Error sending email through O365

[alwaysdns]

I can't send emails through my O365 account (which is new to me in the past 3 weeks). I tried deleting the autopkgr email keychain item but I can't seem to authenticate to that (even though I'm the only user on the computer).

AutoPkgr v1.4.1 (1308) smtp server: outlook.office365.com, port 587, Use SSL checked These are the related log entries:

5/18/16 3:45:19.412 PM com.lindegroup.AutoPkgr.helper[83644]:  securityd_message_with_reply_sync Failed to talk to secd after 4 attempts.
5/18/16 3:45:19.412 PM com.lindegroup.AutoPkgr.helper[83644]:  SecOSStatusWith error:[-25291] The operation couldn’t be completed. (com.apple.security.xpc error 3 - <connection: 0x7fdf6b50ed20> { name = com.apple.securityd.xpc, listener = false, pid = 0, euid = 4294967295, egid = 4294967295, asid = 4294967295 }: Connection invalid)
5/18/16 3:45:19.455 PM com.lindegroup.AutoPkgr.helper[83644]: Sending keychain key to AutoPkgr.
5/18/16 3:45:19.495 PM secd[87800]:  securityd_xpc_dictionary_handler AutoPkgr[83642] copy_matching The operation couldn’t be completed. (OSStatus error -34018 - client has neither application-identifier nor keychain-access-groups entitlements)
5/18/16 3:45:19.496 PM AutoPkgr[83642]:  SecOSStatusWith error:[-34018] The operation couldn’t be completed. (OSStatus error -34018 - Remote error : The operation couldn‚Äôt be completed. (OSStatus error -34018 - client has neither application-identifier nor keychain-access-groups entitlements))
5/18/16 3:45:19.609 PM com.lindegroup.AutoPkgr.helper[83644]:  securityd_message_with_reply_sync Failed to talk to secd after 4 attempts.
5/18/16 3:45:19.609 PM com.lindegroup.AutoPkgr.helper[83644]:  SecOSStatusWith error:[-25291] The operation couldn’t be completed. (com.apple.security.xpc error 3 - <connection: 0x7fdf6b50ed20> { name = com.apple.securityd.xpc, listener = false, pid = 0, euid = 4294967295, egid = 4294967295, asid = 4294967295 }: Connection invalid)
5/18/16 3:45:19.632 PM com.lindegroup.AutoPkgr.helper[83644]: Sending keychain key to AutoPkgr.
5/18/16 3:45:19.663 PM secd[87800]:  securityd_xpc_dictionary_handler AutoPkgr[83642] copy_matching The operation couldn’t be completed. (OSStatus error -34018 - client has neither application-identifier nor keychain-access-groups entitlements)
5/18/16 3:45:19.663 PM AutoPkgr[83642]:  SecOSStatusWith error:[-34018] The operation couldn’t be completed. (OSStatus error -34018 - Remote error : The operation couldn‚Äôt be completed. (OSStatus error -34018 - client has neither application-identifier nor keychain-access-groups entitlements))
5/18/16 3:45:30.139 PM AutoPkgr[83642]: Error sending email: Error Domain=MCOErrorDomain Code=30 "An error occurred while sending the message." UserInfo=0x618000c61c40 {NSLocalizedDescription=An error occurred while sending the message.}

Thanks!

[homebysix]

I am able to reproduce this issue on my own O365 instance, with SMTP server: smtp.office365.com, port 587, SSL enabled. I think this is the relevant log entry:

7/11/16 12:26:58.999 PM AutoPkgr[99704]: Error sending email: Error Domain=MCOErrorDomain Code=30 "An error occurred while sending the message." UserInfo={NSLocalizedDescription=An error occurred while sending the message.}

I don't have the knowledge needed to dig deep into this one. If anybody is familiar with MailCore2, please feel free to offer suggestions!

[alwaysdns]

port 587 requires TLS. If you want to use SSL, port 995 is the one to use. Unfortunately, that gives the error message that it's an unstable connection and still won't send the mail.

[jelockwood]

I wonder if the following or similar is relevant.

https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/deprecation-of-basic-authentication-exchange-online

Microsoft are now expecting all users to use 'modern' authentication. Apple Mail as example does support this and you can see if and when needed Mail show a full-blown Microsoft login complete with and redirects to Okta or similar tools.

AutoPkgr on the other hand does none of this. It has no option to show a web session via which such logins are done.

Some email servers allow generating per-app passwords to get round this but I don't believe Microsoft supports that.

[jelockwood]

I am able to reproduce this issue on my own O365 instance, with SMTP server: smtp.office365.com, port 587, SSL enabled. I think this is the relevant log entry:

7/11/16 12:26:58.999 PM AutoPkgr[99704]: Error sending email: Error Domain=MCOErrorDomain Code=30 "An error occurred while sending the message." UserInfo={NSLocalizedDescription=An error occurred while sending the message.}

I don't have the knowledge needed to dig deep into this one. If anybody is familiar with MailCore2, please feel free to offer suggestions!

@homebysix

We have just migrated to Microsoft 365 and as per the original message posted by @alwaysdns , I am now hitting what I presume is the same problem in that AutoPkgr 1.6 is unable to authenticate to Microsoft 365 and hence unable to send email notifications.

As per my previous reply in April 2023, I believe this is because Microsoft 365 no longer supports basic aka password authentication and now requires 'modern' aka Oauth2 based authentication.

If you setup an email account in Apple Mail with Microsoft 365 you will see that it opens a mini webpage via which you authenticate to Microsoft, this is the same web based authentication page you see in other logins to Microsoft services.

It used to be that you could still get Microsoft 365 to create a 'per app' based authentication password to get the equivalent of the old style password based login but this has now been completely discontinued by Microsoft as part of moving to 'modern' security.

Note: One additional feature that the move to 'modern' authentication provides is the ability to use 2FA/MFA authentication as well including for email accounts. Microsoft do currently at least allow disabling this so for automated systems like AutoPkgr where this might be a hassle you can disable this as a requirement. I can therefore say this 2FA aspect is NOT the cause of any AutoPkgr issues.

Since Apple Mail on Mac has for years supported this 'modern' authentication mechanism with Microsoft 365 would this mean you could update AutoPkgr to use the same APIs and hence support the same modern authentication?