Closed sinclairtarget closed 6 years ago
SMTP servers these days are allowing authentication ONLY from known client IP addresses. You likely need to login via the website from the Azure host. Not sure how you can do that, but that's the problem.
Yikes, okay. Thanks for the info though, I appreciate it. And thanks for putting together MailKit.
@sinclairtarget can you please share your solution? I'm stuck with the same issue
For Office 365 tenants, SMTP Auth is disabled by default https://docs.microsoft.com/en-us/exchange/mail-flow-best-practices/how-to-set-up-a-multifunction-device-or-application-to-send-email-using-microsoft-365-or-office-365. It can be enabled through the Admin Portal or PowerShell https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/authenticated-client-smtp-submission#use-exchange-online-powershell-to-enable-or-disable-smtp-auth-on-specific-mailboxes.
Enabling that for the mailbox solved the problem in our case.
@enosrecanati Thank you for the information
@sinclairtarget @BKB503 please how did you resolve this error, having same challenge
I'm hoping I'm missing something because we also had a person, who has their organization using Office 365, not be able to send email because "SMTP AUTH" is disabled by default for Office 365 and Microsoft 365 users.
According to Microsoft, "Virtually all modern email clients that connect to Exchange Online mailboxes in Office 365 or Microsoft 365 don't use SMTP AUTH to send email messages." https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/authenticated-client-smtp-submission
Naturally we are using OAuth to authenticate:
var oauth2 = new SaslMechanismOAuth2(authToken.Account.Username, authToken.AccessToken);
smtpClient.Connect("smtp.office365.com", 587, SecureSocketOptions.StartTls);
smtpClient.Authenticate(oauth2);
Is there a way to use MailKit and authenticate and send mail via Microsoft's Exchange that doesn't use "SMTP AUTH" so we don't receive this message "smtpclientauthentication is disabled for the tenant" because not everyone will be able to go and enable that setting in Microsoft 365 Admin Center?
@SunnysGlimpse The only alternative is to use the Microsoft Graph API which is 100% HTTP-based.
@SunnysGlimpse The only alternative is to use the Microsoft Graph API which is 100% HTTP-based.
Dang, okay. Thanks for the quick response!
Thanks for @enosrecanati to provide the 2 links but if someone still face it I will more detailed it exception message 1>> MailKit.Security.AuthenticationException: '535: 5.7.139 Authentication unsuccessful, SmtpClientAuthentication is disabled for the Mailbox. Visit https://aka.ms/smtp_auth_disabled for more information. [MI0P293CA0002.ITAP293.PROD.OUTLOOK.COM 2024-01-14T19:15:11.565Z 08DC125E8A42FE6C]' exception message 2>> MailKit.Security.AuthenticationException:'535: 5.7.139 Authentication unsuccessful, user is locked by your organization's security defaults policy. Contact your administrator. [MR1P264CA0199.FRAP264.PROD.OUTLOOK.COM 2024-01-14T18:42:43.060Z 08DC1447A698C0A2]
fix>> 1-set Authenticated SMTP to true in 2 places (specific mailbox in admin center and the organization )>> [https://admin.microsoft.com/ | https://admin.exchange.microsoft.com/ ]
1.1-for both 2 places, you can do it by GUI or Powershell, for more info>> https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/authenticated-client-smtp-submission#disable-smtp-auth-in-your-organization
1.2 power shell for specific mailbox >> Set-CASMailbox -Identity sean@contoso.com -SmtpClientAuthenticationDisabled $false 1.3 power shell for specific mailbox >> Set-TransportConfig -SmtpClientAuthenticationDisabled $false
the following is the not-obvious part that causes the second exception message 2 2-disable security defaults in one place >> https://entra.microsoft.com/#home ( previously was called Azure Active Directory ) 2.1-Sign in to the Microsoft Entra admin center as at least a [Security Administrator] 2.2-Browse to Identity > Overview > Properties. 2.3-Select Manage security defaults. 2.4-Set Security defaults to disabled. 2.5-Select Save.
2.6-for more info https://learn.microsoft.com/en-us/entra/fundamentals/security-defaults#enabling-security-defaults
What were you trying to do?
Send a short, HTML email via
smtp.office365.com:587
. Here is the MailKit invocation:The email sends successfully when the application is run locally.
When run in deployment (on a Windows 2008 R2 vm hosted in Azure), the following exception is thrown:
Given that the email sends successfully when run locally and that the application SMTP configuration is identical on our web server, I expected the email to send successfully on our web server too.
I can confirm via the output
smtp.log
that the username and password used to authenticate are definitely correct.Here is the
smtp.log
when run locally:Here is the
smtp.log
when run on our web server:I've redacted the username and password in both logs but I guarantee you they are identical.
Is there a reason that authentication could fail other than an incorrect username + password? Why should a change in the client make a difference?
Also, is it possible this has something to do with TLS? Given that the second
EHLO
succeeded in the web server's SMTP exchange, can I rule out TLS as the issue?Thanks for your time.