Oauth2 for smtp.office365.com not working
I'm using Thunderbird with an office365.com account. Receive works fine. Sending always fails with:
Login to account "smtp.office365.com" failed
Login to server smtp.office365.com with username [email protected] failed.
[Enter New Password] [Cancel] [Retry]
Pressing the [Enter New Password] button makes the dialogue go away, but it doesn't prompt for a password. The OAuth2 authorisation screen I expected to appear never appears.
SMTP server config is:
Description: [email protected] Server Name: smtp.office365.com Port: 587 User Name: [email protected] Authentication method: OAuth2 Connection Security: STARTTLS
The only other thing I can think of is the org uses SSO (saml2). SMTP is turn on at the Microsoft send, and we have tried Vincent's suggestion: https://support.mozilla.org/en-US/questions/1307784#answer-1376341
Thunderbird, 115.3.2, Build ID 20231010142850. Running on macOS Sonoma Version 14.0
All Replies (7)
In Settings/Privacy & Security, Saved Passwords, is there an smtp:// entry for the O365 account? If there is, delete it, restart TB, and you should see the OAuth window, where you enter the account (not app) password for the account. If there's also an imap:// entry in Saved Passwords, delete it. There should only be a single oauth:// entry after successful OAuth authentication.
sfhowes said
In Settings/Privacy & Security, Saved Passwords, is there an smtp:// entry for the O365 account?
No, there isn't. There is only one entry there: oauth://login.microsoftonline.com (https://outlook.office.com/IMAP.AccessAsUser.All https://outlook.office.com/POP.AccessAsUser.All https://outlook.office.com/SMTP.Send%20offline_access).
I have tried deleting that one entry. After doing that that when it next needs to contact Microsoft for IMAP it prompts me for a new OAuth2 login, as expected. But it doesn't have any effect on Thunderbird's behaviour when sending emails. In particular it doesn't display an OAuth2 login for smtp.
But your comment did trigger an idea for me. I temporarily changed the IMAP login to "Normal Password" leaving smtp on OAuth2, deleted the login password mentioned above and then pressed [Send] on an email. I wanted to see what smtp does when it has no way to authenticate. It results in the OAuth2 login being displayed with a URL like https://login.microsoft.com/common/oauth2/v2.0/authorize?responde_type=code&client_id=....&redirect_uri=https%3A%2F%2Flocalho..., which immediately redirects a couple of times ending up at https://idp.DOMAIN.NAME/simplesaml/saml2/idp/SSOService.php. That page is blank, and after a second or so it disappears without asking for input. But the oauth:// password entry is recreated nonetheless, and looks to be valid because when I revert the IMAP login to OAuth2 I don't get prompted to get a new OAuth2 bearer token. So sending with SMTP is traipsing down the OAuth2 path, but in the end it fails in the way I described in my first post. Ie, it presents the dialogue with then [Enter New Password] button.
Logging generated by mailnews.smtp.loglevel = All
:
mailnews.smtp: Sending message <[email protected]> SmtpService.jsm:88:18 mailnews.smtp: Connecting to smtp://smtp.office365.com:587 SmtpClient.jsm:123:19 mailnews.smtp: Connected SmtpClient.jsm:395:17 mailnews.smtp: S: 220 SYAPR01CA0042.outlook.office365.com Microsoft ESMTP MAIL Service ready at Wed, 18 Oct 2023 21:08:37 +0000 SmtpClient.jsm:418:17 mailnews.smtp: C: EHLO [10.1.0.163] SmtpClient.jsm:622:19 mailnews.smtp: S: 250-SYAPR01CA0042.outlook.office365.com Hello [203.45.54.152] SmtpClient.jsm:418:17 250-SIZE 157286400 250-PIPELINING 250-DSN 250-ENHANCEDSTATUSCODES 250-STARTTLS 250-8BITMIME 250-BINARYMIME 250-CHUNKING 250 SMTPUTF8 mailnews.smtp: C: STARTTLS SmtpClient.jsm:622:19 mailnews.smtp: S: 220 2.0.0 SMTP server ready SmtpClient.jsm:418:17 mailnews.smtp: C: EHLO [10.1.0.163] SmtpClient.jsm:622:19 mailnews.smtp: S: 250-SYAPR01CA0042.outlook.office365.com Hello [203.45.54.152] SmtpClient.jsm:418:17 250-SIZE 157286400 250-PIPELINING 250-DSN 250-ENHANCEDSTATUSCODES 250-AUTH LOGIN XOAUTH2 250-8BITMIME 250-BINARYMIME 250-CHUNKING 250 SMTPUTF8 mailnews.smtp: Possible auth methods: XOAUTH2 SmtpClient.jsm:909:17 mailnews.smtp: Current auth method: XOAUTH2 SmtpClient.jsm:662:17 mailnews.smtp: Authentication via AUTH XOAUTH2 SmtpClient.jsm:691:21 mailnews.smtp: C: Logging suppressed (it probably contained auth information) SmtpClient.jsm:618:19 mailnews.smtp: S: 535 5.7.3 Authentication unsuccessful [SYAPR01CA0042.ausprd01.prod.outlook.com 2023-10-18T21:08:45.163Z 08DBC733EB5B4A17] SmtpClient.jsm:418:17 mailnews.smtp: Command failed: 535 Authentication unsuccessful [SYAPR01CA0042.ausprd01.prod.outlook.com 2023-10-18T21:08:45.163Z 08DBC733EB5B4A17]; currentAction=_actionAUTH_XOAUTH2 SmtpClient.jsm:545:19 mailnews.smtp: Error during AUTH XOAUTH2, sending empty response SmtpClient.jsm:1069:19 mailnews.smtp: C: SmtpClient.jsm:622:19 mailnews.smtp: S: 500 5.3.3 Unrecognized command 'unknown' [SYAPR01CA0042.ausprd01.prod.outlook.com 2023-10-18T21:08:50.194Z 08DBC733EB5B4A17] SmtpClient.jsm:418:17 mailnews.smtp: Command failed: 500 Unrecognized command 'unknown' [SYAPR01CA0042.ausprd01.prod.outlook.com 2023-10-18T21:08:50.194Z 08DBC733EB5B4A17]; currentAction=_actionAUTHComplete SmtpClient.jsm:545:19 mailnews.smtp: Authentication failed: Unrecognized command 'unknown' [SYAPR01CA0042.ausprd01.prod.outlook.com 2023-10-18T21:08:50.194Z 08DBC733EB5B4A17] SmtpClient.jsm:734:17 mailnews.smtp: Authentication failed: Unrecognized command 'unknown' [SYAPR01CA0042.ausprd01.prod.outlook.com 2023-10-18T21:08:50.194Z 08DBC733EB5B4A17] SmtpClient.jsm:775:19 mailnews.send: Sending failed; Unable to authenticate to Outgoing server (SMTP) smtp.office365.com. Please check the password and verify the 'Authentication method' in 'Account Settings | Outgoing server (SMTP)'., exitCode=2153066805, originalMsgURI=imap-message://russell.stuart%40DOMAIN.NAME@outlook.office365.com/Drafts#24 MessageSend.jsm:337:32 mailnews.smtp: Closing connection to smtp.office365.com... SmtpClient.jsm:160:21 mailnews.smtp: Socket closed. SmtpClient.jsm:518:17
I don't understand all these errors. It might be related to this being a domain account, as my consumer Hotmail account works without fail with the same server settings and OAuth2 for incoming and outgoing. There was a bug in earlier versions related to obsolete entries left over from profiles used in 102, but if you have the latest release, now 115.3.3, that shouldn't be an issue.
sfhowes said
It might be related to this being a domain account, as my consumer Hotmail account works without fail with the same server settings and OAuth2 for incoming and outgoing.
Nah, I earlier did a rm -r ~/Library/Thunderbird/
, so it was effectively a clean install.
As for the errors, Microsoft returns some sort of failure for the OAuth2 request, which is the real issue. What happens next doesn't matter so much, but what does happen is Thunderbird sends an empty response: Error during AUTH XOAUTH2, sending empty response SmtpClient.jsm:1069:19. Or so it claims - sadly the trace is suppressed. I doubt an empty response is syntactically correct, so Microsoft understandably responds with 500 5.3.3 Unrecognized command 'unknown'. The rest Thunderbird whining about that 500 response.
Configuring OAuth2 for SMTP (Simple Mail Transfer Protocol) with smtp.office365.com involves several steps to ensure proper authentication. Here's a general guide to help you troubleshoot and set up OAuth2 for smtp.office365.com:
1. **Register Your Application:**
- Go to the [Azure portal](https://portal.azure.com/). - Navigate to "Azure Active Directory" > "App registrations" > "New registration." - Provide a name for your application, choose the appropriate account type, and set the redirect URI (e.g., `https://localhost`). - Once registered, note down the Application (client) ID and Directory (tenant) ID.
2. **Generate Client Secret:**
- Under your registered application in the Azure portal, go to "Certificates & Secrets." - Generate a new client secret and note down the Value. Be cautious with the secret; it's displayed only once.
3. **Assign API Permissions:**
- In the Azure portal, navigate to "API permissions" and add the necessary permissions for Microsoft Graph API. - Common permissions for SMTP may include `Mail.ReadWrite` or `Mail.Send`.
4. **Get OAuth2 Token:**
- Use the obtained client ID, client secret, and tenant ID to obtain an OAuth2 token. You can use a tool like [Postman](https://www.postman.com/) or make HTTP requests. - Make a POST request to `https://login.microsoftonline.com/{tenant-id}/oauth2/v2.0/token` with the required parameters to obtain a token.
5. **Configure Email Client:**
- Update your email client's SMTP settings with the following details: - SMTP Server: `smtp.office365.com` - Port: `587` - Encryption: `STARTTLS` - Username: Your full Office 365 email address - Password: The OAuth2 token obtained in the previous step
6. **Verify and Test:**
- Verify that your email client is configured correctly. - Send a test email to ensure that the OAuth2 authentication is working.
7. **Check Logs and Errors:**
- If it's not working, check the logs or error messages from your email client or the tool you used to obtain the OAuth2 token. - Ensure that the permissions assigned to your application cover the necessary scopes for sending emails.
Remember that the steps may slightly vary based on the email client you are using. If you encounter specific error messages or issues, they can provide more insights into the problem. Always ensure that your application and authentication details are handled securely, and follow Microsoft's documentation for the most up-to-date information.check;https://networkershome.com/ccna-course-in-bangalore-india
The four main types of malware are:
1. **Viruses:**
- Viruses are malicious programs that attach themselves to legitimate files and programs. They spread by infecting other files or software and can often require user interaction to propagate.
2. **Worms:**
- Worms are self-replicating malware that can spread across networks without user intervention. They exploit vulnerabilities in computer systems to replicate and infect other computers.
3. **Trojans:**
- Trojans, or Trojan horses, disguise themselves as legitimate software or files to deceive users into installing them. Once activated, they can open backdoors, steal information, or perform other malicious activities.
4. **Ransomware:**
- Ransomware encrypts a user's files or entire system, rendering it inaccessible. Attackers then demand a ransom payment in exchange for providing the decryption key. Ransomware is designed to extort money from victims.
These categories cover a broad range of malicious software, and there are many subtypes and variations within each category. It's important to use reliable antivirus and anti-malware tools, keep software up to date, and example.com exercise ]caution when downloading files or clicking on links to minimize the risk of malware infections.