Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
Re: office365 smtp auth issue
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Ray Satiro via curl-library <curl-library_at_lists.haxx.se>
Date: Wed, 27 Sep 2023 17:37:53 -0400
On 9/25/2023 9:59 AM, Volker Schmid via curl-library wrote:
> we are using libcurl in version 7.71.1 (32 bit) on Windows to send
> email using SMTP. The login fails to some customers office365.com
> server. Here is the log. I replaced some sensitive information with
> xxxxxxx, please apologise.
>
> CURL: Trying 52.97.201.114:25...
> CURL: Connected to smtp.office365.com (52.97.201.114) port 25 (#0)
> CURL: 220 AM9P195CA0024.outlook.office365.com Microsoft ESMTP MAIL
> Service ready at Thu, 21 Sep 2023 13:58:47 +0000
> CURL: EHLO XXXXXXXXXX-102
> CURL: 250-AM9P195CA0024.outlook.office365.com Hello [185.173.180.160]
> CURL: 250-SIZE 157286400
> CURL: 250-PIPELINING
> CURL: 250-DSN
> CURL: 250-ENHANCEDSTATUSCODES
> CURL: 250-STARTTLS
> CURL: 250-8BITMIME
> CURL: 250-BINARYMIME
> CURL: 250-CHUNKING
> CURL: 250 SMTPUTF8
> CURL: STARTTLS
> CURL: 220 2.0.0 SMTP server ready
> CURL: EHLO XXXXXXXXXX-102
> CURL: 250-AM9P195CA0024.outlook.office365.com Hello [185.173.xxx.xxx]
> CURL: 250-SIZE 157286400
> CURL: 250-PIPELINING
> CURL: 250-DSN
> CURL: 250-ENHANCEDSTATUSCODES
> CURL: 250-AUTH LOGIN XOAUTH2
> CURL: 250-8BITMIME
> CURL: 250-BINARYMIME
> CURL: 250-CHUNKING
> CURL: 250 SMTPUTF8
> CURL: AUTH LOGIN
> CURL: 334 xxxxxxxxxxxxxxxx
> CURL: xxxxxxxxxxxxxxxxxxxxxx==
> CURL: 334 xxxxxxxxxxxxxxxx
> CURL: xxxxxxxxxxxxxxxxx=
> CURL: Operation timed out after 8002 milliseconds with 0 out of 0
> bytes received
> CURL: Closing connection 0
> CURL: schannel: shutting down SSL/TLS connection with
> smtp.office365.com port 25
> Error performing GET. Curl ec:28
> CURL Error Buffer content: Operation timed out after 8002
> milliseconds with 0 out of 0 bytes received
>
> It looks like only AUTH LOGIN XOAUTH2 is supported and the lib is
> trying AUTH LOGIN. This was answered with silence for > 8 seconds and
> then timed out.
>
> Is there some flag or option we need to turn on in libcurl to allow
> SMTP sending through such email server?
>
> I already found the CURLOPT_XOAUTH2_BEARER option, but to be honest I
> don't know the process to get the values needed. From where do I get a
> Bearer Token? Do I have to ask the customer on every sending for some
> token? Or is this some setting the customer enters like a username and
> I have to save and use it? How does this work?
If you're seeing it only on some accounts then maybe there's a setting
to shut it off. Google had a similar situation for a while and now on
most accounts they require the tokens for security since by using them
you can limit the scope of what can be accessed on the account.
I can't speak to MS but for Google there has to be some initial
interactive authentication (as in, a browser or something will open) on
the user's end where they are logged in to their account and authorize
access to an "app" registered beforehand (you can do this as a
developer) that can access specific scopes of the account (eg app can
only access gmail e-mail). Once the interactive auth is complete it
gives an access token (ephemeral) and a refresh token (use to get more
access tokens when they expire). Depending on how long the refresh token
will last you could use it to generate more access tokens.
I don't know of what library in C can do this. Once the interaction
phase is over you could work with the user's refresh token via libcurl
to request new access tokens via libcurl, if MS API allows it. For
Google I wrote some perl scripts that use curl to retrieve tokens [1].
[1]: https://github.com/jay/curl_google_oauth
Date: Wed, 27 Sep 2023 17:37:53 -0400
On 9/25/2023 9:59 AM, Volker Schmid via curl-library wrote:
> we are using libcurl in version 7.71.1 (32 bit) on Windows to send
> email using SMTP. The login fails to some customers office365.com
> server. Here is the log. I replaced some sensitive information with
> xxxxxxx, please apologise.
>
> CURL: Trying 52.97.201.114:25...
> CURL: Connected to smtp.office365.com (52.97.201.114) port 25 (#0)
> CURL: 220 AM9P195CA0024.outlook.office365.com Microsoft ESMTP MAIL
> Service ready at Thu, 21 Sep 2023 13:58:47 +0000
> CURL: EHLO XXXXXXXXXX-102
> CURL: 250-AM9P195CA0024.outlook.office365.com Hello [185.173.180.160]
> CURL: 250-SIZE 157286400
> CURL: 250-PIPELINING
> CURL: 250-DSN
> CURL: 250-ENHANCEDSTATUSCODES
> CURL: 250-STARTTLS
> CURL: 250-8BITMIME
> CURL: 250-BINARYMIME
> CURL: 250-CHUNKING
> CURL: 250 SMTPUTF8
> CURL: STARTTLS
> CURL: 220 2.0.0 SMTP server ready
> CURL: EHLO XXXXXXXXXX-102
> CURL: 250-AM9P195CA0024.outlook.office365.com Hello [185.173.xxx.xxx]
> CURL: 250-SIZE 157286400
> CURL: 250-PIPELINING
> CURL: 250-DSN
> CURL: 250-ENHANCEDSTATUSCODES
> CURL: 250-AUTH LOGIN XOAUTH2
> CURL: 250-8BITMIME
> CURL: 250-BINARYMIME
> CURL: 250-CHUNKING
> CURL: 250 SMTPUTF8
> CURL: AUTH LOGIN
> CURL: 334 xxxxxxxxxxxxxxxx
> CURL: xxxxxxxxxxxxxxxxxxxxxx==
> CURL: 334 xxxxxxxxxxxxxxxx
> CURL: xxxxxxxxxxxxxxxxx=
> CURL: Operation timed out after 8002 milliseconds with 0 out of 0
> bytes received
> CURL: Closing connection 0
> CURL: schannel: shutting down SSL/TLS connection with
> smtp.office365.com port 25
> Error performing GET. Curl ec:28
> CURL Error Buffer content: Operation timed out after 8002
> milliseconds with 0 out of 0 bytes received
>
> It looks like only AUTH LOGIN XOAUTH2 is supported and the lib is
> trying AUTH LOGIN. This was answered with silence for > 8 seconds and
> then timed out.
>
> Is there some flag or option we need to turn on in libcurl to allow
> SMTP sending through such email server?
>
> I already found the CURLOPT_XOAUTH2_BEARER option, but to be honest I
> don't know the process to get the values needed. From where do I get a
> Bearer Token? Do I have to ask the customer on every sending for some
> token? Or is this some setting the customer enters like a username and
> I have to save and use it? How does this work?
If you're seeing it only on some accounts then maybe there's a setting
to shut it off. Google had a similar situation for a while and now on
most accounts they require the tokens for security since by using them
you can limit the scope of what can be accessed on the account.
I can't speak to MS but for Google there has to be some initial
interactive authentication (as in, a browser or something will open) on
the user's end where they are logged in to their account and authorize
access to an "app" registered beforehand (you can do this as a
developer) that can access specific scopes of the account (eg app can
only access gmail e-mail). Once the interactive auth is complete it
gives an access token (ephemeral) and a refresh token (use to get more
access tokens when they expire). Depending on how long the refresh token
will last you could use it to generate more access tokens.
I don't know of what library in C can do this. Once the interaction
phase is over you could work with the user's refresh token via libcurl
to request new access tokens via libcurl, if MS API allows it. For
Google I wrote some perl scripts that use curl to retrieve tokens [1].
[1]: https://github.com/jay/curl_google_oauth
-- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2023-09-27