4

I try to send mails via the smtp of office 365. I setup an app registration for native client in azure and set the permission SMTP.Send. But when I connect I've been able to get a token, but the sending doesn't work.

In all others articles I read, that I need to set 'https://outlook.office.com/SMTP.Send', but I do not find any way in set it in the API permissions of the my app in the Azure Active Directory. I can only set if for Graph 'https://graph.microsoft.com/SMTP.Send' or Exchange 'https://ps.outlook.com/Mail.Send.All'.

Do I overlook something? Would be really great if someone could give me a hint? Or maybe it it's not possible for native clients?

Here my code to get the access credentials:

var cca = ConfidentialClientApplicationBuilder
    .Create("---")
    .WithClientSecret("----")
    .WithTenantId("----").Build();
var ewsScopes = new List<string>() { "https://outlook.office365.com/.default" };
var authResult = cca.AcquireTokenForClient(ewsScopes).ExecuteAsync().GetAwaiter().GetResult();
string xoauthKey = OAuth2.GetXOAuthKeyStatic(fromAddress, authResult.AccessToken);

// content of xoauthKey:
// user=my-testmailAccount�auth=Bearer eyJ0eXAiOiJKV1QiLCJub25jZSI6IjR....��

I use mailbee or maikit to actually send the mails.

This is the smtp log:

[15:41:09.26] [INFO] Assembly version: 11.0.0 build 569 for .NET 4.5.
[15:41:09.26] [INFO] Will test sending mail message.
[15:41:09.32] [INFO] Will resolve host "smtp.office365.com".
[15:41:09.33] [INFO] Host "smtp.office365.com" resolved to IP address(es) 52.97.151.146, 52.98.208.82, 52.98.212.194, 52.97.137.66.
[15:41:09.33] [INFO] Will connect to host "smtp.office365.com" on port 587.
[15:41:09.35] [INFO] Socket connected to IP address 52.97.151.146 on port 587.
[15:41:09.38] [RECV] 220 AM6P194CA0020.outlook.office365.com Microsoft ESMTP MAIL Service ready at Mon, 16 May 2022 13:41:09 +0000\r\n
[15:41:09.38] [INFO] Connected to mail service at host "smtp.office365.com" on port 587 and ready.
[15:41:09.38] [INFO] Will send Hello command (HELO or EHLO).
[15:41:09.38] [SEND] EHLO [10.0.0.4]\r\n
[15:41:09.40] [RECV] 250-AM6P194CA0020.outlook.office365.com Hello [20.113.132.65]\r\n250-SIZE 157286400\r\n250-PIPELINING\r\n250-DSN\r\n250-ENHANCEDSTATUSCODES\r\n250-STARTTLS\r\n250-8BITMIME\r\n250-BINARYMIME\r\n250-CHUNKING\r\n250 SMTPUTF8\r\n
[15:41:09.41] [INFO] SMTP Hello completed.
[15:41:09.41] [INFO] Notify server that we are ready to start TLS/SSL negotiation.
[15:41:09.41] [SEND] STARTTLS\r\n
[15:41:09.43] [RECV] 220 2.0.0 SMTP server ready\r\n
[15:41:09.43] [INFO] Will start TLS/SSL negotiation sequence.
[15:41:09.47] [INFO] TLS/SSL negotiation completed.
[15:41:09.47] [INFO] Will send Hello command (HELO or EHLO).
[15:41:09.48] [SEND] EHLO [10.0.0.4]\r\n
[15:41:09.49] [RECV] 250-AM6P194CA0020.outlook.office365.com Hello [20.113.132.65]\r\n250-SIZE 157286400\r\n250-PIPELINING\r\n250-DSN\r\n250-ENHANCEDSTATUSCODES\r\n250-AUTH LOGIN XOAUTH2\r\n250-8BITMIME\r\n250-BINARYMIME\r\n250-CHUNKING\r\n250 SMTPUTF8\r\n
[15:41:09.49] [INFO] SMTP Hello completed.
[15:41:09.49] [INFO] Will login as "my-testmailAccount".
[15:41:09.50] [INFO] Will try SASL XOAUTH2 authentication method.
[15:41:09.50] [SEND] AUTH XOAUTH2\r\n
[15:41:09.51] [RECV] 334 \r\n
[15:41:09.52] [SEND] ********\r\n
[15:41:15.15] [RECV] 535 5.7.3 Authentication unsuccessful [AM6P194CA0020.EURP194.PROD.OUTLOOK.COM]\r\n
[15:41:15.17] [INFO] Will disconnect from host "smtp.office365.com".
[15:41:15.17] [INFO] Disconnected from host "smtp.office365.com".
[15:41:15.17] [INFO] Error: The server has rejected authentication data sent by the client. The server responded: 535 5.7.3 Authentication unsuccessful [AM6P194CA0020.EURP194.PROD.OUTLOOK.COM].

I enabled a lot of permissions, but nothing helped. permissions

Sven Boris Bornemann
  • 131
  • 2
  • 6
  • Does checking IMAP email work? When IMAP.AccessAsUser.All is set? I.e. the problem is only with sending while receiving works or nothing works at all? – Alex May 23 '22 at 14:03
  • I tried, but also with IMAP.AccessAsUser.All id doesn't work. – Sven Boris Bornemann May 30 '22 at 07:14
  • 1
    Have you tried Office365RegularAccounts sample app in MailBee.NET docs? It's mentioned in https://afterlogic.com/mailbee-net/docs/#OAuth2Office365RegularAccountsInstalledApps.html guide. – Alex May 30 '22 at 09:11
  • Hi, yes this worked. But the example uses the AcquireTokenInteractive of the PublicClientApplication and I try to use AcquireTokenForClient from the ConfidentialClientApplicationBuilder. I try to use the native client approach, but maybe this is not possible! Maybe the reason is the SendAs delegation which I can't set to the native client! – Sven Boris Bornemann May 31 '22 at 08:59
  • Ahh, got it now. No, Office 365 explicitly forbids confidential apps from accessing via IMAP or SMTP. Only public clients are allowed. – Alex May 31 '22 at 10:46
  • Mhh this is not good for my case. But thank you very much. – Sven Boris Bornemann May 31 '22 at 10:56
  • @alex Mailkit doesn't have any limitation as mentioned in the [comments here](https://stackoverflow.com/questions/64806662/using-oauth2-to-send-email-via-office365-c-sharp/64823506#comment132258704_64823506) – hiFI Jan 05 '23 at 04:25
  • @hiFI Neither any other OAuth 2.0 client does. Such limitations can only be imposed by the server. – Alex Jan 06 '23 at 08:46

1 Answers1

0

You may have SMTP auth turned off.

  • Go to: https://admin.microsoft.com/ and sign in.
  • Users > Active users.
  • Select the user, and in the flyout that appears, click "Mail".
  • In the Email apps section, click "Manage email apps".
  • Find "Authenticated SMTP". If it is NOT checked, check it and click SAVE CHANGES. If it IS checked, uncheck it -> SAVE CHANGES -> re-check it -> SAVE CHANGES.

-- From https://afterlogic.com/mailbee-net/docs/#OAuth2Office365RegularAccountsInstalledApps.html

Alex
  • 2,469
  • 3
  • 28
  • 61