OWA admin won't allow davmail :(

[agenbite]

Hi! I've been trying to convince my employer (who recently shut down all IMAP support) to allow me to use davmail, and I haven't been successful so far. The best approach I've found has been to use Thunderbird and its Owl extension. However, there's something I don't really understand, and wanted to share with you here to see if you can help me get what's going on.

This Owl extension allows for Thunderbird to access OWA without requiring an authorisation from the admin. You just get a browser window with your company's usual login page, you do login and BAM, you're in. Thunderbird starts downloading your mail, calendars etc. So I wonder: what is this Owl extension doing differently from davmail and other utilities that do need authoristation to access Exchange servers? Of course my obvious second question is: would it be possible for davmail to do the same? As you can see, Owl is not floss, but the code is readable (by someone different from me, I'm illiterate wrt to that codebase).

What do you folks think?

[esabol]

DavMail can pretend to be Outlook if you put the following settings in your properties file:

davmail.oauth.clientId=d3590ed6-52b3-4102-aeff-aad2292ab01c
davmail.oauth.redirectUri=urn:ietf:wg:oauth:2.0:oob

(Caveat: I think that only works with certain davmail.mode settings, but I'm not sure.)

The Owl extension is probably doing something similar to that.

[mguessan]

Thanks @esabol for your quick and correct answer.

DavMail does work with custom clientIds, including the Outlook desktop one you mention, that happens to be allowed by default without admin consent.

The only tricky part is when using O365Manual: you go through the authentication in browser, however the last redirect is not to a http url but to the urn: url that is not supported by the browser, and appears as an error in the console and network tab in dev tools. With O365Interactive this last call is handled automatically.

[agenbite]

Thanks to both for your quick responses! However, I'm not having any success so far. I'm using the clientId and redirectUri suggested by @esabol with O365Interactive, and I'm getting this error:

2023-12-22 11:13:54,283 WARN  [AWT-EventQueue-0] davmail.exchange.auth.O365InteractiveAuthenticatorFrame  - Unable to register protocol handler
2023-12-22 11:14:14,423 ERROR [JavaFX Application Thread] davmail.exchange.auth.O365InteractiveAuthenticatorFrame  - java.lang.Throwable: Malformed URL Malformed URL

I take the urn is not properly parsed, right?

[esabol]

Not enough information. You need to create a wire debug log, I think. Put the following in your properties file:

log4j.logger.httpclient.wire=DEBUG
log4j.logger.org.apache.http.wire=DEBUG

Quit and restart the DavMail application. Then have your mail program connect to DavMail and try to authenticate again. DavMail will then create a detailed log of what it is doing. This log will be stored in a davmail.log file. By default, it will be located in DavMail's current working directory on Linux and Windows or in ~/Library/Logs/DavMail/davmail.log on macOS. (The location of this file can be customized with the Log File Path setting.) This log file might include information like your password and other account details that you should not share online. If you are confident you can remove those things from the davmail.log file, feel free to post the sanitized file here. Otherwise, send the log file to mguessan@free.fr along with the URL of this GitHub issue. I hope this helps!

[mguessan]

Same as ticket 320:

The key is there: Unable to register protocol handler

That's the interceptor for the urn: url

=> you have a recent java version, you need to allow access to internal java API with: --add-exports java.base/sun.net.www.protocol.https=ALL-UNNAMED

The winrun4j wrappers already include this, if you launch DavMail manually you need to include the option above in the command line

[agenbite]

Here's the log (same config as before):

2023-12-22 20:15:30,728 DEBUG [ImapConnection-50280] org.apache.http.conn.ssl.SSLConnectionSocketFactory  - Connecting socket to outlook.office365.com/52.98.200.178:443 with timeout 10000
2023-12-22 20:15:31,165 DEBUG [ImapConnection-50280] org.apache.http.conn.ssl.SSLConnectionSocketFactory  - Enabled protocols: [TLSv1, TLSv1.1, TLSv1.2]
2023-12-22 20:15:31,165 DEBUG [ImapConnection-50280] org.apache.http.conn.ssl.SSLConnectionSocketFactory  - Enabled cipher suites:[TLS_AES_256_GCM_SHA384, TLS_AES_128_GCM_SHA256, TLS_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
2023-12-22 20:15:31,166 DEBUG [ImapConnection-50280] org.apache.http.conn.ssl.SSLConnectionSocketFactory  - Starting handshake
2023-12-22 20:15:31,362 DEBUG [ImapConnection-50280] org.apache.http.conn.ssl.SSLConnectionSocketFactory  - Secure session established
2023-12-22 20:15:31,362 DEBUG [ImapConnection-50280] org.apache.http.conn.ssl.SSLConnectionSocketFactory  -  negotiated protocol: TLSv1.2
2023-12-22 20:15:31,363 DEBUG [ImapConnection-50280] org.apache.http.conn.ssl.SSLConnectionSocketFactory  -  negotiated cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
2023-12-22 20:15:31,368 DEBUG [ImapConnection-50280] org.apache.http.conn.ssl.SSLConnectionSocketFactory  -  peer principal: CN=outlook.com, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US
2023-12-22 20:15:31,368 DEBUG [ImapConnection-50280] org.apache.http.conn.ssl.SSLConnectionSocketFactory  -  peer alternative names: [*.clo.footprintdns.com, *.hotmail.com, *.internal.outlook.com, *.live.com, *.nrb.footprintdns.com, *.office.com, *.office365.com, *.outlook.com, *.outlook.office365.com, attachment.outlook.live.net, attachment.outlook.office.net, attachment.outlook.officeppe.net, attachments.office.net, attachments-sdf.office.net, ccs.login.microsoftonline.com, ccs-sdf.login.microsoftonline.com, hotmail.com, mail.services.live.com, office365.com, outlook.com, outlook.office.com, substrate.office.com, substrate-sdf.office.com]
2023-12-22 20:15:31,368 DEBUG [ImapConnection-50280] org.apache.http.conn.ssl.SSLConnectionSocketFactory  -  issuer principal: CN=DigiCert Cloud Services CA-1, O=DigiCert Inc, C=US
2023-12-22 20:15:31,374 DEBUG [ImapConnection-50280] org.apache.http.wire  - http-outgoing-0 >> "GET /EWS/Exchange.asmx HTTP/1.1[\r][\n]"
2023-12-22 20:15:31,374 DEBUG [ImapConnection-50280] org.apache.http.wire  - http-outgoing-0 >> "Host: outlook.office365.com[\r][\n]"
2023-12-22 20:15:31,374 DEBUG [ImapConnection-50280] org.apache.http.wire  - http-outgoing-0 >> "Connection: Keep-Alive[\r][\n]"
2023-12-22 20:15:31,374 DEBUG [ImapConnection-50280] org.apache.http.wire  - http-outgoing-0 >> "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36 Edg/90.0.818.49[\r][\n]"
2023-12-22 20:15:31,374 DEBUG [ImapConnection-50280] org.apache.http.wire  - http-outgoing-0 >> "Accept-Encoding: gzip,deflate[\r][\n]"
2023-12-22 20:15:31,375 DEBUG [ImapConnection-50280] org.apache.http.wire  - http-outgoing-0 >> "[\r][\n]"
2023-12-22 20:15:31,411 DEBUG [ImapConnection-50280] org.apache.http.wire  - http-outgoing-0 << "HTTP/1.1 401 Unauthorized[\r][\n]"
2023-12-22 20:15:31,412 DEBUG [ImapConnection-50280] org.apache.http.wire  - http-outgoing-0 << "Server: Microsoft-IIS/10.0[\r][\n]"
2023-12-22 20:15:31,412 DEBUG [ImapConnection-50280] org.apache.http.wire  - http-outgoing-0 << "request-id: 82247621-bb23-eb34-bcff-c65f29dd5195[\r][\n]"
2023-12-22 20:15:31,413 DEBUG [ImapConnection-50280] org.apache.http.wire  - http-outgoing-0 << "Alt-Svc: h3=":443",h3-29=":443"[\r][\n]"
2023-12-22 20:15:31,413 DEBUG [ImapConnection-50280] org.apache.http.wire  - http-outgoing-0 << "X-WSSecurity-Enabled: True[\r][\n]"
2023-12-22 20:15:31,413 DEBUG [ImapConnection-50280] org.apache.http.wire  - http-outgoing-0 << "X-WSSecurity-For: Logon[\r][\n]"
2023-12-22 20:15:31,414 DEBUG [ImapConnection-50280] org.apache.http.wire  - http-outgoing-0 << "X-FederationTrustTokenIssuerUri: urn:federation:MicrosoftOnline[\r][\n]"
2023-12-22 20:15:31,414 DEBUG [ImapConnection-50280] org.apache.http.wire  - http-outgoing-0 << "X-WSSecurity-SymmetricKey-Enabled: True[\r][\n]"
2023-12-22 20:15:31,415 DEBUG [ImapConnection-50280] org.apache.http.wire  - http-outgoing-0 << "X-WSSecurity-X509Cert-Enabled: True[\r][\n]"
2023-12-22 20:15:31,415 DEBUG [ImapConnection-50280] org.apache.http.wire  - http-outgoing-0 << "X-OAuth-Enabled: True[\r][\n]"
2023-12-22 20:15:31,415 DEBUG [ImapConnection-50280] org.apache.http.wire  - http-outgoing-0 << "X-FirstHopCafeEFZ: MRS[\r][\n]"
2023-12-22 20:15:31,416 DEBUG [ImapConnection-50280] org.apache.http.wire  - http-outgoing-0 << "X-FEProxyInfo: MR1P264CA0153.FRAP264.PROD.OUTLOOK.COM[\r][\n]"
2023-12-22 20:15:31,416 DEBUG [ImapConnection-50280] org.apache.http.wire  - http-outgoing-0 << "X-FEEFZInfo: MRS[\r][\n]"
2023-12-22 20:15:31,416 DEBUG [ImapConnection-50280] org.apache.http.wire  - http-outgoing-0 << "X-Powered-By: ASP.NET[\r][\n]"
2023-12-22 20:15:31,416 DEBUG [ImapConnection-50280] org.apache.http.wire  - http-outgoing-0 << "X-FEServer: MR1P264CA0153[\r][\n]"
2023-12-22 20:15:31,417 DEBUG [ImapConnection-50280] org.apache.http.wire  - http-outgoing-0 << "WWW-Authenticate: Basic Realm=""[\r][\n]"
2023-12-22 20:15:31,417 DEBUG [ImapConnection-50280] org.apache.http.wire  - http-outgoing-0 << "Date: Fri, 22 Dec 2023 19:15:30 GMT[\r][\n]"
2023-12-22 20:15:31,418 DEBUG [ImapConnection-50280] org.apache.http.wire  - http-outgoing-0 << "Content-Length: 0[\r][\n]"
2023-12-22 20:15:31,418 DEBUG [ImapConnection-50280] org.apache.http.wire  - http-outgoing-0 << "[\r][\n]"
2023-12-22 20:15:31,503 WARN  [ImapConnection-50280] davmail.Settings  - java.io.IOException: No such file or directory No such file or directory
2023-12-22 20:15:31,803 WARN  [AWT-EventQueue-0] davmail.exchange.auth.O365InteractiveAuthenticatorFrame  - Unable to register protocol handler
2023-12-22 20:16:04,097 ERROR [JavaFX Application Thread] davmail.exchange.auth.O365InteractiveAuthenticatorFrame  - java.lang.Throwable: Malformed URL Malformed URL
2023-12-22 20:16:04,771 ERROR [ImapConnection-50280] davmail.exchange.auth.O365InteractiveAuthenticator  - Authentication failed Malformed URL
2023-12-22 20:16:04,773 ERROR [ImapConnection-50280] davmail  - Authentication failed Malformed URL
davmail.exception.DavMailException: Authentication failed Malformed URL
    at davmail.exchange.auth.O365InteractiveAuthenticator.authenticate(O365InteractiveAuthenticator.java:203)
    at davmail.exchange.ExchangeSessionFactory.getInstance(ExchangeSessionFactory.java:182)
    at davmail.exchange.ExchangeSessionFactory.getInstance(ExchangeSessionFactory.java:93)
    at davmail.imap.ImapConnection.run(ImapConnection.java:155)
2023-12-22 20:16:04,783 WARN  [ImapConnection-50280] davmail.Settings  - java.io.IOException: No such file or directory No such file or directory
2023-12-22 20:16:05,059 ERROR [JavaFX Application Thread] davmail.exchange.auth.O365InteractiveAuthenticatorFrame  - java.lang.Throwable: Malformed URL Malformed URL
2023-12-22 20:16:05,789 ERROR [ImapConnection-50280] davmail.exchange.auth.O365InteractiveAuthenticator  - Authentication failed Malformed URL
2023-12-22 20:16:05,790 ERROR [ImapConnection-50280] davmail  - Authentication failed Malformed URL
davmail.exception.DavMailException: Authentication failed Malformed URL
    at davmail.exchange.auth.O365InteractiveAuthenticator.authenticate(O365InteractiveAuthenticator.java:203)
    at davmail.exchange.ExchangeSessionFactory.getInstance(ExchangeSessionFactory.java:182)
    at davmail.exchange.ExchangeSessionFactory.getInstance(ExchangeSessionFactory.java:93)
    at davmail.imap.ImapConnection.run(ImapConnection.java:128)

EDIT: I don't get what's about "No such file or directory". I'm on debian and I have a config file in ~/.davmail.properties

[agenbite]

I tried with that option in the command line and I get:

2023-12-23 11:50:18,817 ERROR [main] davmail.Settings  - java.base/sun.net.www.protocol.https=ALL-UNNAMED
2023-12-23 11:50:18,832 ERROR [main] davmail  - Unable to store settings: java.base/sun.net.www.protocol.https=ALL-UNNAMED

:-?

[agenbite]

I managed to connect with O365Manual!! Sooo happy! :)