2

In Database Mail, I find this statement:

Database Mail is an enterprise solution for sending e-mail messages from the SQL Server Database Engine or Azure SQL Managed Instance. Your applications can send e-mail messages to users using Database Mail via an external SMTP server.

As I've been using Database Mail for over ten years, this is good to read.

However, apparently Database Mail uses the .NET SmtpClient class, which has not been kept up-to-date and even recommends "MailKit".

In Exchange Online / Deprecation of Basic Authentication, I find the following phrase:

SMTP AUTH will still be available when Basic authentication is permanently disabled on October 1, 2022.

So the obvious question is whether SQL Database Mail with SmtpClient uses "SMTP AUTH" and therefore can still connect to Exchange without an SMTP relay.

Or if a relay is needed, would the built-in Windows Server SMTP relay be able to "upgrade" the credential exchange when connecting off-site?

We have Database Mail configured using an outlook.com account, so there are definitely cases where Database Mail can send to a Microsoft-controlled email server using SMTP.

Bottom line, do we need to know anything other than that SMTP AUTH is still available?

Wayne Erfling
  • 140
  • 9
  • 1
    I went through something similar recently with a company that was migrating their *-nix based mail servers to Microsoft 365. You'll be sad to hear that `System.Net.Mail.SmtpClient` does not not use or understand SMTP AUTH. – AlwaysLearning Feb 03 '23 at 23:53
  • That said... Microsoft 365 does have an "App Password" concept similar to Gmail's that allows you to continue using SMTP Basic authentication over TLS (1.2 or better) with a nominated sender account. I don't have access to my work notes at the moment, but I think this page demonstrates the setup [Create app passwords from the Security info (preview) page](https://support.microsoft.com/en-us/account-billing/create-app-passwords-from-the-security-info-preview-page-d8bc744a-ce3f-4d4d-89c9-eb38ab9d4137). – AlwaysLearning Feb 03 '23 at 23:53
  • btw, I think you still need to set `SmtpClientAuthenticationDisabled` appropriately at the organization/account level as well. – AlwaysLearning Feb 03 '23 at 23:58

1 Answers1

1

Since Database Mail using the System.Net.Mail SmtpClient, it does use the SMTP AUTH protocol and only supports basic auth. But, as you said, while Microsoft has deprecated basic authentication generally, SMTP with basic auth is still supported (with some configuration necessary in Microsoft 365).

With regards to the need for a SMTP relay for modern authentication, it's not necessary for sending using Database Mail. When Microsoft eventually disables basic auth altogether, this will be the only workaround.

All that said, I've tried using MailKit with Modern Authentication using SMTP for Microsoft 365 and I get "535: 5.7.3 Authentication unsuccessful" errors, so I don't think Modern Authentication for SMTP is even supported by Microsoft 365 at this stage. I'm not sure about Outlook.com.

Jason
  • 385
  • 1
  • 2
  • 12