[TriLUG] SMTP Submission (port 587) from behind an HTTP(S) proxy

Matt Flyer via TriLUG trilug at trilug.org
Fri Sep 15 15:11:29 EDT 2017 

In short, my work setup is such that the wired connection gets Internet
access through an HTTP/HTTPS proxy.  Recently, they switched from using
a local SMTP server to "smtp.office365.com" and this broke my SMTP mail
submission in Thunderbird.  To make matters worse, they are using an
Exchange server, though this seems to be mostly a receive / IMAP
function rather than a submission one.  I configured Thunderbird to use
the proxy and it does so for reception of mail, but is unable to
connect to submit mail.  Off the top of my head I do not know out
Outlook works in Windows (haven't checked, if I can even tell) other
that it seems to be some sort of "website" interface rather than real
email client.  Emails submission from Thunderbird / Linux works fine if
I am not behind the proxy.

My initial idea as a work around was to configure a relay host on a
machine that is not behind the proxy and tell it to use SASL
authentication.  Apparently the M$ servers are "smart" enough to detect
that this is a relay server and claim that it is not allowed to
authenticate as a user like that.  

My next idea was to configure my own proxy (squid) in an attempt to get
an apparent interface that is not behind the main HTTP/S proxy.  I have
been working on this approach for quite a while and I can see (using
netstat) the email client establishing a connection to the proxy, but
it in turn makes NO attempt to connect to the smtp server
(smpt.office365.com) on port 587 (the TLS submission port).

>From what research I have done, the issue seems to revolve around the
use of the "connect" method in the proxy, but at this point I am
stumped.

I am not married to any particular solution and willing to try
alternatives, but I am currently at a loss for what they might be.  

Does anyone have a suggestion for how to "proxy" my SMTP traffic to
another machine that is not behind this proxy, but that will still
appear as a MUA (mail client, e.g. Thunderbird) and not a MTA which
apparently isn't allowed to authenticate.

More information about the TriLUG mailing list