Configure Request Tracker (RT) to send Mails using MSMTP via Office 365 Relay

koromicha
|
Last Updated:
|
HowTos, , Request Tracker (RT), Ticketing Systems
|
Leave a Comment

In this tutorial, we are going to learn how to configure Request Tracker (RT) to send mails using MSMTP via Office 365 Relay.  Request Tracker (RT) is an enterprise-grade issue tracking/ticketing system that allows organizations to keep track of various tasks to be done, tasks completed, and when tasks were (or weren’t) completed.

Configure Request Tracker (RT) to send Mails using MSMTP via Office 365 Relay

Seamless Email Integration is one of the key features of Request Tracker (RT). Request Tracker receives and manages all email sent to your key email addresses: support@, sales@, helpdesk@, security@. Staff can manage ticket replies via email or by using RT’s full web interface.

MSMTP is an SMTP client which in the default mode (sendmail mode), it transmits a mail to an SMTP server which takes care of further delivery. Some of the supported features include:

  • TLS secured connections (including server certificate verification and the possibility to send a client certificate)
  • Authentication methods PLAIN, LOGIN, CRAM-MD5 and EXTERNAL (and GSSAPI, SCRAM-SHA-1, DIGEST-MD5, and NTLM when compiled with GNU SASL support)
  • Internationalized Domain Names (IDN)
  • DSN (Delivery Status Notification) support
  • PIPELINING support for increased transmission speed
  • RMQS (Remote Message Queue Starting) support (ETRN keyword)

Install Request Tracker

Before you can proceed to configure RT to send mails using MSMTP via Office 365 relay, we assume that you already have an RT installed and up and running.

If not, you can check our guide on how to install Request Tracker:

Install Request Tracker (RT)

Install MSMTP on CentOS 8

In our setup, we have RT running on a CentOS 8 system. Therefore, you can simply install MSMTP SMTP client from EPEL repos by executing the commands below.

sudo dnf install epel-release
sudo dnf install msmtp

On Debian/Ubuntu;

sudo apt install msmtp

Configure MSMTP to Use Office 365 Mail Relay

Once the installation is done, configure MSMTP to use Office 365 Mail relay. Therefore, create an MSMTP configuration file where you can define the SMTP server host name, authentication settings, TLS settings.

Understanding MSMTP Configuration Options

Some of the options we have used above are described below;

General Options

  • defaults: set default values for all following account definitions in the current configuration file.
  • account name: Start a new account definition with the given name. In this case, default is set as the account name.
  • host hostname: defined the SMTP server to send the mail to.
  • port number: defines the port hat the SMTP server listens on. The default is 25 (“smtp”), unless TLS without STARTTLS is used, in which case it is 465 (“smtps”).

Authentication Options

  • auth on: Enables and automatically chooses authentication method to use.
  • user [email protected]: Sets the user name for authentication.
  • password rt5User_pass: Sets the password for authentication user.

TLS Options

  • tls on: Enables SSL/TLS for secured connections.
  • tls_starttls on: enforces the use of TLS instead of SSL.
  • tls_trust_file /etc/pki/tls/certs/ca-bundle.crt: Activates server certificate verification using a list of trusted Certification Authorities (CAs). In this case, we use the default system CA file, ca-bundle.crt.
  • tls_certcheck on: Enable checks of the server certificate. This is enabled by default.

MSMTP sendmail mode Options

  • logfile: Enables logging to the specified file. An empty argument disables logging. The file name ‘’ directs the log information to standard output. In this setup, we use /opt/rt5/var/log/msmtp.log as the log file.

Configure MSMTP for Basic SMTP Authentication

Basic Authentication is the traditional and simpler method of authenticating users when sending emails via SMTP. In this kind of authentication:

  • The client (your email client or program) sends a username and a password to the SMTP server.
  • The SMTP server validates the credentials and, if they are correct, allows the client to send email.
  • Typically, the username is the email address, and the password is the account’s password.

Thus, to configure MSMTP for basic authentication against MS365 SMTP server, you will need an email account and a password for that account.

In this setup, we will place the MSMTP configuration under /opt/rt5/etc.

sudo vim /opt/rt5/etc/msmtp_wrapper.conf

Thus, insert the following configuration options into the configuration file above.

defaults
account default
host smtp.office365.com
port 587
tls on
tls_starttls  on
tls_trust_file    /etc/pki/tls/certs/ca-bundle.crt
tls_certcheck on
auth on
user [email protected]
password rt5User_pass
logfile /opt/rt5/var/log/msmtp.log

On Debian, set the SSL/TLS trust file to /etc/ssl/certs/ca-certificates.crt.

To use basic SMTP authentication, you can enable SMTP authentication for your mailbox on Office 365 as outlined below;

  1. Open the Microsoft 365 admin center and go to Users > Active users.
  2. Select the user, and in the flyout that appears, select Mail.
  3. In the Email apps section, select Manage email apps.
  4. Verify the Authenticated SMTP setting: unchecked = disabled, checked = enabled.
  5. When you’re finished, select Save changes.

You can see EXAMPLES section of man msmtp to see how the password can be encrypted. All the methods however, will provide some easy way to decrypt the pass, hence, we just opt to set it in plain text in this guide. Ensure that the file is not accessible to the world!

Once you are done defining the configuration settings, save and exit the file.

Configure MSMTP for OAuth2 Authentication

OAuth2 (Open Authorization 2.0) is a modern and more secure authentication mechanism, commonly used with services like Gmail, Outlook, and Office365. WIth OAuth2 authentication:

  • Instead of sending a username and password directly, OAuth2 uses an access token that is generated by an OAuth provider (e.g., Google, Microsoft) after an initial authentication request.
  • The client requests an access token by redirecting the user to an OAuth2 authorization endpoint.
  • The user logs in to the service (like Gmail, Outlook, etc.) and grants the application access to send emails on their behalf.
  • The service returns an access token, which the client can use to authenticate the SMTP connection and send emails.
  • Tokens are short-lived and need to be refreshed periodically (via a refresh token) to continue sending emails.

To be able to configure MSMTP for OAuth2 authentication, you need to have the client, tenant and secret ID. Follow the link below on how to obtain all these;

Microsoft 365: How to Obtain OAuth2 Client Secret and ID

msmtp app registration

Next, install getmail6, a flexible, extensible mail retrieval system with support for POP3, IMAP4, SSL variants of both, maildirs, mboxrd files, external MDAs, arbitrary message filtering, single-user and domain-mailboxes, and many other useful features.

apt install python3-pip
pip install getmail6

Kindly note that while it is generally recommended to install Python packages in a virtual-env and not globally, we have however installed getmail6 globally. For the above PIP installation to happen on system-wide, I had to rename the file, /usr/lib/python3.12/EXTERNALLY-MANAGED as;

 mv /usr/lib/python3.12/EXTERNALLY-MANAGED{,.old}

Once installed, define the Microsoft MSMTP app registration credentials.

Let’s create MSMTP configuration directory;

mkdir /etc/msmtp

Define the MSMTP Office365 credentials in a JSON file.

vim /etc/msmtp/config.json

Update the configuration below with your respective app values and paste into the file above.

{
  "scope": "https://outlook.office.com/IMAP.AccessAsUser.All offline_access",
  "user": "username@domain",
  "client_id": "18205972-xxxx-xxxx-xxxx-xxxxxxxxxxx",
  "client_secret": "ket8Q~xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
  "token_uri": "https://login.microsoftonline.com/988dda4d-xxxx-xxxx-xxxx-xxxxxxxxxxx/oauth2/v2.0/token",
  "auth_uri": "https://login.microsoftonline.com/988dda4d-xxxx-xxxx-xxxx-xxxxxxxxxxx/oauth2/v2.0/authorize"
}

Generate OAuth tokens from the configuration details above.

getmail-gmail-xoauth-tokens --init /etc/msmtp/config.json

This command will generate a URL that you need to open in a browser. Sign into the account you specified in the configuration above. Once you logged in, the script will start a local HTTP-server listening on http://localhost:8083. Copy the whole response URL including the http://localhost….

If you are connecting from a headless server system, then press CTRL+C on the terminal where you executed the command above.

Paste the resulting response URL.

After you paste, the config.json file above will be updated with the required tokens. You can cat it out to see how it is updated.

cat /etc/msmtp/config.json

Update the ownership of the configurations;

chown -R www-data: /etc/msmtp

To generate the authentication token from the updated configuration, you would use the command;

python3 /usr/local/bin/getmail-gmail-xoauth-tokens /etc/msmtp/config.json

Thus, update the MSMTP main configuration to use OAuth2.

Check our updated configuration file.

cat /opt/rt5/etc/msmtp_wrapper.conf
defaults
account default
host smtp.office365.com
port 587
tls on
tls_starttls  on
tls_trust_file /etc/ssl/certs/ca-certificates.crt
tls_certcheck on
#auth on
auth xoauth2
user username@domain
passwordeval "python3 /usr/local/bin/getmail-gmail-xoauth-tokens /etc/msmtp/config.json"
logfile /opt/rt5/var/log/msmtp.log

Set Proper Ownership and Permissions for the MSMTP RT Configuration file

Set the user and group ownership to the user which runs RT. In this case, the user is apache.

sudo chown apache:apache /opt/rt5/etc/msmtp_wrapper.conf

Debian/Ubuntu:

sudo chown www-data:www-data /opt/rt5/etc/msmtp_wrapper.conf

Set the following permissions on the file;

sudo chmod 600 /opt/rt5/etc/msmtp_wrapper.conf

Create MSMTP Wrapper Script

Next, create an MSMTP wrapper script to define how to use MSMTP configuration above as well as define RT logging.

sudo vim /opt/rt5/etc/msmtp_wrapper
#!/bin/bash
/usr/bin/msmtp -t -C /opt/rt5/etc/msmtp_wrapper.conf -f [email protected]
/usr/bin/logger -t RTmailer -p syslog.info -- CALL /usr/bin/msmtp -nt "$@" RETURNED $?

Save and exit the file.

Update the permissions and ownership of the script.

sudo chown apache:apache /opt/rt5/etc/msmtp_wrapper

Or:

sudo chown www-data:www-data /opt/rt5/etc/msmtp_wrapper
sudo chmod +x /opt/rt5/etc/msmtp_wrapper

Verify Request Tracker MSMTP Mail Sending via Office 365 Relay

The basic setup of configuring Request Tracker (RT) to send Mails using MSMTP via Office 365 Relay is done. Before you can configure Request Tracker to actually use MSMTP, all you need to do is to verify if it can actually send mails out by executing a command like as follows;

Change www-data to apache user for RHEL nodes.

echo "msmtp test" | su - www-data msmtp --debug -t -C /opt/rt5/etc/msmtp_wrapper.conf -f [email protected] [email protected]
...
<-- 235 2.7.0 Authentication successful
--> MAIL FROM:
--> RCPT TO:
--> DATA
<-- 250 2.1.0 Sender OK
<-- 250 2.1.5 Recipient OK
<-- 354 Start mail input; end with .
--> From: username@domain
--> Date: Thu, 20 Mar 2025 09:41:08 +0000
--> Message-ID: <567ef6fbd48edbbad8636becd16ea267.username@domain>
--> msmtp test
--> .
<-- 250 2.0.0 OK <567ef6fbd48edbbad8636becd16ea267.username@domain> [Hostname=AS4PR02MB8695.eurprd02.prod.outlook.com]
--> QUIT
<-- 221 2.0.0 Service closing transmission channel

If you get permission denied, check AppArmor or SELinux and adjust the configurations accordingly.

For example, to fix the issue on AppArmor on Ubuntu;

sudo sed -i '/}$/i \  /opt/rt5/etc/msmtp_wrapper.conf r,\n  /opt/rt5/var/log/msmtp.log rwk,' /etc/apparmor.d/usr.bin.msmtp

Then reload AppArmor:

sudo apparmor_parser -r /etc/apparmor.d/usr.bin.msmtp

Do the same on RHEL/CentOS, if you get the same, check audit logs and adjust the permissions accordingly.

Similarly, if you get the error about Authentication unsuccessful, basic authentication is disabled, ensure basic SMTP authentication is enabled.

If you get the error, Authentication unsuccessful, the request did not meet the criteria to be authenticated successfully. Contact your administrator, it is possibly due to 2FA/MFA enabled on your account. In this case, consider generating an App Password for your application to bypass MFA during SMTP authentication. Use this App Password as the value of password parameter in the /opt/rt5/etc/msmtp_wrapper.conf configuration.

If, even after using the App Password you still get the error:

<-- 535 5.7.139 Authentication unsuccessful, user is locked by your organization's security defaults policy. Contact your administrator. [FR4P281CA0277.DEUP281.PROD.OUTLOOK.COM 2025-03-19T20:19:10.027Z 08DD65997BABC015]
msmtp: authentication failed (method LOGIN)
msmtp: server message: 535 5.7.139 Authentication unsuccessful, user is locked by your organization's security defaults policy. Contact your administrator. [FR4P281CA0277.DEUP281.PROD.OUTLOOK.COM 2025-03-19T20:19:10.027Z 08DD65997BABC015]
msmtp: could not send mail (account default from /opt/rt5/etc/msmtp_wrapper.conf)

Then consider configuring MSMTP to use OAuth2 as detailed above.

At the same time, you can tail the log as follows;

sudo tail -f /opt/rt5/var/log/msmtp.log
Mar 05 22:32:40 host=smtp.office365.com tls=on auth=on [email protected] [email protected] [email protected] mailsize=76 smtpstatus=250 smtpmsg='250 2.0.0 OK <AM7PR02MB61935B8DE42984C804747177D2720@AM7PR02MB6193.eurprd02.prod.outlook.com> [Hostname=AM7PR02MB6193.eurprd02.prod.outlook.com]' exitcode=EX_OK

And that seems pretty fine.

Configure Request Tracker to use MSMTP to send Mails

Once you have confirmed that MSMTP can relay mails via Office 365 SMTP servers, proceed to configure RT to use MSMTP to send emails.

Edit the line RT site config file, /opt/rt5/etc/RT_SiteConfig.pm, and replace the path on the line to Set($SendmailPath , "..."); with the path to MSMTP wrapper config file.

In our setup, we had previously configured RT to send mails using Posfix.

Set( $SendmailPath, '/usr/sbin/postfix' );

Hence, run the command below to replace it;

sed -i 's|^Set( \$SendmailPath, .* );|Set( \$SendmailPath, '\''/opt/rt5/etc/msmtp_wrapper'\'' );|' /opt/rt5/etc/RT_SiteConfig.pm

This line should now looks like;

Set( $SendmailPath, '/opt/rt5/etc/msmtp_wrapper' );

Run RT site configuration syntax checks before signing off;

perl -c /opt/rt5/etc/RT_SiteConfig.pm

If all is well, you should get Syntax Ok.

/opt/rt5/etc/RT_SiteConfig.pm syntax OK

In our next tutorial, we will learn how to configure Request Tracker to retrieve mails with Fetchmail.

Reference

Msmtp - Request Tracker Wiki

Msmtp configuration options

Other Tutorials

Install and Setup Suricata on CentOS 8

Configure LibModSecurity with Apache on CentOS 8

Configure LibModSecurity with Nginx on CentOS 8

SUPPORT US VIA A VIRTUAL CUP OF COFFEE

We're passionate about sharing our knowledge and experiences with you through our blog. If you appreciate our efforts, consider buying us a virtual coffee. Your support keeps us motivated and enables us to continually improve, ensuring that we can provide you with the best content possible. Thank you for being a coffee-fueled champion of our work!

Photo of author
koromicha
I am the Co-founder of Kifarunix.com, Linux and the whole FOSS enthusiast, Linux System Admin and a Blue Teamer who loves to share technological tips and hacks with others as a way of sharing knowledge as: "In vain have you acquired knowledge if you have not imparted it to others".

Related Posts

Tips for Crafting a Winning Loan Application for Startups

Install MySQL Workbench on Oracle Linux 8

The Silver Linings of Distance Learning

Install and Setup Suricata on Rocky Linux

Install Zammad Ticketing System on Ubuntu 22.04

Install and Setup DVWA on Rocky Linux 8

Leave a Comment

© 2025 kifarunix.com

Home Advertise with us Privacy Policy