Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
Re: office365 smtp auth issue
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Volker Schmid via curl-library <curl-library_at_lists.haxx.se>
Date: Thu, 28 Sep 2023 09:03:06 +0200
Am 27.09.23 um 23:37 schrieb Ray Satiro via curl-library:
> On 9/25/2023 9:59 AM, Volker Schmid via curl-library wrote:
>> we are using libcurl in version 7.71.1 (32 bit) on Windows to send
>> email using SMTP. The login fails to some customers office365.com
>> server. Here is the log. I replaced some sensitive information with
>> xxxxxxx, please apologise.
>>
>> CURL: Trying 52.97.201.114:25...
>> CURL: Connected to smtp.office365.com (52.97.201.114) port 25 (#0)
>> CURL: 220 AM9P195CA0024.outlook.office365.com Microsoft ESMTP MAIL
>> Service ready at Thu, 21 Sep 2023 13:58:47 +0000
>> CURL: EHLO XXXXXXXXXX-102
>> CURL: 250-AM9P195CA0024.outlook.office365.com Hello [185.173.180.160]
>> CURL: 250-SIZE 157286400
>> CURL: 250-PIPELINING
>> CURL: 250-DSN
>> CURL: 250-ENHANCEDSTATUSCODES
>> CURL: 250-STARTTLS
>> CURL: 250-8BITMIME
>> CURL: 250-BINARYMIME
>> CURL: 250-CHUNKING
>> CURL: 250 SMTPUTF8
>> CURL: STARTTLS
>> CURL: 220 2.0.0 SMTP server ready
>> CURL: EHLO XXXXXXXXXX-102
>> CURL: 250-AM9P195CA0024.outlook.office365.com Hello [185.173.xxx.xxx]
>> CURL: 250-SIZE 157286400
>> CURL: 250-PIPELINING
>> CURL: 250-DSN
>> CURL: 250-ENHANCEDSTATUSCODES
>> CURL: 250-AUTH LOGIN XOAUTH2
>> CURL: 250-8BITMIME
>> CURL: 250-BINARYMIME
>> CURL: 250-CHUNKING
>> CURL: 250 SMTPUTF8
>> CURL: AUTH LOGIN
>> CURL: 334 xxxxxxxxxxxxxxxx
>> CURL: xxxxxxxxxxxxxxxxxxxxxx==
>> CURL: 334 xxxxxxxxxxxxxxxx
>> CURL: xxxxxxxxxxxxxxxxx=
>> CURL: Operation timed out after 8002 milliseconds with 0 out of 0
>> bytes received
>> CURL: Closing connection 0
>> CURL: schannel: shutting down SSL/TLS connection with
>> smtp.office365.com port 25
>> Error performing GET. Curl ec:28
>> CURL Error Buffer content: Operation timed out after 8002
>> milliseconds with 0 out of 0 bytes received
>>
>> It looks like only AUTH LOGIN XOAUTH2 is supported and the lib is
>> trying AUTH LOGIN. This was answered with silence for > 8 seconds and
>> then timed out.
>>
>> Is there some flag or option we need to turn on in libcurl to allow
>> SMTP sending through such email server?
>>
>> I already found the CURLOPT_XOAUTH2_BEARER option, but to be honest I
>> don't know the process to get the values needed. From where do I get a
>> Bearer Token? Do I have to ask the customer on every sending for some
>> token? Or is this some setting the customer enters like a username and
>> I have to save and use it? How does this work?
>
>
> If you're seeing it only on some accounts then maybe there's a setting
> to shut it off. Google had a similar situation for a while and now on
> most accounts they require the tokens for security since by using them
> you can limit the scope of what can be accessed on the account.
>
> I can't speak to MS but for Google there has to be some initial
> interactive authentication (as in, a browser or something will open) on
> the user's end where they are logged in to their account and authorize
> access to an "app" registered beforehand (you can do this as a
> developer) that can access specific scopes of the account (eg app can
> only access gmail e-mail). Once the interactive auth is complete it
> gives an access token (ephemeral) and a refresh token (use to get more
> access tokens when they expire). Depending on how long the refresh token
> will last you could use it to generate more access tokens.
>
> I don't know of what library in C can do this. Once the interaction
> phase is over you could work with the user's refresh token via libcurl
> to request new access tokens via libcurl, if MS API allows it. For
> Google I wrote some perl scripts that use curl to retrieve tokens [1].
>
>
> [1]: https://github.com/jay/curl_google_oauth
>
Thank you Ray, that was helpful. I just found some small examples calling these URLs. But if I let the user open some URL, how do I get the result? Webbrowsers usually don't tell me the results of opening a URL. I'm confused. Theremust be some API that I have to call for sure.
Until now, I only have email address, password and smtp mailserver. This is provided by the user. The thing is, I should open some URL now. But what URL is to be used for the token? Microsoft for sure uses other URLs than Google and others. But the mailserver neither tells me the URL nor do I get it from somewhere else? The user don't knows it either. Maybe it is derived from the domain part of the email address? Is there a standard RFC that I can refer to for learning this?
Date: Thu, 28 Sep 2023 09:03:06 +0200
Am 27.09.23 um 23:37 schrieb Ray Satiro via curl-library:
> On 9/25/2023 9:59 AM, Volker Schmid via curl-library wrote:
>> we are using libcurl in version 7.71.1 (32 bit) on Windows to send
>> email using SMTP. The login fails to some customers office365.com
>> server. Here is the log. I replaced some sensitive information with
>> xxxxxxx, please apologise.
>>
>> CURL: Trying 52.97.201.114:25...
>> CURL: Connected to smtp.office365.com (52.97.201.114) port 25 (#0)
>> CURL: 220 AM9P195CA0024.outlook.office365.com Microsoft ESMTP MAIL
>> Service ready at Thu, 21 Sep 2023 13:58:47 +0000
>> CURL: EHLO XXXXXXXXXX-102
>> CURL: 250-AM9P195CA0024.outlook.office365.com Hello [185.173.180.160]
>> CURL: 250-SIZE 157286400
>> CURL: 250-PIPELINING
>> CURL: 250-DSN
>> CURL: 250-ENHANCEDSTATUSCODES
>> CURL: 250-STARTTLS
>> CURL: 250-8BITMIME
>> CURL: 250-BINARYMIME
>> CURL: 250-CHUNKING
>> CURL: 250 SMTPUTF8
>> CURL: STARTTLS
>> CURL: 220 2.0.0 SMTP server ready
>> CURL: EHLO XXXXXXXXXX-102
>> CURL: 250-AM9P195CA0024.outlook.office365.com Hello [185.173.xxx.xxx]
>> CURL: 250-SIZE 157286400
>> CURL: 250-PIPELINING
>> CURL: 250-DSN
>> CURL: 250-ENHANCEDSTATUSCODES
>> CURL: 250-AUTH LOGIN XOAUTH2
>> CURL: 250-8BITMIME
>> CURL: 250-BINARYMIME
>> CURL: 250-CHUNKING
>> CURL: 250 SMTPUTF8
>> CURL: AUTH LOGIN
>> CURL: 334 xxxxxxxxxxxxxxxx
>> CURL: xxxxxxxxxxxxxxxxxxxxxx==
>> CURL: 334 xxxxxxxxxxxxxxxx
>> CURL: xxxxxxxxxxxxxxxxx=
>> CURL: Operation timed out after 8002 milliseconds with 0 out of 0
>> bytes received
>> CURL: Closing connection 0
>> CURL: schannel: shutting down SSL/TLS connection with
>> smtp.office365.com port 25
>> Error performing GET. Curl ec:28
>> CURL Error Buffer content: Operation timed out after 8002
>> milliseconds with 0 out of 0 bytes received
>>
>> It looks like only AUTH LOGIN XOAUTH2 is supported and the lib is
>> trying AUTH LOGIN. This was answered with silence for > 8 seconds and
>> then timed out.
>>
>> Is there some flag or option we need to turn on in libcurl to allow
>> SMTP sending through such email server?
>>
>> I already found the CURLOPT_XOAUTH2_BEARER option, but to be honest I
>> don't know the process to get the values needed. From where do I get a
>> Bearer Token? Do I have to ask the customer on every sending for some
>> token? Or is this some setting the customer enters like a username and
>> I have to save and use it? How does this work?
>
>
> If you're seeing it only on some accounts then maybe there's a setting
> to shut it off. Google had a similar situation for a while and now on
> most accounts they require the tokens for security since by using them
> you can limit the scope of what can be accessed on the account.
>
> I can't speak to MS but for Google there has to be some initial
> interactive authentication (as in, a browser or something will open) on
> the user's end where they are logged in to their account and authorize
> access to an "app" registered beforehand (you can do this as a
> developer) that can access specific scopes of the account (eg app can
> only access gmail e-mail). Once the interactive auth is complete it
> gives an access token (ephemeral) and a refresh token (use to get more
> access tokens when they expire). Depending on how long the refresh token
> will last you could use it to generate more access tokens.
>
> I don't know of what library in C can do this. Once the interaction
> phase is over you could work with the user's refresh token via libcurl
> to request new access tokens via libcurl, if MS API allows it. For
> Google I wrote some perl scripts that use curl to retrieve tokens [1].
>
>
> [1]: https://github.com/jay/curl_google_oauth
>
Thank you Ray, that was helpful. I just found some small examples calling these URLs. But if I let the user open some URL, how do I get the result? Webbrowsers usually don't tell me the results of opening a URL. I'm confused. Theremust be some API that I have to call for sure.
Until now, I only have email address, password and smtp mailserver. This is provided by the user. The thing is, I should open some URL now. But what URL is to be used for the token? Microsoft for sure uses other URLs than Google and others. But the mailserver neither tells me the URL nor do I get it from somewhere else? The user don't knows it either. Maybe it is derived from the domain part of the email address? Is there a standard RFC that I can refer to for learning this?
-- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2023-09-28