1
SmarterMail: How to get mails from Outlook.com with Microsofts modern authentication?
Question asked by Stefan Mössner - 9/11/2024 at 11:36 PM
Answered
Hi all,

Microsoft will stop the authentication with username and password for Outlook.com. You need now an application that is supporting Microsofts modern authentication.

I have an Outlook.com account and I configured SmarterMail to download the mail messages from Outlook.com with POP3s and username and password. And I'm able to send mails per SMTPs. This won't work anymore.

So, my question is how to configure SmarterMail with using Microsofts modern authentication to be able to get and send mails via Outlook.com in the future?

Thank you and kind regards.

22 Replies

Reply to Thread
0
Stefan Mössner Replied
Hi all,


In SmarterMail there's no OAuth2 option available. I can only activate APOP. But I don't find any hints regarding compatibility of Outlook.com with APOP.

Kind regards
0
Stefan Mössner Replied
And one more hint for you: I'm not talking about M365 with Entra ID where you have to set up an application for OAuth!
0
Andrew Barker Replied
Employee Post Marked As Answer
SmarterMail already uses OAuth2 when configuring a Microsoft 365 or Outlook.com account for Message Retrieval, Email Migration, or External SMTP. Is there something specific you feel is missing?
Andrew Barker Software Developer SmarterTools Inc. www.smartertools.com
0
Stefan Mössner Replied
Andrew,

and how to configure this? Or do I see this in he log files?

Thank you.
0
Stefan Mössner Replied
Looking in the POP retrieval log, I can see that the authentication is PLAIN and I think that will be a problem after 16.09.2024:

00:15:55.061 [69] [xxx; outlook.office365.com:xxx@live.de] Processing started... [Account Size: 4650449098]
00:15:55.125 [69] [xxx; outlook.office365.com:xxx@live.de] [outlook.office365.com:xxx@live.de] Connection to 52.98.152.162 succeeded
00:15:55.128 [69] [xxx; outlook.office365.com:xxx@live.de] [outlook.office365.com:xxx@live.de] CMD: CAPA
00:15:55.138 [69] [xxx; outlook.office365.com:xxx@live.de] [outlook.office365.com:xxx@live.de] CMD: AUTH PLAIN
00:15:55.148 [69] [xxx; outlook.office365.com:xxx@live.de] [outlook.office365.com:xxx@live.de] CMD: {{PLAIN AUTH STRING}}
00:15:55.522 [69] [xxx; outlook.office365.com:xxx@live.de] [outlook.office365.com:xxx@live.de] CMD: STAT
00:15:55.601 [69] [xxx; outlook.office365.com:xxx@live.de] [outlook.office365.com:xxx@live.de] CMD: STAT
00:15:55.632 [69] [xxx; outlook.office365.com:xxx@live.de] [outlook.office365.com:xxx@live.de] CMD: QUIT
00:15:55.677 [69] [xxx; outlook.office365.com:xxx@live.de] Processing completed.
0
Stefan Mössner Replied
I found out that you set up some profiles for mail services. One of them is "Outlook.de". I deleted my old POP3s connection and created a new one with this profile. Then I had to accept SmarterMail as application for having access to the mails.

With this profile SmarterMail is using IMAPs and so there's now a separate log file for the IMAP retrieval. And here I find the following message:

20:07:16.310 [109] [xxx; outlook.office365.com:xxx@live.de] Could not authenticate with the server.
After some more testing with the settings I found out that the password field is only viewable when you edit the server address. I wondered that I haven't to set a password in the settings first but after adding something to the server address this field is viewable and I can put in my password. But the IMAPs retrieval is not working,. 

And what about sending mails via SMTPs? There's no profile for SMTPs connections.
0
Andrew Barker Replied
Employee Post
When configuring Email Retrieval or Mailbox Migration for an M365 or Outlook.com account, we recommend using the pre-defined configurations for those services. That said, if you want to use POP specifically, you can select the Other configuration. Once you put in one of the known Microsoft mail server addresses - outlook.office365.com, imap-mail.outlook.com, or pop-mail.outlook.com - the modal should adjust to hidethe password field. When you click save, the configuration should proceed through Microsoft's OAuth process.

Setting up an SMTP account for M365 or Outlook.com is similar to the Other process above. Once you put in a known Microsoft mail server address - in this case, outlook.office365.com or smtp-mail.outlook.com - the modal should adjust to hide the password field. Clicking save will then proceed through the OAuth process.

If you are encountering an error after configuring an M365 or Outlook.com account for Email Retrieval or as an SMTP account, please open a ticket and we will help you investigate the issue.
Andrew Barker Software Developer SmarterTools Inc. www.smartertools.com
0
Stefan Mössner Replied
Andrew,

thank you.

The retrieval is now working but after changing the retrieval with using the pre-defined configuration "Outlook.de" which is using IMAP, it isn't possible to switch back to POP retrieval. The authentication doesn't work.

SMTP is working, too. In the log file I see:

21:51:50.755 [92954264] RSP: 250-AUTH LOGIN XOAUTH2
So I think, that this is working as you described.

One disadvantage of IMAP is that the original send timestamp is overwritten by the timestamp of the mail retrieval.
0
Stefan Mössner Replied
I don't like the IMAP retrieval. It's creating more folders because it doesn't assign the folders "Deleted", "Archive", "Sent" etc. to the the corresponding folders in SmarterMail. And IMAP is synchronizing all folders and not only the inbox which is enough for me because I'm writing my mails in the webmail UI of SmarterMail and relaying them via Outlook.com. So I don't need the folder "Sent", "Deleted", "Archive" etc. synchronized.

And I see in the log that SmarterMail always synchronizes one message in "Inbox" and one message in "Sent". but it really doesn't. Now I deleted all messages in all folders in Outlook.com. This solved this issue.

Is there an option to configure the IMAP synchronization regarding folder assingment and selecting the folders to be synchronized?

Or how can I configure the POP retrieval with modern authentication which is the better option for me? As I've written earlier the POP connection doesn't work although I come to the authorization of the SmarterMail app in Outlook.com. But when saving the POP settings in SmarterMail the test of the authentication fails.
0
Andrew Barker Replied
Employee Post
I wasn't able to replicate the behavior you described. I recommend opening a ticket so that we can help you look into this further.
Andrew Barker Software Developer SmarterTools Inc. www.smartertools.com
0
Stefan Mössner Replied
Again, I have the free edition running so I'm not able to open a ticket.

So, I'm asking once more: Is there an option to configure the IMAP synchronization regarding folder assingment and selecting the folders to be synchronized?

Or how can I configure the POP retrieval with modern authentication which is the better option for me? As I've written earlier the POP connection doesn't work although I come to the authorization of the SmarterMail app in Outlook.com. But when saving the POP settings in SmarterMail the test of the authentication fails.
0
Stefan Mössner Replied
And after each reboot of the server I have to recreate the authentication token?

Now, after a server reboot, I tried POP retrieval once again and after verifying the SmarterMail app in Outlook.com the POP retrieval is now working.
0
Stefan Mössner Replied
And today, the POP retrieval doesn't work anymore because SmarterMail tries with plain authentication instead of the modern authentication with the token. Going back to IMAP the retrieval is working with all the already described disadvantages of IMAP.
0
Andrew Barker Replied
Employee Post
You shouldn't need to reauthenticate the account when the server restarts. The behavior you describe sounds like something is interfering with the user's settings.json file. Do you have any other software that might be touching the settings.json file, such as antivirus or backup software? If you do, it is likely that there is a conflict at some point when trying to access the file, causing SmarterMail to revert to an archived copy of the account that was set up to use password authentication.
Andrew Barker Software Developer SmarterTools Inc. www.smartertools.com
0
Stefan Mössner Replied
The settings.json file is often accessed by SmarterMail and so I don't understand why it should now be problem with the modern authentication of Microsofts Outlook.com. And when I see it right, there's a auth-tokens.sbin file where the token is saved.

And why is this no problem when using IMAP? Here I can confirm that there's no need to reauthenticate.

And where is the fault back saved? I deleted all old settings in SmarterMail because they don't work anymore.

Actually POP with modern authentication doesn't work anymore but IMAP does.
0
Andrew Barker Replied
Employee Post
The auth-tokens.sbin file is unrelated to the retrieval accounts. It's used to help validate tokens issued by SmarterMail.

As with other user data, the settings.json file is backed up in the user's Archived Data folder. If this is an issue with other software accessing settings.json, that can cause file corruption and locking issues at inconsistent times. It's also possible that the antivirus is finding issues with the POP auth tokens specifically.

If you have antivirus software on your SmarterMail server, please make sure the appropriate exclusions have been added. This KB article describes the recommended exclusions:
https://portal.smartertools.com/kb/a3249/microsoft-defender-antivirus-and-virus-scanner-exceptions.aspx
Andrew Barker Software Developer SmarterTools Inc. www.smartertools.com
0
Stefan Mössner Replied
I already have excluded complete folders:


And I'm asking once again why this works with IMAP without any problems but not with POP? When the AV software is the cause of the issue then IMAP shouldn't work either.
0
Have you opened the ports in your firewall for pop??
0
Stefan Mössner Replied
Yes, I have. I'm retrieving mails via POP from other mail service provider, too.
0
Andrew Barker Replied
Employee Post
Stefan,

The only other idea I have is to ensure that POP is enabled on your Microsoft account. Since you previously stated that you have an Outlook.com address, you should be able to follow the steps on the page below under "Enable POP or IMAP access in Outlook.com" to ensure that POP is enabled on your account.


As stated earlier, our internal testing for mail retrieval from M365 and Outlook.com, using both IMAP and POP, has not shown any of the issues you are encountering. Without being able to replicate the behavior you are reporting, it's extremely difficult to track down the cause.
Andrew Barker Software Developer SmarterTools Inc. www.smartertools.com
0
Stefan Mössner Replied
Yes, it's enabled:


And as already written last weekend I had POP working with modern authentication for about 24 hours. But after a reboot of my server it stopped working as it tried to access with plain auhenticaion instead of modern authentication.
1
Andrew Barker Replied
Employee Post
Based on the behavior you are seeing, I am fairly certain that the issue is due to some sort of lock conflict or file corruption. I know you previously indicated that Microsoft Defender has the proper exclusions, but we have seen some cases recently where Defender was not respecting the exclusions. That can cause locking conflicts and file corruption, which would explain the behavior you are seeing.

With that in mind, it might be worth disabling Defender and then configuring the POP account. If that doesn't help, then I recommend using something like procmon to see if any other software is touching SmarterMail's files.
Andrew Barker Software Developer SmarterTools Inc. www.smartertools.com

Reply to Thread