Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
RE: office365 smtp auth issue
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Randall via curl-library <curl-library_at_lists.haxx.se>
Date: Fri, 29 Sep 2023 02:19:51 -0400
On Thursday, September 28, 2023 3:03 AM, Volker Schmid wrote:
>Am 27.09.23 um 23:37 schrieb Ray Satiro via curl-library:
>> On 9/25/2023 9:59 AM, Volker Schmid via curl-library wrote:
>>> we are using libcurl in version 7.71.1 (32 bit) on Windows to send
>>> email using SMTP. The login fails to some customers office365.com
>>> server. Here is the log. I replaced some sensitive information with
>>> xxxxxxx, please apologise.
>>>
>>> CURL: Trying 52.97.201.114:25...
>>> CURL: Connected to smtp.office365.com (52.97.201.114) port 25
>>> (#0)
>>> CURL: 220 AM9P195CA0024.outlook.office365.com Microsoft ESMTP
>>> MAIL Service ready at Thu, 21 Sep 2023 13:58:47 +0000
>>> CURL: EHLO XXXXXXXXXX-102
>>> CURL: 250-AM9P195CA0024.outlook.office365.com Hello
>>> [185.173.180.160]
>>> CURL: 250-SIZE 157286400
>>> CURL: 250-PIPELINING
>>> CURL: 250-DSN
>>> CURL: 250-ENHANCEDSTATUSCODES
>>> CURL: 250-STARTTLS
>>> CURL: 250-8BITMIME
>>> CURL: 250-BINARYMIME
>>> CURL: 250-CHUNKING
>>> CURL: 250 SMTPUTF8
>>> CURL: STARTTLS
>>> CURL: 220 2.0.0 SMTP server ready
>>> CURL: EHLO XXXXXXXXXX-102
>>> CURL: 250-AM9P195CA0024.outlook.office365.com Hello
>>> [185.173.xxx.xxx]
>>> CURL: 250-SIZE 157286400
>>> CURL: 250-PIPELINING
>>> CURL: 250-DSN
>>> CURL: 250-ENHANCEDSTATUSCODES
>>> CURL: 250-AUTH LOGIN XOAUTH2
>>> CURL: 250-8BITMIME
>>> CURL: 250-BINARYMIME
>>> CURL: 250-CHUNKING
>>> CURL: 250 SMTPUTF8
>>> CURL: AUTH LOGIN
>>> CURL: 334 xxxxxxxxxxxxxxxx
>>> CURL: xxxxxxxxxxxxxxxxxxxxxx==
>>> CURL: 334 xxxxxxxxxxxxxxxx
>>> CURL: xxxxxxxxxxxxxxxxx=
>>> CURL: Operation timed out after 8002 milliseconds with 0 out of 0
>>> bytes received
>>> CURL: Closing connection 0
>>> CURL: schannel: shutting down SSL/TLS connection with
>>> smtp.office365.com port 25
>>> Error performing GET. Curl ec:28
>>> CURL Error Buffer content: Operation timed out after 8002
>>> milliseconds with 0 out of 0 bytes received
>>>
>>> It looks like only AUTH LOGIN XOAUTH2 is supported and the lib is
>>> trying AUTH LOGIN. This was answered with silence for > 8 seconds and
>>> then timed out.
>>>
>>> Is there some flag or option we need to turn on in libcurl to allow
>>> SMTP sending through such email server?
>>>
>>> I already found the CURLOPT_XOAUTH2_BEARER option, but to be honest I
>>> don't know the process to get the values needed. From where do I get
>>> a Bearer Token? Do I have to ask the customer on every sending for
>>> some token? Or is this some setting the customer enters like a
>>> username and I have to save and use it? How does this work?
>>
>>
>> If you're seeing it only on some accounts then maybe there's a setting
>> to shut it off. Google had a similar situation for a while and now on
>> most accounts they require the tokens for security since by using them
>> you can limit the scope of what can be accessed on the account.
>>
>> I can't speak to MS but for Google there has to be some initial
>> interactive authentication (as in, a browser or something will open)
>> on the user's end where they are logged in to their account and
>> authorize access to an "app" registered beforehand (you can do this as
>> a
>> developer) that can access specific scopes of the account (eg app can
>> only access gmail e-mail). Once the interactive auth is complete it
>> gives an access token (ephemeral) and a refresh token (use to get more
>> access tokens when they expire). Depending on how long the refresh
>> token will last you could use it to generate more access tokens.
>>
>> I don't know of what library in C can do this. Once the interaction
>> phase is over you could work with the user's refresh token via libcurl
>> to request new access tokens via libcurl, if MS API allows it. For
>> Google I wrote some perl scripts that use curl to retrieve tokens [1].
>>
>>
>> [1]: https://github.com/jay/curl_google_oauth
>>
>
>Thank you Ray, that was helpful. I just found some small examples calling these
>URLs. But if I let the user open some URL, how do I get the result? Webbrowsers
>usually don't tell me the results of opening a URL. I'm confused. Theremust be some
>API that I have to call for sure.
>
>Until now, I only have email address, password and smtp mailserver. This is
>provided by the user. The thing is, I should open some URL now. But what URL is to
>be used for the token? Microsoft for sure uses other URLs than Google and others.
>But the mailserver neither tells me the URL nor do I get it from somewhere else? The
>user don't knows it either. Maybe it is derived from the domain part of the email
>address? Is there a standard RFC that I can refer to for learning this?
Office365 uses SMTP host smtp-mail.outlook.com, port 587, and STARTTLS encryption. As far as I know, it does not listen on port 25.
Regards,
Randall
Date: Fri, 29 Sep 2023 02:19:51 -0400
On Thursday, September 28, 2023 3:03 AM, Volker Schmid wrote:
>Am 27.09.23 um 23:37 schrieb Ray Satiro via curl-library:
>> On 9/25/2023 9:59 AM, Volker Schmid via curl-library wrote:
>>> we are using libcurl in version 7.71.1 (32 bit) on Windows to send
>>> email using SMTP. The login fails to some customers office365.com
>>> server. Here is the log. I replaced some sensitive information with
>>> xxxxxxx, please apologise.
>>>
>>> CURL: Trying 52.97.201.114:25...
>>> CURL: Connected to smtp.office365.com (52.97.201.114) port 25
>>> (#0)
>>> CURL: 220 AM9P195CA0024.outlook.office365.com Microsoft ESMTP
>>> MAIL Service ready at Thu, 21 Sep 2023 13:58:47 +0000
>>> CURL: EHLO XXXXXXXXXX-102
>>> CURL: 250-AM9P195CA0024.outlook.office365.com Hello
>>> [185.173.180.160]
>>> CURL: 250-SIZE 157286400
>>> CURL: 250-PIPELINING
>>> CURL: 250-DSN
>>> CURL: 250-ENHANCEDSTATUSCODES
>>> CURL: 250-STARTTLS
>>> CURL: 250-8BITMIME
>>> CURL: 250-BINARYMIME
>>> CURL: 250-CHUNKING
>>> CURL: 250 SMTPUTF8
>>> CURL: STARTTLS
>>> CURL: 220 2.0.0 SMTP server ready
>>> CURL: EHLO XXXXXXXXXX-102
>>> CURL: 250-AM9P195CA0024.outlook.office365.com Hello
>>> [185.173.xxx.xxx]
>>> CURL: 250-SIZE 157286400
>>> CURL: 250-PIPELINING
>>> CURL: 250-DSN
>>> CURL: 250-ENHANCEDSTATUSCODES
>>> CURL: 250-AUTH LOGIN XOAUTH2
>>> CURL: 250-8BITMIME
>>> CURL: 250-BINARYMIME
>>> CURL: 250-CHUNKING
>>> CURL: 250 SMTPUTF8
>>> CURL: AUTH LOGIN
>>> CURL: 334 xxxxxxxxxxxxxxxx
>>> CURL: xxxxxxxxxxxxxxxxxxxxxx==
>>> CURL: 334 xxxxxxxxxxxxxxxx
>>> CURL: xxxxxxxxxxxxxxxxx=
>>> CURL: Operation timed out after 8002 milliseconds with 0 out of 0
>>> bytes received
>>> CURL: Closing connection 0
>>> CURL: schannel: shutting down SSL/TLS connection with
>>> smtp.office365.com port 25
>>> Error performing GET. Curl ec:28
>>> CURL Error Buffer content: Operation timed out after 8002
>>> milliseconds with 0 out of 0 bytes received
>>>
>>> It looks like only AUTH LOGIN XOAUTH2 is supported and the lib is
>>> trying AUTH LOGIN. This was answered with silence for > 8 seconds and
>>> then timed out.
>>>
>>> Is there some flag or option we need to turn on in libcurl to allow
>>> SMTP sending through such email server?
>>>
>>> I already found the CURLOPT_XOAUTH2_BEARER option, but to be honest I
>>> don't know the process to get the values needed. From where do I get
>>> a Bearer Token? Do I have to ask the customer on every sending for
>>> some token? Or is this some setting the customer enters like a
>>> username and I have to save and use it? How does this work?
>>
>>
>> If you're seeing it only on some accounts then maybe there's a setting
>> to shut it off. Google had a similar situation for a while and now on
>> most accounts they require the tokens for security since by using them
>> you can limit the scope of what can be accessed on the account.
>>
>> I can't speak to MS but for Google there has to be some initial
>> interactive authentication (as in, a browser or something will open)
>> on the user's end where they are logged in to their account and
>> authorize access to an "app" registered beforehand (you can do this as
>> a
>> developer) that can access specific scopes of the account (eg app can
>> only access gmail e-mail). Once the interactive auth is complete it
>> gives an access token (ephemeral) and a refresh token (use to get more
>> access tokens when they expire). Depending on how long the refresh
>> token will last you could use it to generate more access tokens.
>>
>> I don't know of what library in C can do this. Once the interaction
>> phase is over you could work with the user's refresh token via libcurl
>> to request new access tokens via libcurl, if MS API allows it. For
>> Google I wrote some perl scripts that use curl to retrieve tokens [1].
>>
>>
>> [1]: https://github.com/jay/curl_google_oauth
>>
>
>Thank you Ray, that was helpful. I just found some small examples calling these
>URLs. But if I let the user open some URL, how do I get the result? Webbrowsers
>usually don't tell me the results of opening a URL. I'm confused. Theremust be some
>API that I have to call for sure.
>
>Until now, I only have email address, password and smtp mailserver. This is
>provided by the user. The thing is, I should open some URL now. But what URL is to
>be used for the token? Microsoft for sure uses other URLs than Google and others.
>But the mailserver neither tells me the URL nor do I get it from somewhere else? The
>user don't knows it either. Maybe it is derived from the domain part of the email
>address? Is there a standard RFC that I can refer to for learning this?
Office365 uses SMTP host smtp-mail.outlook.com, port 587, and STARTTLS encryption. As far as I know, it does not listen on port 25.
Regards,
Randall
-- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2023-09-29