMDeYjMze-oKJx1P9x_JofbQepZAOSwoXiaKmsVs4DZxRpVhOR6eVCrMCTq7PmAaWbyThpeVEi0Tkpu61PMGbQBc6rQ1M7-LEAUM65VDtaPD7j-Vz1z5Yl-0vCB6FX5wj5EZpP-EywtF7k9EMOobAYPe_op5HcQTuFEs_nF16mkXsVs7C2glVTfJuz85XcT2jES7v3CgfyBQpY7b8od9wEWknXj1NIxvvb3deFrA8u9ZeKVQnF0gDGbhVkJHIK9zZPtG1Mv5fWxZKkUgWqZfs1oCCRgwVS9uYR-1v98XaID5TAacsPxgrmrR7jvlJjneWFy0cRIrhu_y_rF6wmsHme8prAZjJpcOW_9fhklm2WPQJxOuQ1XqtvvfLDbwfrU6eFCavN-jNqq167PpOwVaFUK8Ta5DkUXRli6xmGORSeU4dLL1UXq8vpvTZSsmBVyi5ITURqfqlPYllTEG0ag0PpV9jgrmEvXAMsaLs5bM0WEGkP4LloE4Jy2ivmrLPn5u9CiqrnZHTlnL39N7SLrcacORfGA34d0Oy7ufUdT50easXBnXOYHfB Jun 26 09:43:46 postfix sasl-xoauth2: 2023-06-26 09:43:46: TokenStore::Refresh: http error: error setting certificate file: /etc/ssl/certs/ca-certificates.crt Jun 26 09:43:46 postfix sasl-xoauth2: 2023-06-26 09:43:46: Client::DoStep: new state 0 and err -5 Jun 26 09:43:46 postfix sasl-xoauth2: 2023-06-26 09:43:46: Client: destroyed Jun 26 09:43:46 postfix smtp: 619631A01FB: to=recu@domain.com, relay=smtp.office365.com[40.99.151.130]:587, delay=2170, delays=2168/0.42/0.7/0, dsn=4.7.0, status=deferred (SASL authentication failed; cannot authenticate to server smtp.office365.com[40.99.151.130]: bad protocol / cancel) Jun 26 09:43:46 postfix sasl-xoauth2: auth failed: Jun 26 09:43:46 postfix sasl-xoauth2: 2023-06-26 09:43:46: Client: created Jun 26 09:43:46 postfix sasl-xoauth2: 2023-06-26 09:43:46: Client::DoStep: called with state 0 Jun 26 09:43:46 postfix sasl-xoauth2: 2023-06-26 09:43:46: Client::InitialStep: TriggerAuthNameCallback err=0 Jun 26 09:43:46 postfix sasl-xoauth2: 2023-06-26 09:43:46: Client::InitialStep: TriggerPasswordCallback err=0 Jun 26 09:43:46 postfix sasl-xoauth2: 2023-06-26 09:43:46: TokenStore::Read: file=/etc/tokens/envoi@domain.com Jun 26 09:43:46 postfix sasl-xoauth2: 2023-06-26 09:43:46: TokenStore::Read: refresh=0.AXMAN5tcMuXKkEa898YhNBXKLN7BgO5H0QtAvTmFQNilQ2lzALQ.AgABAAEAAAD--DLA3VO7QrddgJg7WevrAgDs_wUA9P84M6DDq3mo2bm5mLUlqIBt-rQJrUVNeSdJaLCehaI3GOzgt-hbsXrAJfppT12yK7-12mpS-0vgGKAdo5PTrMVoSZNsIpF7p50hh--zM_MgcG2Q6kjst9kCTuQ-fAColrB2IjtULJgwsjb_Y0Xx4Ez1y7WF5NVmHxKFhK7waAeMQX_lklhLgczOw8jfxo9BLoMDeYjMze-oKJx1P9x_JofbQepZAOSwoXiaKmsVs4DZxRpVhOR6eVCrMCTq7PmAaWbyThpeVEi0Tkpu61PMGbQBc6rQ1M7-LEAUM65VDtaPD7j-Vz1z5Yl-0vCB6FX5wj5EZpP-EywtF7k9EMOobAYPe_op5HcQTuFEs_nF16mkXsVs7C2glVTfJuz85XcT2jES7v3CgfyBQpY7b8od9wEWknXj1NIxvvb3deFrA8u9ZeKVQnF0gDGbhVkJHIK9zZPtG1Mv5fWxZKkUgWqZfs1oCCRgwVS9uYR-1v98XaID5TAacsPxgrmrR7jvlJjneWFy0cRIrhu_y_rF6wmsHme8prAZjJpcOW_9fhklm2WPQJxOuQ1XqtvvfLDbwfrU6eFCavN-jNqq167PpOwVaFUK8Ta5DkUXRli6xmGORSeU4dLL1UXq8vpvTZSsmBVyi5ITURqfqlPYllTEG0ag0PpV9jgrmEvXAMsaLs5bM0WEGkP4LloE4Jy2ivmrLPn5u9CiqrnZHTlnL39N7SLrcacORfGA34d0Oy7ufUdT50easXBnXOYHfBLwfONc_yLcgBNzTqyaZd7qDqwWyQWgleJMAM6iwBBMDQuopv7rqWa-BMg3Tb5UMrgEaOI6hrhh3I1t66hBfbUmkvDGaZnGH-DT89aCGd7XfK0IedfFhqmjLvK5h8-3zDoarbLjKjisWgycVbq

It seems that the issue persists even after copying the : sudo cp /etc/ssl/certs/ca-certificates.crt /var/spool/postfix/etc/ssl/certs/ca-certificates.crt

: Jun 26 09:48:13 postfix postfix/pickup[1480]: E3BDB1A105C: uid=1000 from=envoi@domain.com Jun 26 09:48:13 postfix postfix/cleanup[1702]: E3BDB1A105C: message-id=20230626074813.E3BDB1A105C@postfix.domain.com Jun 26 09:48:13 postfix postfix/qmgr[1481]: E3BDB1A105C: from=envoi@domain.com, size=363, nrcpt=1 (queue active) Jun 26 09:48:13 postfix postfix/error[1704]: E3BDB1A105C: to=recu@domain.com, relay=none, delay=0.06, delays=0.03/0.01/0/0.01, dsn=4.7.0, status=deferred (delivery temporarily suspended: SASL authentication failed; cannot authenticate to server smtp.office365.com[40.99.151.130]: bad protocol / cancel)

I wouldn't say "the issue persists" -- unless you see messages from sasl-xoauth2 in the logs, it's a different issue. The easiest way to ensure that sasl-xoauth2 is able to refresh tokens is to verify with the helper tool:

$ sasl-xoauth2-tool test-token-refresh /var/spool/postfix/etc/tokens/foo@foo.com
Config check passed.
Token refresh succeeded.

Make sure that you've restarted Postfix after updating the CA file (or making any other changes to the sasl-xoauth2 config).

I have just performed the test, and it was successful: Config check passed. Token refresh succeeded. I really don't understand where the problem could be coming from. I'm ready to reinstall everything. Is there a Linux distribution that is better recommended than Ubuntu?

Ubuntu is probably your best bet because that's what I'm using to develop and test the plugin, although I do also test on Fedora once in a while.

Before doing that though -- can you provide the full contents of /etc/postfix/main.cf, /etc/postfix/sasl_passwd, and /etc/sasl-xoauth2.conf? Please also provide the output of these commands:

grep ^smtp /etc/postfix/master.cf
find /var/spool/postfix/etc -type f -ls

(Please be sure to redact any tokens, passwords, or email addresses!)

/etc/postfix/main.cf

#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 3.6 on
# fresh installs.
compatibility_level = 3.6
# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_security_level=may

smtp_use_tls = yes
smtp_tls_security_level = encrypt
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_tls_CApath=/etc/ssl/certs

#SASL parameters
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options =
smtp_sasl_mechanism_filter = xoauth2
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = postfix.domain.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname

/etc/postfix/sasl_passwd

[smtp.office365.com]:587 send@domain.com:/etc/tokens/send@domain.com

/etc/sasl-xoauth2.conf

{
  "client_id": "exxxxxde-d147-400b-bd39-xxxxx8axxxxx",
  "client_secret": "xxxxx~dr6-xxxxxCUAxxxxxNRKcLVO5X3Wxxxxx",
  "token_endpoint": "https://login.microsoftonline.com/3xxxxx37-cae5-4690-bcf7-xxxxx4xxxxx/oauth2/v2.0/token",
  "log_to_syslog_on_failure": "yes",
  "log_full_trace_on_failure": "yes"
}

grep ^smtp /etc/postfix/master.cf

[sudo] password for administrateur:
smtp      inet  n       -       y       -       -       smtpd
smtp      unix  -       -       y       -       -       smtp

find /var/spool/postfix/etc -type f -ls

  1704361      4 -rw-r--r--   1 root     root          222 juin 26 09:23 /var/spool/postfix/etc/hosts
  1704345      4 -rw-r--r--   1 root     root          930 juin 26 09:23 /var/spool/postfix/etc/resolv.conf
  1707532      4 -rw-r--r--   1 root     root         1582 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.pem
  1707678      4 -rw-r--r--   1 root     root          948 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/USERTrust_ECC_Certification_Authority.pem
  1707679      4 -rw-r--r--   1 root     root         2090 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/Trustwave_Global_Certification_Authority.pem
  1707752      4 -rw-r--r--   1 root     root         1935 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/CA_Disig_Root_R2.pem
  1707753      4 -rw-r--r--   1 root     root         1257 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/SZAFIR_ROOT_CA2.pem
  1707848      4 -rw-r--r--   1 root     root         2049 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/Actalis_Authentication_Root_CA.pem
  1707849      4 -rw-r--r--   1 root     root          940 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/COMODO_ECC_Certification_Authority.pem
  1707851      4 -rw-r--r--   1 root     root         1367 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/Go_Daddy_Root_Certificate_Authority_-_G2.pem
  1707852      4 -rw-r--r--   1 root     root         1911 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/GTS_Root_R1.pem
  1707854      4 -rw-r--r--   1 root     root          765 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/GTS_Root_R3.pem
  1707856      4 -rw-r--r--   1 root     root         1460 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/Microsec_e-Szigno_Root_CA_2009.pem
  1707857      4 -rw-r--r--   1 root     root         1870 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/TeliaSonera_Root_CA_v1.pem
  1707859      4 -rw-r--r--   1 root     root          867 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/HARICA_TLS_ECC_Root_CA_2021.pem
  1707861      4 -rw-r--r--   1 root     root         2118 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/ANF_Secure_Server_Root_CA.pem
  1707862      4 -rw-r--r--   1 root     root          765 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/GTS_Root_R4.pem
  1707864      4 -rw-r--r--   1 root     root         1448 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/Go_Daddy_Class_2_CA.pem
  1707866      4 -rw-r--r--   1 root     root         1537 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/D-TRUST_Root_Class_3_CA_2_EV_2009.pem
  1707867      4 -rw-r--r--   1 root     root         1176 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/certSIGN_ROOT_CA.pem
  1707869      4 -rw-r--r--   1 root     root         1424 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/Starfield_Services_Root_Certificate_Authority_-_G2.pem
  1707871      4 -rw-r--r--   1 root     root         1915 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/Buypass_Class_2_Root_CA.pem
  1707872      4 -rw-r--r--   1 root     root         2167 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068_2.pem
  1707874      4 -rw-r--r--   1 root     root         1931 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/IdenTrust_Public_Sector_Root_CA_1.pem
  1707876      4 -rw-r--r--   1 root     root         1915 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/Buypass_Class_3_Root_CA.pem
  1707877      4 -rw-r--r--   1 root     root         1350 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/SecureTrust_CA.pem
  1707879      4 -rw-r--r--   1 root     root         1984 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/CFCA_EV_ROOT.pem
  1707881      4 -rw-r--r--   1 root     root         2037 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/TunTrust_Root_CA.pem
  1707882      4 -rw-r--r--   1 root     root         2155 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/Hellenic_Academic_and_Research_Institutions_RootCA_2015.pem
  1707884      4 -rw-r--r--   1 root     root         1257 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/emSign_Root_CA_-_C1.pem
  1707886      4 -rw-r--r--   1 root     root         1188 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/Amazon_Root_CA_1.pem
  1707887      4 -rw-r--r--   1 root     root         1891 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/Certainly_Root_R1.pem
  1707892      4 -rw-r--r--   1 root     root         1883 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/TWCA_Global_Root_CA.pem
  1707893      4 -rw-r--r--   1 root     root          895 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/OISTE_WISeKey_Global_Root_GC_CA.pem
  1707895      4 -rw-r--r--   1 root     root          969 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/Trustwave_Global_ECC_P384_Certification_Authority.pem
  1707896      4 -rw-r--r--   1 root     root         1050 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/D-TRUST_BR_Root_CA_1_2020.pem
  1707901      4 -rw-r--r--   1 root     root         1354 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/Certum_Trusted_Network_CA.pem
  1707903      4 -rw-r--r--   1 root     root         2772 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/ACCVRAIZ1.pem
  1707904      4 -rw-r--r--   1 root     root          977 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/E-Tugra_Global_Root_CA_ECC_v3.pem
  1707906      4 -rw-r--r--   1 root     root         1505 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/Entrust.net_Premium_2048_Secure_Server_CA.pem
  1707908      4 -rw-r--r--   1 root     root         1354 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/Secure_Global_CA.pem
  1707909      4 -rw-r--r--   1 root     root         1891 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/certSIGN_Root_CA_G2.pem
  1707913      4 -rw-r--r--   1 root     root         1915 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/GlobalSign_Root_R46.pem
  1707915      4 -rw-r--r--   1 root     root         1224 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/Security_Communication_Root_CA.pem
  1707916      4 -rw-r--r--   1 root     root         2167 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem
  1707921      4 -rw-r--r--   1 root     root         1952 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/Telia_Root_CA_v2.pem
  1707923      4 -rw-r--r--   1 root     root         1306 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/DigiCert_Assured_ID_Root_G2.pem
  1707924      4 -rw-r--r--   1 root     root          753 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/AffirmTrust_Premium_ECC.pem
  1707929      4 -rw-r--r--   1 root     root          891 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/Certum_EC-384_CA.pem
  1707931      4 -rw-r--r--   1 root     root         1350 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/DigiCert_Assured_ID_Root_CA.pem
  1707932      4 -rw-r--r--   1 root     root         1050 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/D-TRUST_EV_Root_CA_1_2020.pem
  1707937      4 -rw-r--r--   1 root     root         1911 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/GTS_Root_R2.pem
  1707940      4 -rw-r--r--   1 root     root         1883 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/Amazon_Root_CA_2.pem
  1707945      4 -rw-r--r--   1 root     root         1302 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/emSign_Root_CA_-_G1.pem
  1707947      4 -rw-r--r--   1 root     root          944 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/SSL.com_Root_Certification_Authority_ECC.pem
  1707948      4 -rw-r--r--   1 root     root         1204 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/AffirmTrust_Networking.pem
  1707953      4 -rw-r--r--   1 root     root         1476 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/NetLock_Arany_=Class_Gold=_F\305\221tan\303\272s\303\255tv\303\241ny.pem
  1707955      4 -rw-r--r--   1 root     root         1923 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/QuoVadis_Root_CA_3_G3.pem
  1707956      4 -rw-r--r--   1 root     root          814 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/emSign_ECC_Root_CA_-_C3.pem
  1707961      4 -rw-r--r--   1 root     root          790 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/DigiCert_TLS_ECC_P384_Root_G5.pem
  1707964      4 -rw-r--r--   1 root     root         1261 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/Atos_TrustedRoot_2011.pem
  1707969      4 -rw-r--r--   1 root     root         1923 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/IdenTrust_Commercial_Root_CA_1.pem
  1707971      4 -rw-r--r--   1 root     root          741 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/Certainly_Root_E1.pem
  1707972      4 -rw-r--r--   1 root     root         2094 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/USERTrust_RSA_Certification_Authority.pem
  1707977      4 -rw-r--r--   1 root     root         2114 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/SSL.com_EV_Root_Certification_Authority_RSA_R2.pem
  1707979      4 -rw-r--r--   1 root     root         1891 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/UCA_Global_G2_Root.pem
  1707980      4 -rw-r--r--   1 root     root         2049 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/SwissSign_Silver_CA_-_G2.pem
  1707985      4 -rw-r--r--   1 root     root         1915 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/UCA_Extended_Validation_Root.pem
  1707987      4 -rw-r--r--   1 root     root         1338 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/DigiCert_Global_Root_CA.pem
  1707988      4 -rw-r--r--   1 root     root          830 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/Security_Communication_ECC_RootCA1.pem
  1707990      4 -rw-r--r--   1 root     root         2078 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/Certum_Trusted_Network_CA_2.pem
  1707992      4 -rw-r--r--   1 root     root          875 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/Microsoft_ECC_Root_Certificate_Authority_2017.pem
  1707993      4 -rw-r--r--   1 root     root         1082 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/ssl-cert-snakeoil.pem
  1707995      4 -rw-r--r--   1 root     root         1643 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/Entrust_Root_Certification_Authority.pem
  1707997      4 -rw-r--r--   1 root     root         1367 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/T-TeleSec_GlobalRoot_Class_3.pem
  1707998      4 -rw-r--r--   1 root     root         1939 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/HiPKI_Root_CA_-_G1.pem
  1708002      4 -rw-r--r--   1 root     root         1517 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/Comodo_AAA_Services_root.pem
  1708004      4 -rw-r--r--   1 root     root         1367 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/DigiCert_High_Assurance_EV_Root_CA.pem
  1708005      4 -rw-r--r--   1 root     root          883 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/Trustwave_Global_ECC_P256_Certification_Authority.pem
  1708007      4 -rw-r--r--   1 root     root         2033 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/ePKI_Root_Certification_Authority.pem
  1708009      4 -rw-r--r--   1 root     root         1330 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/Certigna.pem
  1708010      4 -rw-r--r--   1 root     root         1399 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/Starfield_Root_Certificate_Authority_-_G2.pem
  1708012      4 -rw-r--r--   1 root     root         1972 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/AC_RAIZ_FNMT-RCM.pem
  1708014      4 -rw-r--r--   1 root     root         1533 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/Entrust_Root_Certification_Authority_-_G2.pem
  1708015      4 -rw-r--r--   1 root     root         1923 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/QuoVadis_Root_CA_1_G3.pem
  1708019      4 -rw-r--r--   1 root     root         2244 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/E-Tugra_Certification_Authority.pem
  1708021      4 -rw-r--r--   1 root     root         2122 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/Izenpe.com.pem
  1708022      4 -rw-r--r--   1 root     root         2053 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/Certum_Trusted_Root_CA.pem
  1708024      4 -rw-r--r--   1 root     root         1261 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/GlobalSign_Root_CA.pem
  1708026      4 -rw-r--r--   1 root     root         1517 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/D-TRUST_Root_Class_3_CA_2_2009.pem
  1708027      4 -rw-r--r--   1 root     root         2017 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/HARICA_TLS_RSA_Root_CA_2021.pem
  1708029      4 -rw-r--r--   1 root     root         1939 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/ISRG_Root_X1.pem
  1708031      4 -rw-r--r--   1 root     root         2021 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/Microsoft_RSA_Root_Certificate_Authority_2017.pem
  1708032      4 -rw-r--r--   1 root     root         2094 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/SSL.com_Root_Certification_Authority_RSA.pem
  1708034      4 -rw-r--r--   1 root     root         1261 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/Security_Communication_RootCA2.pem
  1708036      4 -rw-r--r--   1 root     root          904 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.pem
  1707780    204 -rw-r--r--   1 root     root       208567 juin 26 09:48 /var/spool/postfix/etc/ssl/certs/ca-certificates.crt
  1708037      4 -rw-r--r--   1 root     root         1017 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.pem
  1708039      4 -rw-r--r--   1 root     root         1261 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/Baltimore_CyberTrust_Root.pem
  1708041      4 -rw-r--r--   1 root     root         2013 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/NAVER_Global_Root_Certification_Authority.pem
  1708042      4 -rw-r--r--   1 root     root          656 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/Amazon_Root_CA_3.pem
  1708045      4 -rw-r--r--   1 root     root         1911 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/vTrus_Root_CA.pem
  1708047      4 -rw-r--r--   1 root     root         1980 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/GDCA_TrustAUTH_R5_ROOT.pem
  1708048      4 -rw-r--r--   1 root     root         1229 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/GlobalSign_Root_CA_-_R3.pem
  1708050      4 -rw-r--r--   1 root     root         1168 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/Hongkong_Post_Root_CA_1.pem
  1708052      4 -rw-r--r--   1 root     root         1988 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/DigiCert_Trusted_Root_G4.pem
  1708053      4 -rw-r--r--   1 root     root          956 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/SSL.com_EV_Root_Certification_Authority_ECC.pem
  1708058      4 -rw-r--r--   1 root     root         1468 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/Starfield_Class_2_CA.pem
  1708060      4 -rw-r--r--   1 root     root         1489 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/COMODO_Certification_Authority.pem
  1708061      4 -rw-r--r--   1 root     root         1513 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/XRamp_Global_CA_Root.pem
  1708063      4 -rw-r--r--   1 root     root         2086 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/COMODO_RSA_Certification_Authority.pem
  1708065      4 -rw-r--r--   1 root     root          769 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/GlobalSign_Root_E46.pem
  1708066      4 -rw-r--r--   1 root     root         2244 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/Entrust_Root_Certification_Authority_-_G4.pem
  1708072      4 -rw-r--r--   1 root     root         1968 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/Security_Communication_RootCA3.pem
  1708081      4 -rw-r--r--   1 root     root         1972 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/GlobalSign_Root_CA_-_R6.pem
  1708082      4 -rw-r--r--   1 root     root          774 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/vTrus_ECC_Root_CA.pem
  1708093      4 -rw-r--r--   1 root     root          859 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/emSign_ECC_Root_CA_-_G3.pem
  1708095      4 -rw-r--r--   1 root     root          704 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/GlobalSign_ECC_Root_CA_-_R4.pem
  1708098      4 -rw-r--r--   1 root     root         2074 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/Hongkong_Post_Root_CA_3.pem
  1708100      4 -rw-r--r--   1 root     root          790 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/ISRG_Root_X2.pem
  1708101      4 -rw-r--r--   1 root     root          794 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/GlobalSign_ECC_Root_CA_-_R5.pem
  1708106      4 -rw-r--r--   1 root     root         1972 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/GLOBALTRUST_2020.pem
  1708108      4 -rw-r--r--   1 root     root         1269 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/TWCA_Root_Certification_Authority.pem
  1708109      4 -rw-r--r--   1 root     root         1923 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/QuoVadis_Root_CA_2_G3.pem
  1708113      4 -rw-r--r--   1 root     root         1294 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/DigiCert_Global_Root_G2.pem
  1708115      4 -rw-r--r--   1 root     root         1367 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/T-TeleSec_GlobalRoot_Class_2.pem
  1708116      4 -rw-r--r--   1 root     root          843 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/e-Szigno_Root_CA_2017.pem
  1708177      4 -rw-r--r--   1 root     root          839 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/DigiCert_Global_Root_G3.pem
  1708186      4 -rw-r--r--   1 root     root         1891 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/AffirmTrust_Premium.pem
  1708228      4 -rw-r--r--   1 root     root         1249 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/SecureSign_RootCA11.pem
  1708245      4 -rw-r--r--   1 root     root         2354 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/QuoVadis_Root_CA_3.pem
  1708250      4 -rw-r--r--   1 root     root          737 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/Amazon_Root_CA_4.pem
  1708256      4 -rw-r--r--   1 root     root         1090 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/Entrust_Root_Certification_Authority_-_EC1.pem
  1708386      4 -rw-r--r--   1 root     root         2041 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/QuoVadis_Root_CA_2.pem
  1708648      4 -rw-r--r--   1 root     root         2045 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/SwissSign_Gold_CA_-_G2.pem
  1708650      4 -rw-r--r--   1 root     root         2264 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/Certigna_Root_CA.pem
  1708651      4 -rw-r--r--   1 root     root         1346 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/OISTE_WISeKey_Global_Root_GB_CA.pem
  1708653      4 -rw-r--r--   1 root     root         1204 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/AffirmTrust_Commercial.pem
  1708655      4 -rw-r--r--   1 root     root          851 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/DigiCert_Assured_ID_Root_G3.pem
  1708656      4 -rw-r--r--   1 root     root         2122 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/E-Tugra_Global_Root_CA_RSA_v3.pem
  1708663      4 -rw-r--r--   1 root     root         1931 juin 26 09:23 /var/spool/postfix/etc/ssl/certs/DigiCert_TLS_RSA4096_Root_G5.pem
  1705851      8 -rw-------   1 postfix  postfix      5342 juin 27 07:28 /var/spool/postfix/etc/tokens/send@domain.com
  1704234     16 -rw-r--r--   1 root     root        12813 juin 26 09:23 /var/spool/postfix/etc/services
  1704630      4 -rw-r--r--   1 root     root          510 juin 26 09:23 /var/spool/postfix/etc/nsswitch.conf
  1704362      4 -rw-r--r--   1 root     root           92 juin 26 09:23 /var/spool/postfix/etc/host.conf
  1704217      4 -rw-r--r--   1 root     root         2962 juin 26 09:23 /var/spool/postfix/etc/localtime"

It appears that you don't have a relay configured? sasl-xoauth2 is designed for cases where your mail server is always relaying mail through Gmail or Outlook's SMTP servers. You'll want to add this line to main.cf:

relayhost = [smtp.office365.com]:587

Did setting relayhost work? Can I close this issue?

tarickb / sasl-xoauth2

Issue with Initial Token Generation #69

301 Moved