curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

RE: office365 smtp auth issue

From: Randall via curl-library <curl-library_at_lists.haxx.se>
Date: Fri, 29 Sep 2023 02:19:51 -0400

On Thursday, September 28, 2023 3:03 AM, Volker Schmid wrote:
>Am 27.09.23 um 23:37 schrieb Ray Satiro via curl-library:
>> On 9/25/2023 9:59 AM, Volker Schmid via curl-library wrote:
>>> we are using libcurl in version 7.71.1 (32 bit) on Windows to send
>>> email using SMTP. The login fails to some customers office365.com
>>> server. Here is the log. I replaced some sensitive information with
>>> xxxxxxx, please apologise.
>>>
>>> CURL: Trying 52.97.201.114:25...
>>> CURL: Connected to smtp.office365.com (52.97.201.114) port 25
>>> (#0)
>>> CURL: 220 AM9P195CA0024.outlook.office365.com Microsoft ESMTP
>>> MAIL Service ready at Thu, 21 Sep 2023 13:58:47 +0000
>>> CURL: EHLO XXXXXXXXXX-102
>>> CURL: 250-AM9P195CA0024.outlook.office365.com Hello
>>> [185.173.180.160]
>>> CURL: 250-SIZE 157286400
>>> CURL: 250-PIPELINING
>>> CURL: 250-DSN
>>> CURL: 250-ENHANCEDSTATUSCODES
>>> CURL: 250-STARTTLS
>>> CURL: 250-8BITMIME
>>> CURL: 250-BINARYMIME
>>> CURL: 250-CHUNKING
>>> CURL: 250 SMTPUTF8
>>> CURL: STARTTLS
>>> CURL: 220 2.0.0 SMTP server ready
>>> CURL: EHLO XXXXXXXXXX-102
>>> CURL: 250-AM9P195CA0024.outlook.office365.com Hello
>>> [185.173.xxx.xxx]
>>> CURL: 250-SIZE 157286400
>>> CURL: 250-PIPELINING
>>> CURL: 250-DSN
>>> CURL: 250-ENHANCEDSTATUSCODES
>>> CURL: 250-AUTH LOGIN XOAUTH2
>>> CURL: 250-8BITMIME
>>> CURL: 250-BINARYMIME
>>> CURL: 250-CHUNKING
>>> CURL: 250 SMTPUTF8
>>> CURL: AUTH LOGIN
>>> CURL: 334 xxxxxxxxxxxxxxxx
>>> CURL: xxxxxxxxxxxxxxxxxxxxxx==
>>> CURL: 334 xxxxxxxxxxxxxxxx
>>> CURL: xxxxxxxxxxxxxxxxx=
>>> CURL: Operation timed out after 8002 milliseconds with 0 out of 0
>>> bytes received
>>> CURL: Closing connection 0
>>> CURL: schannel: shutting down SSL/TLS connection with
>>> smtp.office365.com port 25
>>> Error performing GET. Curl ec:28
>>> CURL Error Buffer content: Operation timed out after 8002
>>> milliseconds with 0 out of 0 bytes received
>>>
>>> It looks like only AUTH LOGIN XOAUTH2 is supported and the lib is
>>> trying AUTH LOGIN. This was answered with silence for > 8 seconds and
>>> then timed out.
>>>
>>> Is there some flag or option we need to turn on in libcurl to allow
>>> SMTP sending through such email server?
>>>
>>> I already found the CURLOPT_XOAUTH2_BEARER option, but to be honest I
>>> don't know the process to get the values needed. From where do I get
>>> a Bearer Token? Do I have to ask the customer on every sending for
>>> some token? Or is this some setting the customer enters like a
>>> username and I have to save and use it? How does this work?
>>
>>
>> If you're seeing it only on some accounts then maybe there's a setting
>> to shut it off. Google had a similar situation for a while and now on
>> most accounts they require the tokens for security since by using them
>> you can limit the scope of what can be accessed on the account.
>>
>> I can't speak to MS but for Google there has to be some initial
>> interactive authentication (as in, a browser or something will open)
>> on the user's end where they are logged in to their account and
>> authorize access to an "app" registered beforehand (you can do this as
>> a
>> developer) that can access specific scopes of the account (eg app can
>> only access gmail e-mail). Once the interactive auth is complete it
>> gives an access token (ephemeral) and a refresh token (use to get more
>> access tokens when they expire). Depending on how long the refresh
>> token will last you could use it to generate more access tokens.
>>
>> I don't know of what library in C can do this. Once the interaction
>> phase is over you could work with the user's refresh token via libcurl
>> to request new access tokens via libcurl, if MS API allows it. For
>> Google I wrote some perl scripts that use curl to retrieve tokens [1].
>>
>>
>> [1]: https://github.com/jay/curl_google_oauth
>>
>
>Thank you Ray, that was helpful. I just found some small examples calling these
>URLs. But if I let the user open some URL, how do I get the result? Webbrowsers
>usually don't tell me the results of opening a URL. I'm confused. Theremust be some
>API that I have to call for sure.
>
>Until now, I only have email address, password and smtp mailserver. This is
>provided by the user. The thing is, I should open some URL now. But what URL is to
>be used for the token? Microsoft for sure uses other URLs than Google and others.
>But the mailserver neither tells me the URL nor do I get it from somewhere else? The
>user don't knows it either. Maybe it is derived from the domain part of the email
>address? Is there a standard RFC that I can refer to for learning this?

Office365 uses SMTP host smtp-mail.outlook.com, port 587, and STARTTLS encryption. As far as I know, it does not listen on port 25.

Regards,
Randall

-- 
Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library
Etiquette:   https://curl.se/mail/etiquette.html
Received on 2023-09-29