search

OfflineIMAP / offlineimap3

Read/sync your IMAP mailboxes (python3)
Other
454 stars 64 forks source link

IMAP with outlook.office365.com and XOAUTH2 fails since 18-Feb-2024 with `command LIST illegal in state NONAUTH` #187

Open weisslj opened 8 months ago

weisslj commented 8 months ago

Bug description

Since around 18-Feb-2024 fetching email with offlineimap via IMAP from my work account outlook.office365.com via XOAUTH2 fails with command LIST illegal in state NONAUTH. Nothing was changed on my laptop as far as I know, and also not on the remote side according to our administrators. Accessing via mutt, thunderbird, and mbsync still works!

First I thought this is related to the changed Thunderbird client ID from 08162f7c-0fd2-4200-a84a-f25a4db0b584 to 9e5f94bc-e8a4-4e73-b8be-63364c29d753, but that does not seem to be the case!

General informations

Configuration file offlineimaprc

[general]
accounts = work
pythonfile = ~/.offlineimap.py

[Account work]
localrepository = work-Local
remoterepository = work-Remote

[Repository work-Local]
type = Maildir
localfolders = ~/mail/work
sep = /

[Repository work-Remote]
type = IMAP
ssl = yes
sslcacertfile = /etc/ssl/certs/ca-certificates.crt
auth_mechanisms = XOAUTH2
oauth2_request_url = https://login.microsoftonline.com/common/oauth2/v2.0/token
# from https://hg.mozilla.org/comm-central/file/tip/mailnews/base/src/OAuth2Providers.jsm
oauth2_client_id = 9e5f94bc-e8a4-4e73-b8be-63364c29d753
oauth2_client_secret = 
# via https://github.com/UvA-FNWI/M365-IMAP
oauth2_refresh_token_eval = keyring.get_password('offlineimap-refresh-token', 'mymail@mycompany.com')
remotehost = outlook.office365.com
remoteuser = mymail@mycompany.com
remotepasseval = keyring.get_password('offlineimap', 'mymail@mycompany.com')
createfolders = no

pythonfile (if any)

import keyring

Logs, error

OfflineIMAP 8.0.0
  Licensed under the GNU GPL v2 or any later version (with an OpenSSL exception)
imaplib2 v3.06, Python v3.11.2, OpenSSL 3.0.11 19 Sep 2023
Account sync work:
 *** Processing account work
 Establishing connection to outlook.office365.com:993 (work-Remote)
 ERROR: While attempting to sync account 'work'
  command LIST illegal in state NONAUTH
 *** Finished account 'work' in 0:00
 ERROR: Exceptions occurred during the run!
 ERROR: While attempting to sync account 'work'
  imaplib2.imaplib2.IMAP4.error: command LIST illegal in state NONAUTH
filipe3x commented 1 month ago

Asking for help as well. outlook.office365.com stopped working here since 23 september

weisslj commented 1 month ago

@filipe3x sadly I never managed to get it running with offlineimap, but I got it running with mbsync (from isync) and mutt_oauth2.py, here is my ~/.mbsyncrc, I hope that helps! If not, feel free to contact me privately for help!

IMAPAccount mycompany
Host outlook.office365.com
User weisslj@mycompany.com
SSLType IMAPS
CertificateFile /etc/ssl/certs/ca-certificates.crt
AuthMechs XOAUTH2
PassCmd "mutt_oauth2.py weisslj@mycompany.com.tokens"

IMAPStore mycompany-remote
Account mycompany

MaildirStore mycompany-local
# note trailing slash
Path ~/mail/mycompany/
Inbox ~/mail/mycompany/INBOX
# use subfolders and not weird dot-folders
Subfolders Verbatim

Channel mycompany
Far :mycompany-remote:
Near :mycompany-local:
# include everything
Patterns *
# create new folders only locally
Create Near
# enable this only after everything seems to work
Expunge Both
# save sync state inside local maildir folder
SyncState *

But I would very much return to offlineimap (as I use this for my non-work mailserver).

filipe3x commented 1 month ago

Hi weisslj I got offlineimap to work by a rather complicated work around. See the final answers here: https://github.com/simonrob/email-oauth2-proxy/issues/297

And my ~/.offlineimaprc configuration

` [Repository Outlook365-Remote] type = IMAP remotehost = 127.0.0.1 remoteport = 1993 remoteuser = filipe.it@outlook.pt ssl = no folderfilter = lambda foldername: foldername in ['Receipts'] auth_mechanisms = PLAIN remotepass = xxxxxxxx sslcacertfile = /etc/ssl/certs/ca-certificates.crt realdelete = no

`