Nagios Support Forum

just an update I reverted my host and services commands back to default and now it is only sending to the contact email but the only problem is the from address needs to be changed. as per below:
Host:
/usr/bin/printf "%b" "***** Nagios Host Notification*****\n\nNotification Type: $NOTIFICATIONTYPE$\nHost: $HOSTNAME$\nState: $HOSTSTATE$\nAddress: $HOSTADDRESS$\nInfo: $HOSTOUTPUT$\n\nDate/Time: $LONGDATETIME$\n\nPerformance Host Data: $HOSTPERFDATA$" | /bin/mail -s "** $NOTIFICATIONTYPE$ Host Alert: $HOSTNAME$ is $HOSTSTATE$ **" $CONTACTEMAIL$

Services:
/usr/bin/printf "%b" "***** Nagios Host Notification*****\n\nNotification Type: $NOTIFICATIONTYPE$\nHost: $HOSTNAME$\nState: $HOSTSTATE$\nAddress: $HOSTADDRESS$\nInfo: $HOSTOUTPUT$\n\nDate/Time: $LONGDATETIME$\n\nPerformance Host Data: $HOSTPERFDATA$" | /bin/mail -s "** $NOTIFICATIONTYPE$ Host Alert: $HOSTNAME$ is $HOSTSTATE$ **" $CONTACTEMAIL$

I believe the problem lies in the | /bin/mail -s part, as the moment we change this it does not send at all. for some reason it is using the admin_email but after I changed it it still does not send correctly

We'll likely need to add your mail server as a relay to Postfix and then set the From address and it should work.

You can follow this:

https://secopsmonkey.com/mail-relaying- ... e-365.html

But you may need to set smtp_tls_security_level to secure in the main.cf from the section at the bottom of that link (MS may require it now).

Thank you for your steps that you provided, please note I tried the steps listed and after that no notification was received again as I configured it as per the document, I am not skilled in Linux command line so might be me not doing it right, I will post my config below, I have taken a snapshot before the changes so can revert back.

after I rolled back on the snapshot, so notifications are coming from the wrong address, but are working, I did the below test in the centos command window:

echo "This is the body of the email"| mail -r [email protected] -s "This is the subject(E-Mail from SMTP Relay) line" [email protected]

and I received an email delivery failure on the email account for [email protected]

Will it be a problem with tls if our server does not have a valid certificate yet? as we have not registered it with a CA yet.
can this be a cause why it is not sending when the previous config was done
https://secopsmonkey.com/better-mail-re ... e-365.html

Your own cert doesn't matter in this case as it is the TLS connection from the MTA (postfix in this case) to the relay server (office365 in this case) and it seems like because office365 is requiring TLS on that connection and the sending of it is not using TLS (likely, we'd need to see the logs), it is getting denied because it isn't using TLS or is misconfigured somehow (I labbed it up on mine and it seemed to work).

Was postfix still setup to use TLS or was it reverted?

What does /var/log/maillog show when you send that and it fails?

I can confirmed that our config file is still setup as per below:

when the TLS settings


Please see below mail logs for Setting smtp_tls_security_level = verify

Feb 16 11:41:24 ip-172-31-16-10 postfix/pickup[22010]: E2D32D14589: uid=1000 from=<centos>
Feb 16 11:41:24 ip-172-31-16-10 postfix/cleanup[22076]: E2D32D14589: message-id=<20220216114124.E2D32D14589@ip-172-31-16-10.eu-west-2.compute.internal>
Feb 16 11:41:24 ip-172-31-16-10 postfix/qmgr[22011]: E2D32D14589: from=<[email protected]>, size=527, nrcpt=1 (queue active)
Feb 16 11:41:24 ip-172-31-16-10 postfix/tlsmgr[22079]: warning: request to update table btree:/etc/postfix/smtpd_scache in non-postfix directory /etc/postfix
Feb 16 11:41:24 ip-172-31-16-10 postfix/tlsmgr[22079]: warning: redirecting the request to postfix-owned data_directory /var/lib/postfix
Feb 16 11:41:24 ip-172-31-16-10 postfix/smtp[22078]: certificate verification failed for smtp.office365.com[52.97.219.210]:587: untrusted issuer /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA
Feb 16 11:41:24 ip-172-31-16-10 postfix/smtp[22078]: E2D32D14589: Server certificate not trusted
Feb 16 11:41:24 ip-172-31-16-10 postfix/smtp[22078]: certificate verification failed for smtp.office365.com[52.97.202.66]:587: untrusted issuer /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA
Feb 16 11:41:25 ip-172-31-16-10 postfix/smtp[22078]: E2D32D14589: Server certificate not trusted
Feb 16 11:41:25 ip-172-31-16-10 postfix/smtp[22078]: certificate verification failed for smtp.office365.com[52.97.133.178]:587: untrusted issuer /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA
Feb 16 11:41:25 ip-172-31-16-10 postfix/smtp[22078]: E2D32D14589: Server certificate not trusted
Feb 16 11:41:25 ip-172-31-16-10 postfix/smtp[22078]: certificate verification failed for smtp.office365.com[52.97.211.98]:587: untrusted issuer /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA
Feb 16 11:41:25 ip-172-31-16-10 postfix/smtp[22078]: E2D32D14589: Server certificate not trusted
Feb 16 11:41:25 ip-172-31-16-10 postfix/smtp[22078]: certificate verification failed for smtp.office365.com[52.97.211.146]:587: untrusted issuer /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA
Feb 16 11:41:25 ip-172-31-16-10 postfix/smtp[22078]: E2D32D14589: to=<[email protected]>, relay=smtp.office365.com[52.97.211.146]:587, delay=0.17, delays=0.02/0.02/0.14/0, dsn=4.7.5, status=deferred (Server certificate not trusted)

Please see below mail logs for Setting smtp_tls_security_level = may
Feb 16 11:58:09 ip-172-31-16-10 postfix/postfix-script[27266]: stopping the Postfix mail system
Feb 16 11:58:09 ip-172-31-16-10 postfix/master[22009]: terminating on signal 15
Feb 16 11:58:09 ip-172-31-16-10 postfix/postfix-script[27346]: starting the Postfix mail system
Feb 16 11:58:09 ip-172-31-16-10 postfix/master[27348]: daemon started -- version 2.10.1, configuration /etc/postfix
Feb 16 11:58:26 ip-172-31-16-10 postfix/postsuper[27416]: Deleted: 2 messages
Feb 16 11:58:29 ip-172-31-16-10 postfix/pickup[27349]: 8C89CD14575: uid=1000 from=<centos>
Feb 16 11:58:29 ip-172-31-16-10 postfix/cleanup[27421]: 8C89CD14575: message-id=<20220216115829.8C89CD14575@ip-172-31-16-10.eu-west-2.compute.internal>
Feb 16 11:58:29 ip-172-31-16-10 postfix/qmgr[27350]: 8C89CD14575: from=<[email protected]>, size=527, nrcpt=1 (queue active)
Feb 16 11:58:29 ip-172-31-16-10 postfix/tlsmgr[27424]: warning: request to update table btree:/etc/postfix/smtpd_scache in non-postfix directory /etc/postfix
Feb 16 11:58:29 ip-172-31-16-10 postfix/tlsmgr[27424]: warning: redirecting the request to postfix-owned data_directory /var/lib/postfix
Feb 16 11:58:29 ip-172-31-16-10 postfix/smtp[27423]: warning: SASL authentication failure: No worthy mechs found
Feb 16 11:58:29 ip-172-31-16-10 postfix/smtp[27423]: 8C89CD14575: SASL authentication failed; cannot authenticate to server smtp.office365.com[52.97.146.146]: no mechanism available
Feb 16 11:58:29 ip-172-31-16-10 postfix/smtp[27423]: warning: SASL authentication failure: No worthy mechs found
Feb 16 11:58:29 ip-172-31-16-10 postfix/smtp[27423]: 8C89CD14575: SASL authentication failed; cannot authenticate to server smtp.office365.com[40.100.174.18]: no mechanism available
Feb 16 11:58:29 ip-172-31-16-10 postfix/smtp[27423]: warning: SASL authentication failure: No worthy mechs found
Feb 16 11:58:29 ip-172-31-16-10 postfix/smtp[27423]: 8C89CD14575: SASL authentication failed; cannot authenticate to server smtp.office365.com[52.97.129.66]: no mechanism available
Feb 16 11:58:29 ip-172-31-16-10 postfix/smtp[27423]: warning: SASL authentication failure: No worthy mechs found
Feb 16 11:58:29 ip-172-31-16-10 postfix/smtp[27423]: 8C89CD14575: SASL authentication failed; cannot authenticate to server smtp.office365.com[40.100.174.226]: no mechanism available
Feb 16 11:58:29 ip-172-31-16-10 postfix/smtp[27423]: warning: SASL authentication failure: No worthy mechs found
Feb 16 11:58:29 ip-172-31-16-10 postfix/smtp[27423]: 8C89CD14575: to=<[email protected]>, relay=smtp.office365.com[52.97.211.146]:587, delay=0.24, delays=0.04/0.03/0.18/0, dsn=4.7.0, status=deferred (SASL authentication failed; cannot authenticate to server smtp.office365.com[52.97.211.146]: no mechanism available)

Please see below mail logs for Setting smtp_tls_security_level = secure
Feb 16 12:00:20 ip-172-31-16-10 postfix/postfix-script[28121]: starting the Postfix mail system
Feb 16 12:00:20 ip-172-31-16-10 postfix/master[28123]: daemon started -- version 2.10.1, configuration /etc/postfix
Feb 16 12:00:24 ip-172-31-16-10 postfix/pickup[28124]: 23724D1457E: uid=1000 from=<centos>
Feb 16 12:00:24 ip-172-31-16-10 postfix/cleanup[28173]: 23724D1457E: message-id=<20220216120024.23724D1457E@ip-172-31-16-10.eu-west-2.compute.internal>
Feb 16 12:00:24 ip-172-31-16-10 postfix/qmgr[28125]: 23724D1457E: from=<[email protected]>, size=527, nrcpt=1 (queue active)
Feb 16 12:00:24 ip-172-31-16-10 postfix/tlsmgr[28177]: warning: request to update table btree:/etc/postfix/smtpd_scache in non-postfix directory /etc/postfix
Feb 16 12:00:24 ip-172-31-16-10 postfix/tlsmgr[28177]: warning: redirecting the request to postfix-owned data_directory /var/lib/postfix
Feb 16 12:00:24 ip-172-31-16-10 postfix/smtp[28175]: certificate verification failed for smtp.office365.com[52.97.211.130]:587: untrusted issuer /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA
Feb 16 12:00:24 ip-172-31-16-10 postfix/smtp[28175]: 23724D1457E: Server certificate not trusted
Feb 16 12:00:24 ip-172-31-16-10 postfix/smtp[28175]: certificate verification failed for smtp.office365.com[52.98.207.130]:587: untrusted issuer /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA
Feb 16 12:00:24 ip-172-31-16-10 postfix/smtp[28175]: 23724D1457E: Server certificate not trusted
Feb 16 12:00:24 ip-172-31-16-10 postfix/smtp[28175]: certificate verification failed for smtp.office365.com[52.97.146.130]:587: untrusted issuer /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA
Feb 16 12:00:24 ip-172-31-16-10 postfix/smtp[28175]: 23724D1457E: Server certificate not trusted
Feb 16 12:00:24 ip-172-31-16-10 postfix/smtp[28175]: 23724D1457E: to=<[email protected]>, relay=smtp.office365.com[52.97.211.242]:587, delay=0.17, delays=0.02/0.02/0.12/0, dsn=4.7.5, status=deferred (Server certificate not trusted)

Please see below mail logs for Setting smtp_tls_security_level = encrypt
Feb 16 12:02:55 ip-172-31-16-10 postfix/postfix-script[28984]: starting the Postfix mail system
Feb 16 12:02:55 ip-172-31-16-10 postfix/master[28986]: daemon started -- version 2.10.1, configuration /etc/postfix
Feb 16 12:03:01 ip-172-31-16-10 postfix/pickup[28987]: DA4F6D14578: uid=1000 from=<centos>
Feb 16 12:03:01 ip-172-31-16-10 postfix/cleanup[29004]: DA4F6D14578: message-id=<20220216120301.DA4F6D14578@ip-172-31-16-10.eu-west-2.compute.internal>
Feb 16 12:03:01 ip-172-31-16-10 postfix/qmgr[28988]: DA4F6D14578: from=<[email protected]>, size=527, nrcpt=1 (queue active)
Feb 16 12:03:01 ip-172-31-16-10 postfix/tlsmgr[29007]: warning: request to update table btree:/etc/postfix/smtpd_scache in non-postfix directory /etc/postfix
Feb 16 12:03:01 ip-172-31-16-10 postfix/tlsmgr[29007]: warning: redirecting the request to postfix-owned data_directory /var/lib/postfix
Feb 16 12:03:01 ip-172-31-16-10 postfix/smtp[29006]: warning: SASL authentication failure: No worthy mechs found
Feb 16 12:03:01 ip-172-31-16-10 postfix/smtp[29006]: DA4F6D14578: SASL authentication failed; cannot authenticate to server smtp.office365.com[52.98.145.98]: no mechanism available
Feb 16 12:03:02 ip-172-31-16-10 postfix/smtp[29006]: warning: SASL authentication failure: No worthy mechs found
Feb 16 12:03:02 ip-172-31-16-10 postfix/smtp[29006]: DA4F6D14578: SASL authentication failed; cannot authenticate to server smtp.office365.com[40.99.148.226]: no mechanism available
Feb 16 12:03:02 ip-172-31-16-10 postfix/smtp[29006]: warning: SASL authentication failure: No worthy mechs found
Feb 16 12:03:02 ip-172-31-16-10 postfix/smtp[29006]: DA4F6D14578: SASL authentication failed; cannot authenticate to server smtp.office365.com[52.98.201.82]: no mechanism available
Feb 16 12:03:02 ip-172-31-16-10 postfix/smtp[29006]: warning: SASL authentication failure: No worthy mechs found
Feb 16 12:03:02 ip-172-31-16-10 postfix/smtp[29006]: DA4F6D14578: SASL authentication failed; cannot authenticate to server smtp.office365.com[52.97.211.210]: no mechanism available
Feb 16 12:03:02 ip-172-31-16-10 postfix/smtp[29006]: warning: SASL authentication failure: No worthy mechs found
Feb 16 12:03:02 ip-172-31-16-10 postfix/smtp[29006]: DA4F6D14578: SASL authentication failed; cannot authenticate to server smtp.office365.com[52.97.211.210]: no mechanism available
Feb 16 12:03:02 ip-172-31-16-10 postfix/smtp[29006]: warning: SASL authentication failure: No worthy mechs found
Feb 16 12:03:02 ip-172-31-16-10 postfix/smtp[29006]: DA4F6D14578: to=<[email protected]>, relay=smtp.office365.com[52.97.212.66]:587, delay=0.45, delays=0.02/0.03/0.4/0, dsn=4.7.0, status=deferred (SASL authentication failed; cannot authenticate to server smtp.office365.com[52.97.212.66]: no mechanism available)

So I have tried all the TLS methods and they are all failing to sent, what else can we check that is causing this?
Here is our current config:

relayhost = [smtp.office365.com]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_generic_maps = hash:/etc/postfix/generic
smtp_tls_security_level = secure
smtp_sasl_security_options = noanonymous
smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA
smtpd_tls_dh1024_param_file = /etc/ssl/private/dhparams.pem

smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_protocols = !SSLv2, !SSLv3
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
smtp_tls_protocols = !SSLv2, !SSLv3
smtpd_use_tls = yes
smtpd_tls_cert_file = /etc/pki/tls/certs/mailserver.crt
smtpd_tls_key_file = /etc/pki/tls/certs/mailserver.key
smtpd_tls_session_cache_database = btree:/etc/postfix/smtpd_scache
sender_canonical_classes = envelope_sender, header_sender
sender_canonical_maps = regexp:/etc/postfix/sender_canonical_maps
smtp_header_checks = regexp:/etc/postfix/header_checks

Interesting, the CA certificate of smtp.office365.com doesn't show as trusted:

Try adding this to your /etc/postfix/main.cf:
Then restart postfix and test again and look at /var/log/maillog after and send us what you see.

What does this output? (mine validates properly)
EDIT: If that doesn't resolve it, please create a ticket for this and include a link back to this forum thread so we can get a remote session setup:

https://support.nagios.com/tickets/

I have run the command "echo 'DONE' | openssl s_client -showcerts -starttls smtp -connect smtp.office365.com:587"
and this is the output of the command:
[centos@ip-172-31-16-10 ~]$ echo 'DONE' | openssl s_client -showcerts -starttls smtp -connect smtp.office365.com:587
CONNECTED(00000003)
depth=2 C = US, O = DigiCert Inc, OU = http://www.digicert.com, CN = DigiCert Global Root CA
verify return:1
depth=1 C = US, O = DigiCert Inc, CN = DigiCert Cloud Services CA-1
verify return:1
depth=0 C = US, ST = Washington, L = Redmond, O = Microsoft Corporation, CN = outlook.com
verify return:1
---
Certificate chain
0 s:/C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=outlook.com
i:/C=US/O=DigiCert Inc/CN=DigiCert Cloud Services CA-1
-----BEGIN CERTIFICATE-----
MIIIpzCCB4+gAwIBAgIQBEr4a+ILMVzhIrB2q8+TNjANBgkqhkiG9w0BAQsFADBL
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMSUwIwYDVQQDExxE
aWdpQ2VydCBDbG91ZCBTZXJ2aWNlcyBDQS0xMB4XDTIxMTIyMjAwMDAwMFoXDTIy
MTIyMjIzNTk1OVowajELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24x
EDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlv
bjEUMBIGA1UEAxMLb3V0bG9vay5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQCn6pKzwizY2nXMMIIZInJAL4VKPmj6K/ajdoeYRGv/ZNE34wzA0Sxn
jVCqZ9BiJqXOjnU/GYscMMKwiWWtpX7QIIMq85XDQ66ljgwqUrUNHanlaUT9sips
fu2noOYpme5CjPfBZhAnNfZT1T99N83j2xpNL+sE1sXeX2BLPL58w3VQ8V4dYj+R
W8OcBEWjS4lbx9otdGHk26GPwliywyGGh8v6JiQgZz5YgMdjkfuvdJCCC2zO1MsP
AMpas3zAwLs4l2lflMW3IcBJ2QuD4A7YG5ovPNjK9MrO3nWSAuMjeKb/rthyEJLF
46ts8ucTbUUQ0Eh/5ivTjpMgaQyqqjBlAgMBAAGjggVmMIIFYjAfBgNVHSMEGDAW
gBTdUdCiMXOpc66PtAF+XYxXy5/w9zAdBgNVHQ4EFgQUMM4Nzcwnh7M3gsyZMVh7
M9xLe4owggIQBgNVHREEggIHMIICA4IWKi5pbnRlcm5hbC5vdXRsb29rLmNvbYIN
Ki5vdXRsb29rLmNvbYILb3V0bG9vay5jb22CDW9mZmljZTM2NS5jb22CDyoub2Zm
aWNlMzY1LmNvbYIXKi5vdXRsb29rLm9mZmljZTM2NS5jb22CDCoub2ZmaWNlLmNv
bYISb3V0bG9vay5vZmZpY2UuY29tghRzdWJzdHJhdGUub2ZmaWNlLmNvbYIbYXR0
YWNobWVudC5vdXRsb29rLmxpdmUubmV0gh1hdHRhY2htZW50Lm91dGxvb2sub2Zm
aWNlLm5ldIIgYXR0YWNobWVudC5vdXRsb29rLm9mZmljZXBwZS5uZXSCFmF0dGFj
aG1lbnRzLm9mZmljZS5uZXSCFiouY2xvLmZvb3RwcmludGRucy5jb22CFioubnJi
LmZvb3RwcmludGRucy5jb22CHWNjcy5sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29t
giFjY3Mtc2RmLmxvZ2luLm1pY3Jvc29mdG9ubGluZS5jb22CGHN1YnN0cmF0ZS1z
ZGYub2ZmaWNlLmNvbYIaYXR0YWNobWVudHMtc2RmLm9mZmljZS5uZXSCCioubGl2
ZS5jb22CFm1haWwuc2VydmljZXMubGl2ZS5jb22CC2hvdG1haWwuY29tgg0qLmhv
dG1haWwuY29tMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYI
KwYBBQUHAwIwgY0GA1UdHwSBhTCBgjA/oD2gO4Y5aHR0cDovL2NybDMuZGlnaWNl
cnQuY29tL0RpZ2lDZXJ0Q2xvdWRTZXJ2aWNlc0NBLTEtZzEuY3JsMD+gPaA7hjlo
dHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRDbG91ZFNlcnZpY2VzQ0Et
MS1nMS5jcmwwPgYDVR0gBDcwNTAzBgZngQwBAgIwKTAnBggrBgEFBQcCARYbaHR0
cDovL3d3dy5kaWdpY2VydC5jb20vQ1BTMHwGCCsGAQUFBwEBBHAwbjAlBggrBgEF
BQcwAYYZaHR0cDovL29jc3B4LmRpZ2ljZXJ0LmNvbTBFBggrBgEFBQcwAoY5aHR0
cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0Q2xvdWRTZXJ2aWNlc0NB
LTEuY3J0MAwGA1UdEwEB/wQCMAAwggF/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB3
AEalVet1+pEgMLWiiWn0830RLEF0vv1JuIWr8vxw/m1HAAABfd94XTUAAAQDAEgw
RgIhAKUPcqO2fbXJVv5K07a4k4RV1o45ofW9NdTOMfZY0GwkAiEAw0HzEmbmoxs3
UE7OMrax3gf24Uyjk+hE3LYnT6yS78MAdgBRo7D1/QF5nFZtuDd4jwykeswbJ8v3
nohCmg3+1IsF5QAAAX3feF1/AAAEAwBHMEUCIHxCoIEIVZrurS7q8wngw7/uSU3u
JXn35m0Ky7CBj64bAiEAsDjzdZc83I5h3QEnrBAm/HJTM/yjCNcrerbHKXNiZvoA
dgBByMqx3yJGShDGoToJQodeTjGLGwPr60vHaPCQYpYG9gAAAX3feFzwAAAEAwBH
MEUCIQC0wORZaecx0BVLZ3qFIF6ewfZ8Ho1TeNlBRMWqaKSTtQIgT1oshpp1a5eX
suamF+39jmKnRi9hQEjCyDIj6ejeEOYwDQYJKoZIhvcNAQELBQADggEBAJHER/vE
BjYmM3x++km/2z0DnEatVZ8+cSZZ5CwiIENwcqJxY6GNM1Iu/YF9g/Pxt2YXcYB2
79eHAJl2XAytzAaBYR0jqQMCohci6PzEjDDArgV3DkzwdcpEOL2vyDyC01tAPjgH
w/STVDpwcntIEdjmbdy+ykMTnBvf2azJmSOTcv6eX9dUO1s0amXk6iZUY/VU1WYQ
cObRwXre+4EUCQ9mq5dinUk+USZ/gcShwI/BRG3KLJzGPJFI0Q+/YGfBJi2TOcjo
/iA/UzISaPOag6DcaZJ6xCOMHWWpwo4iGD8WvXrnLXEaHBXtXHOEQni331Msu1mV
+BXVCDQGeUwrWqM=
-----END CERTIFICATE-----
1 s:/C=US/O=DigiCert Inc/CN=DigiCert Cloud Services CA-1
i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA
-----BEGIN CERTIFICATE-----
MIIE5jCCA86gAwIBAgIQDxcaSMbyI4CSGM0u1t3A6DANBgkqhkiG9w0BAQsFADBh
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD
QTAeFw0yMDA5MjUwMDAwMDBaFw0zMDA5MjQyMzU5NTlaMEsxCzAJBgNVBAYTAlVT
MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxJTAjBgNVBAMTHERpZ2lDZXJ0IENsb3Vk
IFNlcnZpY2VzIENBLTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDR
rfaHFHlUJ1fHLwVoPJs8zWfsRRAshPKkR8TZU0JFCbvk/jPB17xGL9GL5re1Z3h8
anC+/bjltlTPTF6suCJ0c1UpCHPIZPfQlQkOeYNQv1/11MybQmGOgAS5QarOThKZ
m6zWxb5bAnO1FqSrcWLUmOpAOYWm9rsv6OeHwov2nDLN7Pg+v4nndCOCS9rqv3Om
JTz9v6nlaP/4MKJgxzsuo/PFfzs7/Q8xoXx0D9C/FMS9aPGl52un35sAfkYlTubo
E/P2BsfUbwsnIEJdYbw/YNJ8lnLJfLCL//lIBVME+iKvt81RXW3dkHQD8DNP9MfA
PlZGR69zIIvcej6j8l3/AgMBAAGjggGuMIIBqjAdBgNVHQ4EFgQU3VHQojFzqXOu
j7QBfl2MV8uf8PcwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUwDgYD
VR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjASBgNV
HRMBAf8ECDAGAQH/AgEAMHYGCCsGAQUFBwEBBGowaDAkBggrBgEFBQcwAYYYaHR0
cDovL29jc3AuZGlnaWNlcnQuY29tMEAGCCsGAQUFBzAChjRodHRwOi8vY2FjZXJ0
cy5kaWdpY2VydC5jb20vRGlnaUNlcnRHbG9iYWxSb290Q0EuY3J0MHsGA1UdHwR0
MHIwN6A1oDOGMWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2Jh
bFJvb3RDQS5jcmwwN6A1oDOGMWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdp
Q2VydEdsb2JhbFJvb3RDQS5jcmwwMAYDVR0gBCkwJzAHBgVngQwBATAIBgZngQwB
AgEwCAYGZ4EMAQICMAgGBmeBDAECAzANBgkqhkiG9w0BAQsFAAOCAQEANJE52TD/
zFvmYQGp0P3ntVzclyqsN7Aga/s2SmhGoow32hcBWc6OVgQILYjXndBwRdTn6/97
nb+5a0sEfMoc7mto2ALmLim+XgZ6bg2nQX1A2lWYUoFou0YDHzGsKUNcLQOjoJU4
t9UMxv6+Je7RB77+j3mVmsNxBF13Q+LEHWiY+IJSazVqv7w73izbAFo6cF9sK0hp
qdmSKdB/MNfnT9YF4/WYlyCwFhpaK3mPuU2XiOzGswPhMMRwgawnk4XTNemtHPSq
fP/JzQHsefL75Tx5c8tHJAcp3C/QD+JcUUHocUPuW62x79wO9pNl5N5U4jIVFa4k
x6pNQytYvwMPeg==
-----END CERTIFICATE-----
---
Server certificate
subject=/C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=outlook.com
issuer=/C=US/O=DigiCert Inc/CN=DigiCert Cloud Services CA-1
---
No client certificate CA names sent
Client Certificate Types: RSA sign, DSA sign, ECDSA sign
Requested Signature Algorithms: 0x04+0x08:0x05+0x08:0x06+0x08:RSA+SHA256:RSA+SHA384:RSA+SHA1:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA1:DSA+SHA1:RSA+SHA512:ECDSA+SHA512
Shared Requested Signature Algorithms: RSA+SHA256:RSA+SHA384:RSA+SHA1:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA1:DSA+SHA1:RSA+SHA512:ECDSA+SHA512
Peer signing digest: SHA256
Server Temp Key: ECDH, P-384, 384 bits
---
SSL handshake has read 4377 bytes and written 494 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 2305000010DEE795E26CF29B122F15124D265BFED536EA913AD2B825383B3C64
Session-ID-ctx:
Master-Key: AC6CA7BD834913F30F58445609792C03CBA67892ED7F47528548F21C38CA27C8B6972B3A63E35A70AF3AA246564360BE
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1645084048
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
250 SMTPUTF8
DONE
[centos@ip-172-31-16-10 ~]$


This is with the TLS setting set to "secure" after adding the line "smtp_tls_CAfile=/etc/pki/tls/certs/ca-bundle.crt" to main.cf

Feb 17 07:47:17 ip-172-31-16-10 postfix/postfix-script[8849]: refreshing the Postfix mail system
Feb 17 07:47:17 ip-172-31-16-10 postfix/master[8818]: reload -- version 2.10.1, configuration /etc/postfix
Feb 17 07:49:03 ip-172-31-16-10 postfix/pickup[8853]: D3CD2C1A03F: uid=1000 from=<centos>
Feb 17 07:49:03 ip-172-31-16-10 postfix/cleanup[9456]: D3CD2C1A03F: message-id=<20220217074903.D3CD2C1A03F@ip-172-31-16-10.eu-west-2.compute.internal>
Feb 17 07:49:03 ip-172-31-16-10 postfix/qmgr[8854]: D3CD2C1A03F: from=<[email protected]>, size=501, nrcpt=1 (queue active)
Feb 17 07:49:03 ip-172-31-16-10 postfix/tlsmgr[9459]: warning: request to update table btree:/etc/postfix/smtpd_scache in non-postfix directory /etc/postfix
Feb 17 07:49:03 ip-172-31-16-10 postfix/tlsmgr[9459]: warning: redirecting the request to postfix-owned data_directory /var/lib/postfix
Feb 17 07:49:03 ip-172-31-16-10 postfix/smtp[9458]: warning: SASL authentication failure: No worthy mechs found
Feb 17 07:49:03 ip-172-31-16-10 postfix/smtp[9458]: D3CD2C1A03F: SASL authentication failed; cannot authenticate to server smtp.office365.com[52.97.211.146]: no mechanism available
Feb 17 07:49:03 ip-172-31-16-10 postfix/smtp[9458]: warning: SASL authentication failure: No worthy mechs found
Feb 17 07:49:03 ip-172-31-16-10 postfix/smtp[9458]: D3CD2C1A03F: SASL authentication failed; cannot authenticate to server smtp.office365.com[52.97.211.194]: no mechanism available
Feb 17 07:49:03 ip-172-31-16-10 postfix/smtp[9458]: warning: SASL authentication failure: No worthy mechs found
Feb 17 07:49:03 ip-172-31-16-10 postfix/smtp[9458]: D3CD2C1A03F: SASL authentication failed; cannot authenticate to server smtp.office365.com[52.97.211.210]: no mechanism available
Feb 17 07:49:04 ip-172-31-16-10 postfix/smtp[9458]: warning: SASL authentication failure: No worthy mechs found
Feb 17 07:49:04 ip-172-31-16-10 postfix/smtp[9458]: D3CD2C1A03F: to=<[email protected]>, relay=smtp.office365.com[52.97.146.210]:587, delay=0.16, delays=0.02/0.02/0.12/0, dsn=4.7.0, status=deferred (SASL authentication failed; cannot authenticate to server smtp.office365.com[52.97.146.210]: no mechanism available)
Feb 17 07:49:28 ip-172-31-16-10 postfix/postsuper[9543]: Deleted: 25 messages
Feb 17 07:49:33 ip-172-31-16-10 postfix/pickup[8853]: 2C634D14575: uid=1000 from=<centos>
Feb 17 07:49:33 ip-172-31-16-10 postfix/cleanup[9456]: 2C634D14575: message-id=<20220217074933.2C634D14575@ip-172-31-16-10.eu-west-2.compute.internal>
Feb 17 07:49:33 ip-172-31-16-10 postfix/qmgr[8854]: 2C634D14575: from=<[email protected]>, size=501, nrcpt=1 (queue active)
Feb 17 07:49:33 ip-172-31-16-10 postfix/smtp[9458]: warning: SASL authentication failure: No worthy mechs found
Feb 17 07:49:33 ip-172-31-16-10 postfix/smtp[9458]: 2C634D14575: SASL authentication failed; cannot authenticate to server smtp.office365.com[52.97.208.34]: no mechanism available
Feb 17 07:49:33 ip-172-31-16-10 postfix/smtp[9458]: warning: SASL authentication failure: No worthy mechs found
Feb 17 07:49:33 ip-172-31-16-10 postfix/smtp[9458]: 2C634D14575: SASL authentication failed; cannot authenticate to server smtp.office365.com[52.98.145.66]: no mechanism available
Feb 17 07:49:33 ip-172-31-16-10 postfix/smtp[9458]: warning: SASL authentication failure: No worthy mechs found
Feb 17 07:49:33 ip-172-31-16-10 postfix/smtp[9458]: 2C634D14575: SASL authentication failed; cannot authenticate to server smtp.office365.com[52.97.179.242]: no mechanism available
Feb 17 07:49:33 ip-172-31-16-10 postfix/smtp[9458]: warning: SASL authentication failure: No worthy mechs found
Feb 17 07:49:33 ip-172-31-16-10 postfix/smtp[9458]: 2C634D14575: SASL authentication failed; cannot authenticate to server smtp.office365.com[52.97.211.130]: no mechanism available
Feb 17 07:49:33 ip-172-31-16-10 postfix/smtp[9458]: warning: SASL authentication failure: No worthy mechs found
Feb 17 07:49:33 ip-172-31-16-10 postfix/smtp[9458]: 2C634D14575: to=<[email protected]>, relay=smtp.office365.com[52.97.133.162]:587, delay=0.16, delays=0/0/0.16/0, dsn=4.7.0, status=deferred (SASL authentication failed; cannot authenticate to server smtp.office365.com[52.97.133.162]: no mechanism available)
Feb 17 07:50:14 ip-172-31-16-10 postfix/postsuper[9842]: Deleted: 1 message
Feb 17 07:50:19 ip-172-31-16-10 postfix/postfix-script[9852]: stopping the Postfix mail system
Feb 17 07:50:19 ip-172-31-16-10 postfix/master[8818]: terminating on signal 15
Feb 17 07:50:26 ip-172-31-16-10 postfix/postfix-script[9992]: starting the Postfix mail system
Feb 17 07:50:26 ip-172-31-16-10 postfix/master[9994]: daemon started -- version 2.10.1, configuration /etc/postfix
Feb 17 07:50:33 ip-172-31-16-10 postfix/postfix-script[10008]: refreshing the Postfix mail system
Feb 17 07:50:33 ip-172-31-16-10 postfix/master[9994]: reload -- version 2.10.1, configuration /etc/postfix
Feb 17 07:50:41 ip-172-31-16-10 postfix/pickup[10012]: 13A32D14578: uid=1000 from=<centos>
Feb 17 07:50:41 ip-172-31-16-10 postfix/cleanup[10028]: 13A32D14578: message-id=<20220217075041.13A32D14578@ip-172-31-16-10.eu-west-2.compute.internal>
Feb 17 07:50:41 ip-172-31-16-10 postfix/qmgr[10013]: 13A32D14578: from=<[email protected]>, size=501, nrcpt=1 (queue active)
Feb 17 07:50:41 ip-172-31-16-10 postfix/tlsmgr[10031]: warning: request to update table btree:/etc/postfix/smtpd_scache in non-postfix directory /etc/postfix
Feb 17 07:50:41 ip-172-31-16-10 postfix/tlsmgr[10031]: warning: redirecting the request to postfix-owned data_directory /var/lib/postfix
Feb 17 07:50:41 ip-172-31-16-10 postfix/smtp[10030]: warning: SASL authentication failure: No worthy mechs found
Feb 17 07:50:41 ip-172-31-16-10 postfix/smtp[10030]: 13A32D14578: SASL authentication failed; cannot authenticate to server smtp.office365.com[52.97.211.82]: no mechanism available
Feb 17 07:50:41 ip-172-31-16-10 postfix/smtp[10030]: warning: SASL authentication failure: No worthy mechs found
Feb 17 07:50:41 ip-172-31-16-10 postfix/smtp[10030]: 13A32D14578: SASL authentication failed; cannot authenticate to server smtp.office365.com[40.100.174.2]: no mechanism available
Feb 17 07:50:41 ip-172-31-16-10 postfix/smtp[10030]: warning: SASL authentication failure: No worthy mechs found
Feb 17 07:50:41 ip-172-31-16-10 postfix/smtp[10030]: 13A32D14578: SASL authentication failed; cannot authenticate to server smtp.office365.com[52.98.207.162]: no mechanism available
Feb 17 07:50:41 ip-172-31-16-10 postfix/smtp[10030]: warning: SASL authentication failure: No worthy mechs found
Feb 17 07:50:41 ip-172-31-16-10 postfix/smtp[10030]: 13A32D14578: SASL authentication failed; cannot authenticate to server smtp.office365.com[40.99.148.242]: no mechanism available
Feb 17 07:50:41 ip-172-31-16-10 postfix/smtp[10030]: warning: SASL authentication failure: No worthy mechs found
Feb 17 07:50:41 ip-172-31-16-10 postfix/smtp[10030]: 13A32D14578: SASL authentication failed; cannot authenticate to server smtp.office365.com[40.99.148.242]: no mechanism available
Feb 17 07:50:41 ip-172-31-16-10 postfix/smtp[10030]: warning: SASL authentication failure: No worthy mechs found
Feb 17 07:50:41 ip-172-31-16-10 postfix/smtp[10030]: 13A32D14578: to=<[email protected]>, relay=smtp.office365.com[52.97.146.210]:587, delay=0.19, delays=0.02/0.02/0.15/0, dsn=4.7.0, status=deferred (SASL authentication failed; cannot authenticate to server smtp.office365.com[52.97.146.210]: no mechanism available)
I will log a ticket for assistance so long, as nothing is working at this moment

Okay, sounds good, I'll keep an eye out for the ticket.

You can try this as well (even the cert is different here):
Then: