Back to Community Threads
1
Problem with Office365 for MAC
Problem reported by BMark - 12/9/2024 at 8:38 AM
Submitted
Hello,

installing an account on Office 365 for MAC (latest version) even with simple IMAP, when you enter the email address (only the address is requested) to perform the check via autodiscover, this causes the IDS block to be activated,

Analyzing the logs it seems that Microsoft tries to access the autodiscover without password and user, but with only the domain and therefore it is blocked:

[2024.12.09] 15:47:13.901 [xxx.xxx.xxx.xxx] Autodiscover NTLM; AuthenticateMessage; User not found [@domain-nnn.com] [TlRMTVNTUAADAAAAGAAYAEAAAAAaARoBWAAAAAAAAAAAAAAAAAAAAHIBAAAWABYAcgEAAAAAAAAAAAAABYIIAPzdP7Aok9ffxlO1lHJaCFV9P8bpbkBkNndmxTIYFtKQSY6YcHd/nUIBAQAAAAAAAEDoDDxJStsBfT/G6W5AZDYAAAAAAgAmAE8ATgBMAEkATgBFAC0AUwBFAFIAVgBFAFIALgBDAEwATwBVAEQAAQAWAEIASQBOAEUAUgBHAFkATQBBAEkATAAEACYAbwBuAGwAaQBuAGUALQBzAGUAcgB2AGUAcgAuAGMAbABvAHUAZAADAD4AQgBJAE4ARQBSAEcAWQBNAEEASQBMAC4AbwBuAGwAaQBuAGUALQBzAGUAcgB2AGUAcgAuAGMAbABvAHUAZAAFACYAbwBuAGwAaQBuAGUALQBzAGUAcgB2AGUAcgAuAGMAbABvAHUAZAAHAAgA9S4UPElK2wEAAAAAAAAAAFcATwBSAEsAUwBUAEEAVABJAE8ATgA=]
[2024.12.09] 15:47:13.901 [xxx.xxx.xxx.xxx] Autodiscover NtlmAuthenticate Login failed: NTLM; AuthenticateMessage; User not found [@domain-nnn.com].
[2024.12.09] 15:47:14.081 [xxx.xxx.xxx.xxx] Autodiscover NTLM; AuthenticateMessage; User not found [@domain-nnn.com] [TlRMTVNTUAADAAAAGAAYAEAAAAAaARoBWAAAAAAAAAAAAAAAAAAAAHIBAAAWABYAcgEAAAAAAAAAAAAABYIIAKXs3UjWXi3SMRERWfQELVN5qD6SeJgmDspyTYHyzyYrYwj4ADBy0JMBAQAAAAAAABCLKDxJStsBeag+kniYJg4AAAAAAgAmAE8ATgBMAEkATgBFAC0AUwBFAFIAVgBFAFIALgBDAEwATwBVAEQAAQAWAEIASQBOAEUAUgBHAFkATQBBAEkATAAEACYAbwBuAGwAaQBuAGUALQBzAGUAcgB2AGUAcgAuAGMAbABvAHUAZAADAD4AQgBJAE4ARQBSAEcAWQBNAEEASQBMAC4AbwBuAGwAaQBuAGUALQBzAGUAcgB2AGUAcgAuAGMAbABvAHUAZAAFACYAbwBuAGwAaQBuAGUALQBzAGUAcgB2AGUAcgAuAGMAbABvAHUAZAAHAAgABYIxPElK2wEAAAAAAAAAAFcATwBSAEsAUwBUAEEAVABJAE8ATgA=]
...
...
[2024.12.09] 15:47:31.029 [IpBruteForceDetector] [xxx.xxx.xxx.xxx] Added to IDS block list for violating rule Type: Password Brute Force by IP, Description: Default Brute Force by IP rule

All the configurations for domain autodiscover were done according to the SM guide and are accessible:

  1. In a browser, navigate to https://mail.your-domain.com. This should resolve successfully to the SmarterMail web interface and without SSL or other errors. 
  2. Navigate to https://autodiscover.your-domain.com. This should resolve successfully to the SmarterMail web interface and without SSL or other errors. 
  3. Navigate to https://your-domain.com/autodiscover/autodiscover.xml. These requests should be redirected to https://mail.your-domain.com/autodiscover/autodiscover.xml so that SmarterMail handles the request. 
  4. Check DNS for your-domain.com. It should contain an SRV record that references mail.your-domain.com on port 443 to avoid certificate errors due to hostname mismatches and the like.

This problem seems to be only in Office365 for MAC, where there seems to be no initial option "configure manually"

Is this happening to anyone?
Are there any solutions?

(SM v.9056)

Mark
Back to Community Threads

Reply to Thread

Related Knowledge Base Articles

Overview of EAS vs. MAPI & EWS vs. IMAPSmarterMail > Desktop and Mobile Synchronization
How to Setup Microsoft 365 (Office) Accounts in SmarterTrack Using OAuthSmarterTrack > Installation and Configuration
SMTP Settings for Microsoft 365 (Office) and GmailSmarterTrack > Installation and Configuration
Outlook 2016 for Office 365 and AutodiscoverSmarterMail > Desktop and Mobile Synchronization
Migrate a Mailbox From Microsoft 365 (Office) to SmarterMailSmarterMail > Domain/User Configuration and Management