SMTP Authentication Puns

Hey everyone,

I'm hoping someone here has run into a similar issue and can offer some guidance. I have a client that has been connecting to our application so far via basic auth smtp. We recently added SMTP via OAuth support but it does not seem to be successful for the client. In our logs we keep seeing "535 5.7.3 authentication unsuccessful".
Some additional info:
- The basic SMTP connection and the OAuth SMTP connection are using the same Exchange account
- The refresh token seems to successfully generate
- Tests using our own internal sandbox Exchange are successful
- Scope being sent is as follows:
https://outlook.office.com/IMAP.AccessAsUser.All
https://outlook.office.com/Mail.Read
https://outlook.office.com/POP.AccessAsUser.All
https://outlook.office.com/SMTP.Send https://outlook.office.com/User.Read

Any thoughts on what could be causing this? Thank you for your time.

If the SMTP authentication is disabled, is it possible that someone can connect unauthenticated or is it that they can't use SMTP at all?

Good Afternoon Guys,

Just a quick one really, in our office we use a HP Pro 477 DW

Over the weekend, all members of staff (including the email address the printer sends from) were given MFA

Subsequently, we are no longer able to scan to email, getting the error message "SMTP server requires authentication. make sure the username and password are specified."

Without removing the MFA from the profile, how do I get round this?

Thanks

The Python o365 library apparently provides authentication to Office365 through oauth2 for IMAP and SMTP, among other services, now that Microsoft has discontinued support for basic authentication. Unfortunately, my elisp skills are close to zero, so I have no idea how to implement this on Emacs. However, given that all Emacs mail clients have suddenly been rendered useless for anyone using Office365, maybe it would also be a public service if someone could show how to implement this.

I don’t know who else might be interested, but I would certainly email a copy and a link over to Dirk-Jan C. Binnema, the author of mu4e, to see if he might be interested in having a copy for reference.

This kind of authentication is clearly going to be of increasing importance to anyone who uses Emacs as an email client.

Thank you.

UPDATE: Ultimately, as u/fieldviewmousehouse suggested below, I found Davmail to be the best solution at present. Its Active Directory app code is deprecated but will continue to be supported until 2022, by which time I assume the author will have upgraded to Microsoft Graph. I am still able to use an app password to fetch my mail with mbysync. This is fortunate, because I found that I could only use mbysync with Davmail if I created a self-signed ssl certificate for localhost, but I could only send mail with an unencrypted local smtp connection. (M$ barfed if I used a self-signed certificate, but I do not think "localhost" will support any other kind.) It would be great if anyone can help me resolve this issue, but at least I am able to continue using mu4e for the time being. Thank you, u/HitTheGlassdoor for the patch. You may find more people need it in the future.

Ultimately, I think there needs to be solution native to emacs, which ought to be possible in light of the fact that oauth2 support already exists. There is some interesting work being done by u/harishkrupo at https://github.com/harishkrupo/oauth2ms, but although I was able to configure the Microsoft Graph App, I have not quite been able to make the oauth2ms app work on the Mac. However, this is the most promising future solution I have been able to find after an extensive search.

As referenced months ago when Microsoft announced the eventual disabling of basic authentication, Exchange Online now fully supports OAuth 2.0 atop legacy protocols such as IMAP, POP, and SMTP.

https://techcommunity.microsoft.com/t5/exchange-team-blog/announcing-oauth-2-0-support-for-imap-and-smtp-auth-protocols-in/ba-p/1330432

https://techcommunity.microsoft.com/t5/exchange-team-blog/announcing-oauth-support-for-pop-in-exchange-online/ba-p/1406600

I'm not aware of any mail clients that currently use anything other than basic authentication over IMAP, but at least Microsoft has completed their part. Now the ball is completely in app developers' courts. Thunderbird has it on their roadmap for a future release, so that takes care of a whole ton of people clinging to IMAP & basic auth for dear life.

I use sendgrid for SMTP and now they are mandating use of API Key instead of username & password. they plan on rejecting all auth with username/password on Jan 13,2021.

Any of you know how to use API Key instead of username/password in nextcloud?

Hi folks,

How do I configure the Receive connector for third party email gateway (e.g. Cisco IronPort, FortiMail, Symantec MG, etc.) to authenticate and send as unanonymous?

I keep getting 530 5.7.57 Client was not authenticated to send anonymous during MAIL FROM

The current Frontend Receive connector has Basic authentication OFF, TLS authentication + Mutual ON, Exchange Server authentication ON. There are Exchange servers, Legacy Exchange servers and Exchange users in permission group (tried Partners but failed)

Topology is Internet > Email Gateway > Exchange. Having trouble receiving email as it keeps bouncing back with the above error.

as the title says :(

Quick question, Im trying to set up mail notification for Veeam jobs and I need a SMTP server, which I have installed with postfix. The authentication fails, for a user in my machine. Is authentication in SMTP users in the host?

Hey guys, really need your help on this one.

I recently got my first developer job and I have my first task assignment to create a report that will be sent on daily basis in form of a mail.

I am unable to authenticate my request to send mail, it fails with code 535 for incorrect credentials and I am using my account credentials for the authentication and I am positive that I am using correct credentials

In company we have business office 365 and I don't have access to set SMTP or to change it.

I was wondering if any of you have had the same issue and if someone knows an alternative to this problem or even how to fix it?

Do I need to reach out to administrators to enable SMTP authentication for my account?

Any assistance is GREATLY appreciated Cheers!

Hallo,

I need to configure a program running on a server outside my organization. In the program settings I enter the ip of my exchange server (Exchange 2013), Sender E-mail, port 25 (without encryption should working) and Authenticated user. I tried with different users, even with my Domain admin. Always receive SMTP Error: 535 5.7.8 error authentication failed. I will be grateful for any help.

Ensure that SMTP is completely open for the company Exchange server. That way, you can send email from any address (internal or external) to any other address (again internal or external) with no authentication. What could possibly go wrong?

I am at the tail end of a months long project of upgrading from Exchange 2010 to 2019, with the final stage being installing the connectors for some later date when my organization will go to O365, that is a decision beyond my pay level.

Today we completed running the Exchange Hybrid Configuration Wizard which appears to have broken authentication for some of our systems that send email messages through the use of authenticated SMTP connections. This is confusing because it was my consultant's understanding that nothing should have changed in regards to existing connectors for our on-prem Exchange server, but while the wizard was in progress updating the AD objects a couple of departments started calling in.

The affected systems seem to be older and more basic SMTP interfaces that pretty much have fill in the blank options for From address, Account, Password, Subject and Body. There isn't even an option to change from the default SMTP port.

Has anyone experienced anything similar to this? Another unexpected result of the wizard was that the outbound Office 365 connector was created and our default one was disabled which caused another issue that we caught and resolved, but this one I still need to try finding a resolution for. Thanks!

Update:

I was deep diving in my connector logs and have found differences in the Pipelining DSN EnhancedStatusCodes from prior to running the Hybrid Config and after. Here is the line when it was working:

250 [mailserver] Hello [sendingIP] SIZE 37748736 PIPELINING DSN ENHANCEDSTATUSCODES STARTTLS X-ANONYMOUSTLS AUTH NTLM LOGIN X-EXPS GSSAPI NTLM 8BITMIME BINARYMIME CHUNKING SMTPUTF8 XRDST

After it broke the LOGIN code vanished from this line, and it is the only thing that I can tell is different

Is anyone else having trouble sending emails from their @mail.mcgill.ca account when using the send mail as feature on Gmail? I contacted IT and they said it's on Gmail's side but the Gmail error is on authentication. I double checked the password multiple times and a staff account works so I want to get a feeling for who else might be on the same boat. I just want a show of hands if anyone IS having the same issue.

UPDATE: Went to IT services desk, and they said it's a known issue for three weeks, it's affecting random accounts at random intervals (which is why one of my accounts sometimes works). Since Gmail is a third party, they suggest contacting gmail support. I think we'll get more traction (with Gmail and McGill) if more people publicly report the issue here so we can get a sense of how widespread it is, instead of trying to go at it alone with one of the biggest companies. So if you or someone you know is having intermittent issues, please report below!

I'm evaluating mailcow-dockerized to replace some existing mail infrastructure, so far it seems great, can't see myself ever building another mail deployment from scratch again.

I'm wondering if there's a way to define an alias for a mailbox that will be evaluated when a user authenticates - I would like to avoid re-configuring mail clients when we cutover to mailcow (we've migrated mailbox contents already), however our users are currently authenticating over IMAP and SMTP using usernames in the form of 'mailbox-exampleorg' instead of 'mailbox@example.org'. If we could define authentication aliases for mailboxes being migrated from the old platform this would be a big time saver.

Thanks!

My 1st post here :-)

After hours and more of trying to make the registration email being sent, I will take a chance to ask here

- my SMART host / external SMTP server authorized DISCOURSE IP ADDRESS to relay

- I can't find how to setup Discourse to relay to mail.something.com " WITHOUT Authenticating"...

I found some thread on the web saying to enter none in user and password but it does't work.

How can tweak DISCOURSE to not use a user and password to send it's email to the outside world ?

thank you so much in advance...

I am currently writing up a project plan and thinking about a project we have planned for 2019 and was hoping the community could help me get my head around the best possibly way to accomplish our goals.

Currently our internal Exchange Servers allow relaying from internal services to external email addresses without any type of SMTP authentication enabled. We have lots of technical debt from years of custom application development which means I can't just turn off anonymous access without massively breaking things around my organization.

I want to slowly figure out every account sending with anonymous access and migrate them over.

Currently I am looking at the protocol logging logs from Exchange 2016 to see if i can pinpoint what identifies whether and email sent was authenticated or not but I don't know how to read the log well enough to figure out what is authenticated or not.

Does anyone have an easy way to look at the Exchange Receive Connector protocol logs and figure out what is and is not being sent anonymously?

Or what is the best way to cutover all of my internal devices that send email through our exchange server to use SMTP authentication and STARTTLS without just removing access from Anonymous sending?

OK, I'm a PS newbie, but I think I have a reasonable grasp of how SMTP works. I want to use PowerShell to send an email to a mailbox on a specific server. I shouldn't need to authenticate, because the target mailbox exists on that server. (If SMTP servers required authenitcation to accept mail for their own mailboxes, no one would ever be able to send mail to one another.) I can't seem to get it to work though. I keep getting "The SMTP server requires a secure connection." Any help?

A heads up for anyone who load balances Exchange on their Netscaler, a couple clients we've upgraded to the latest 11.1 firmware have had SMTP stop flowing through their Netscaler, and when we try it directly we get an authentication error. The common cause seems to be having the vserver and service group/members set to port 25 ANY. Re-creating the vserver and service group with port 25 TCP resolves the issue. Haven't come across anyone using SMTP over UDP fortunately.

Hi.

Got request to provide a web server with SMTP server address and credentials for the purpose of sending e-mails. Relay is out of question - web server doesn't belong to us.

So, I've been playing around with receive connectors but I have some issues:

• #Default Frontend EXCHANGE_SERVER:

• Basic authentication - checked

• Offer basic authentication only after starting TLS - UNchecked

• Exchange users - checked

The rest is more or less left with defaults. When I test it internally:

telnet EXCHANGE_SERVER 25
helo
auth login
BASE64_LOGIN
BASE64_PASSWORD

Exchange returns:

535 5.7.3 Authentication unsuccessful

Strangely though, when I continue with:

mail from:somemail@contoso.com
rcpt to:marek1712@contoso.com
DATA
Subject:Test mail - SMTP
This is only test from marek1712
.
quit

mail is delivered successfully. Of course "somemail@contoso.com" uses login & pass provided earlier.

Any idea why Exchange behaves like this?

EDIT:

I just noticed that 250-AUTH LOGIN isn't returned in the greeting:

250-SIZE 52428800
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-STARTTLS
250-X-ANONYMOUSTLS
250-AUTH NTLM LOGIN
250-X-EXPS GSSAPI NTLM
250-8BITMIME
250-BINARYMIME
250-CHUNKING
250 XRDST

Do I have to restart Transport Service after making changes?

The title

As referenced months ago when Microsoft announced the eventual disabling of basic authentication, Exchange Online now fully supports OAuth 2.0 atop legacy protocols such as IMAP, POP, and SMTP.

https://techcommunity.microsoft.com/t5/exchange-team-blog/announcing-oauth-2-0-support-for-imap-and-smtp-auth-protocols-in/ba-p/1330432

https://techcommunity.microsoft.com/t5/exchange-team-blog/announcing-oauth-support-for-pop-in-exchange-online/ba-p/1406600

I'm not aware of any mail clients that currently use anything other than basic authentication over IMAP, but at least Microsoft has completed their part. Now the ball is completely in app developers' courts. Thunderbird has it on their roadmap for a future release, so that takes care of a whole ton of people clinging to IMAP & basic auth for dear life.