this post was submitted on 18 Feb 2024
13 points (71.0% liked)

Selfhosted

39435 readers
4 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
13
O365 email local cache (self.selfhosted)
submitted 10 months ago* (last edited 10 months ago) by tastysnacks to c/[email protected]
 

Work uses O365 and I'm getting a little frustrated with OWA. Thinking about running a local email server to mirror O365. In the end, I want to keep my email in O365, but have a 2 way sync with a local imap server. Looks like I have a few options on the email server - dovecot/cyrus/stalwart. For the syncing, I just see mbsync. Any experience setting up something similar? Any other options other than what I listed?

Edit: IT knows what I'm doing. I'm not going to compromise any compliance requirements we have.

all 15 comments
sorted by: hot top controversial new old
[–] [email protected] 24 points 10 months ago

No, oh god no. What you are talking about can arguably be classified as Shadow IT and can get you into trouble depending on your orgs certifications.

If you have O365 that should entitle you to Outlook and use that instead or ask your org IT what alternatives they permit.

[–] [email protected] 10 points 10 months ago (1 children)

If I was in your IT department I'd be required to shut this down and probably revoke your access until our bosses decide on your future.

Keep in mind, your employer has a responsibility to protect their data and this would subject your homelab to any legal liabilities such as a lawsuit search order and data privacy auditing.

Any solution you work out needs to be signed off on in writing if it's outside their expected usage.

Another important point o365 requires oauth2 authentication unless your IT department has intentionally allowed other forms of authentication or they are in a hybrid legacy environment.

When they broke EWS and office 2010 compatibility they crippled many foss solutions without an additional license and the tools that do work will report details to exchange about your homelab. So if your department is diligent it'll come to their attention.

[–] tastysnacks -1 points 10 months ago

Oauth2 is being used as well as 2FA. We're not breaking any of that. My local email server will be running on company equipment. I already have ITs approval on this.

[–] [email protected] 9 points 10 months ago

IMAP on O365 now requires "Modern Auth", which requires OAuth to authenticate access to mailboxes. Anything that connects via IMAP will need to be approved by the admins at this point (Including Thunderbird). Without the cooperation of your organization's IT team, you are not going to get far.

[–] [email protected] 3 points 10 months ago

M365 is doing away with all legacy authentication, do not be surprised if IMAP is completely unusable in the next 12 months. If you simply want to keep a copy of everything, a store and forward SMTP proxy would probably be the solution, so all email going to your domain would hit that first, then send off to M365.

[–] [email protected] 2 points 10 months ago* (last edited 10 months ago) (1 children)

I use Evolution with the o365 account at work. All one needs is the EWS plugin and the company tenant ID. Evolution then pretends to be a generic MS Office app, using a well-known app ID. oauth2 works just fine.

[–] [email protected] 1 points 10 months ago

Yeah, but then you have to use Evolution.

Maybe, after a few months (or a year, as I may or may not have experienced) of "communication" you'll be allowed to use Thunderbird. Only for it to be suddenly blocked again later because some dude didn't understand why can't everyone just use Outlook.

And don't even dream of having a script to, say, sort and preprocess your mail.

[–] [email protected] 2 points 10 months ago

Um....

You should take this to IT