Closed TechBrain64 closed 1 year ago
simonrob
commented
1 year ago I haven't tested the proxy in that configuration, but it should work in all cases where you'd expect a normal SMTP service to work. It simply passes through all communication except for the OAuth 2.0 aspects.
TechBrain64
commented
1 year ago @simonrob My initial deployment is not yielding expected results. Execution of the script does yield the system tray icon, but never renders the Azure credentials webpage pop-up. I’m attempting to use proxy on a Windows Server with IIS SMTP relay host using the following configurations.
• Windows Server 2016 • Python for Windows 3.8.10 x64 # chosen for compatibility after reading posts in issues • PIP 21.1.1 # see screenshot for package verions • Exchange Online Shared Mailbox # my user mailbox has delegated membership
emailproxy.config File: [SMTP-1587] server_address = smtp.office365.com server_port = 587 starttls = True
[SMTPAuthSvc@sharedmailbox.domain]
permission_url = https://login.microsoftonline.com/
[emailproxy] delete_account_token_on_password_error = False encrypt_client_secret_on_first_use = True allow_catch_all_accounts = False
==== I’d really like to get this working as I believe it will be beneficial to others. Questions:
Here are some screenshots:
simonrob
commented
1 year ago
- What do you think is preventing the Azure login pop-up?
To diagnose this it's best to start the proxy in debug mode – see the Troubleshooting section of the readme. Once you've done this, post the log file here. For now, based on the terminal screenshot, I would assume that you haven't actually made any SMTP requests. The proxy can only authorise your accounts once there is activity for it to intercept.
- Is there a requirement to provide all 3 oauth scopes/permissions? Or can I just use SMTP.send?
You only need SMTP, not IMAP if you don't plan to use that protocol. But if you don't provide offline_access then you'll get authentication requests very often. See the details and discussion in the example configuration file.
- I have the redirect_url set to http://localhost/ both in config and App Registration, is this correct?
Yes.
- I’ve come across docs and videos where others used Powershell to configure Exchange. Is it required?
Not normally unless you're using a more specialised configuration.
TechBrain64
commented
1 year ago @simonrob
Running my SMTP Relay with a number of small config changes would not yielded any additional logging with EO2P in debug mode. So I decided to use a tool called Simple SMTP Client to trigger sending test messages. Sending test to port 25 of the relay also yielded no results. However once I sent test to port 1587 of relay host, this was the output.
FYI: the emailproxy.log file did not capture some of these details:
python emailproxy.py --debug
2023-05-31 20:03:33: Initialising Email OAuth 2.0 Proxy (version 2023-05-18) from config file C:\Program Files\email-oauth2-proxy-main\emailproxy.config
2023-05-31 20:03:33: Starting SMTP server at localhost:1587 (unsecured) proxying smtp.office365.com:587 (STARTTLS)
2023-05-31 20:03:33: Initialised Email OAuth 2.0 Proxy - listening for authentication requests. Connect your email client to begin
2023-05-31 20:06:52: New incoming connection to SMTP server at localhost:1587 (unsecured) proxying smtp.office365.com:587 (STARTTLS)
2023-05-31 20:06:52: Accepting new connection to SMTP server at localhost:1587 (unsecured) proxying smtp.office365.com:587 (STARTTLS) via ('::1', 51978, 0, 0)
2023-05-31 20:06:52: SMTP (localhost:1587; ::1:51978->smtp.office365.com:587) --> [ Client connected ]
2023-05-31 20:06:52: SMTP (localhost:1587; ::1:51978->smtp.office365.com:587) <-- b'220 DM6PR07CA0101.outlook.office365.com Microsoft ESMTP MAIL Service ready at Thu, 1 Jun 2023 01:06:52 +0000\r\n'
2023-05-31 20:06:52: SMTP (localhost:1587; ::1:51978->smtp.office365.com:587) <-- b'220 DM6PR07CA0101.outlook.office365.com Microsoft ESMTP MAIL Service ready at Thu, 1 Jun 2023 01:06:52 +0000\r\n'
2023-05-31 20:06:52: SMTP (localhost:1587; ::1:51978->smtp.office365.com:587) --> b'EHLO MAIL\r\n'
2023-05-31 20:06:52: SMTP (localhost:1587; ::1:51978->smtp.office365.com:587) --> b'EHLO MAIL\r\n'
2023-05-31 20:06:52: SMTP (localhost:1587; ::1:51978->smtp.office365.com:587) <-- b'250-DM6PR07CA0101.outlook.office365.com Hello [MY-PUBLIC-WAN-IP]\r\n'
2023-05-31 20:06:52: SMTP (localhost:1587; ::1:51978->smtp.office365.com:587) <-- b'250-SIZE 157286400\r\n'
2023-05-31 20:06:52: SMTP (localhost:1587; ::1:51978->smtp.office365.com:587) <-- b'250-PIPELINING\r\n'
2023-05-31 20:06:52: SMTP (localhost:1587; ::1:51978->smtp.office365.com:587) <-- b'250-DSN\r\n'
2023-05-31 20:06:52: SMTP (localhost:1587; ::1:51978->smtp.office365.com:587) <-- b'250-ENHANCEDSTATUSCODES\r\n'
2023-05-31 20:06:52: SMTP (localhost:1587; ::1:51978->smtp.office365.com:587) <-- b'250-STARTTLS\r\n'
2023-05-31 20:06:52: SMTP (localhost:1587; ::1:51978->smtp.office365.com:587) <-- b'250-8BITMIME\r\n'
2023-05-31 20:06:52: SMTP (localhost:1587; ::1:51978->smtp.office365.com:587) <-- b'250-BINARYMIME\r\n'
2023-05-31 20:06:52: SMTP (localhost:1587; ::1:51978->smtp.office365.com:587) <-- b'250-CHUNKING\r\n'
2023-05-31 20:06:52: SMTP (localhost:1587; ::1:51978->smtp.office365.com:587) <-- b'250 SMTPUTF8\r\n'
2023-05-31 20:06:52: SMTP (localhost:1587; ::1:51978->smtp.office365.com:587) --> b'STARTTLS\r\n'
2023-05-31 20:06:52: SMTP (localhost:1587; ::1:51978->smtp.office365.com:587) <-- b'220 2.0.0 SMTP server ready\r\n'
2023-05-31 20:06:52: SMTP (localhost:1587; ::1:51978->smtp.office365.com:587) <-> [ Starting TLS handshake ]
2023-05-31 20:06:52: SMTP (localhost:1587; ::1:51978->smtp.office365.com:587) [ Successfully negotiated SMTP STARTTLS connection - re-sending greeting ]
2023-05-31 20:06:52: SMTP (localhost:1587; ::1:51978->smtp.office365.com:587) --> b'EHLO MAIL\r\n'
2023-05-31 20:06:52: SMTP (localhost:1587; ::1:51978->smtp.office365.com:587) <-> [ TLSv1.3 handshake complete ]
2023-05-31 20:06:53: SMTP (localhost:1587; ::1:51978->smtp.office365.com:587) <-- b'250-DM6PR07CA0101.outlook.office365.com Hello [MY-PUBLIC-WAN-IP]\r\n'
2023-05-31 20:06:53: SMTP (localhost:1587; ::1:51978->smtp.office365.com:587) <-- b'250-DM6PR07CA0101.outlook.office365.com Hello [MY-PUBLIC-WAN-IP]\r\n'
2023-05-31 20:06:53: SMTP (localhost:1587; ::1:51978->smtp.office365.com:587) <-- b'250-SIZE 157286400\r\n'
2023-05-31 20:06:53: SMTP (localhost:1587; ::1:51978->smtp.office365.com:587) <-- b'250-SIZE 157286400\r\n'
2023-05-31 20:06:53: SMTP (localhost:1587; ::1:51978->smtp.office365.com:587) <-- b'250-PIPELINING\r\n'
2023-05-31 20:06:53: SMTP (localhost:1587; ::1:51978->smtp.office365.com:587) <-- b'250-PIPELINING\r\n'
2023-05-31 20:06:53: SMTP (localhost:1587; ::1:51978->smtp.office365.com:587) <-- b'250-DSN\r\n'
2023-05-31 20:06:53: SMTP (localhost:1587; ::1:51978->smtp.office365.com:587) <-- b'250-DSN\r\n'
2023-05-31 20:06:53: SMTP (localhost:1587; ::1:51978->smtp.office365.com:587) <-- b'250-ENHANCEDSTATUSCODES\r\n'
2023-05-31 20:06:53: SMTP (localhost:1587; ::1:51978->smtp.office365.com:587) <-- b'250-ENHANCEDSTATUSCODES\r\n'
2023-05-31 20:06:53: SMTP (localhost:1587; ::1:51978->smtp.office365.com:587) <-- b'250-AUTH LOGIN XOAUTH2\r\n'
2023-05-31 20:06:53: SMTP (localhost:1587; ::1:51978->smtp.office365.com:587) <-- b'250-AUTH PLAIN LOGIN\r\n'
2023-05-31 20:06:53: SMTP (localhost:1587; ::1:51978->smtp.office365.com:587) <-- b'250-8BITMIME\r\n'
2023-05-31 20:06:53: SMTP (localhost:1587; ::1:51978->smtp.office365.com:587) <-- b'250-8BITMIME\r\n'
2023-05-31 20:06:53: SMTP (localhost:1587; ::1:51978->smtp.office365.com:587) <-- b'250-BINARYMIME\r\n'
2023-05-31 20:06:53: SMTP (localhost:1587; ::1:51978->smtp.office365.com:587) <-- b'250-BINARYMIME\r\n'
2023-05-31 20:06:53: SMTP (localhost:1587; ::1:51978->smtp.office365.com:587) <-- b'250-CHUNKING\r\n'
2023-05-31 20:06:53: SMTP (localhost:1587; ::1:51978->smtp.office365.com:587) <-- b'250-CHUNKING\r\n'
2023-05-31 20:06:53: SMTP (localhost:1587; ::1:51978->smtp.office365.com:587) <-- b'250 SMTPUTF8\r\n'
2023-05-31 20:06:53: SMTP (localhost:1587; ::1:51978->smtp.office365.com:587) <-- b'250 SMTPUTF8\r\n'
2023-05-31 20:06:53: SMTP (localhost:1587; ::1:51978->smtp.office365.com:587) --> b'AUTH login [[ Credentials removed from proxy log ]]\r\n'
2023-05-31 20:06:53: SMTP (localhost:1587; ::1:51978->smtp.office365.com:587) <-- b'334 UGFzc3dvcmQ6\r\n'
2023-05-31 20:06:53: SMTP (localhost:1587; ::1:51978->smtp.office365.com:587) --> b'[[ Credentials removed from proxy log ]]'
2023-05-31 20:06:53: SMTP (localhost:1587; ::1:51978->smtp.office365.com:587) --> b'AUTH XOAUTH2\r\n'
2023-05-31 20:06:53: SMTP (localhost:1587; ::1:51978->smtp.office365.com:587) <-- b'334 \r\n'
2023-05-31 20:06:53: Authorisation request received for SMTPAuthSvc@mydomain.com (interactive mode)
An error occurred when calling message handler
Traceback (most recent call last):
File "C:\Program Files\Python\Python38\lib\site-packages\pystray\_win32.py", line 401, in _dispatcher
return int(icon._message_handlers.get(
File "C:\Program Files\Python\Python38\lib\site-packages\pystray\_win32.py", line 213, in _on_notify
descriptors[index - 1](self)
File "C:\Program Files\Python\Python38\lib\site-packages\pystray\_base.py", line 324, in inner
callback(self)
File "C:\Program Files\Python\Python38\lib\site-packages\pystray\_base.py", line 449, in __call__
return self._action(icon, self)
File "emailproxy.py", line 2446, in authorise_account
webview.start(gui=forced_gui, debug=Log.get_level() == logging.DEBUG)
File "C:\Program Files\Python\Python38\lib\site-packages\webview\__init__.py", line 132, in start
guilib = initialize(gui)
File "C:\Program Files\Python\Python38\lib\site-packages\webview\guilib.py", line 101, in initialize
if not try_import(guis):
File "C:\Program Files\Python\Python38\lib\site-packages\webview\guilib.py", line 62, in try_import
if import_func():
File "C:\Program Files\Python\Python38\lib\site-packages\webview\guilib.py", line 52, in import_winforms
import webview.platforms.winforms as guilib
File "C:\Program Files\Python\Python38\lib\site-packages\webview\platforms\winforms.py", line 27, in <module>
import clr
File "C:\Program Files\Python\Python38\lib\site-packages\clr.py", line 6, in <module>
load()
File "C:\Program Files\Python\Python38\lib\site-packages\pythonnet\__init__.py", line 143, in load
if func(b"") != 0:
File "C:\Program Files\Python\Python38\lib\site-packages\clr_loader\types.py", line 64, in __call__
return self._callable(ffi.cast("void*", buf_arr), len(buf_arr))
RuntimeError: cannot call null pointer pointer from cdata 'int(*)(void *, int)'
2023-05-31 20:14:21: Stopping Email OAuth 2.0 Proxy
2023-05-31 20:14:21: Stopping SMTP server at localhost:1587 (unsecured) proxying smtp.office365.com:587 (STARTTLS)
2023-05-31 20:14:21: Authorisation result error for SMTPAuthSvc@mydomain.com - aborting login. Email OAuth 2.0 Proxy is shutting down
2023-05-31 20:14:21: SMTP (localhost:1587; ::1:51978->smtp.office365.com:587) <-- b'221 2.0.0 Service closing transmission channel\r\n'
2023-05-31 20:14:21: SMTP (localhost:1587; ::1:51978->smtp.office365.com:587) <-- b'535 5.7.8 Authentication credentials invalid. Email OAuth 2.0 Proxy: Login failed for account SMTPAuthSvc@mydomain.com: Email OAuth 2.0 Proxy is shutting down\r\n'
2023-05-31 20:14:21: SMTP (localhost:1587; ::1:51978->smtp.office365.com:587) Caught connection error (client) - ConnectionAbortedError : [WinError 10053] An established connection was aborted by the software in your host machine
2023-05-31 20:14:21: SMTP (localhost:1587; ::1:51978->smtp.office365.com:587) Caught connection error (client) - ConnectionAbortedError : [WinError 10053] An established connection was aborted by the software in your host machine
2023-05-31 20:14:21: SMTP (localhost:1587; ::1:51978->smtp.office365.com:587) --> [ Client disconnected ]
2023-05-31 20:14:21: SMTP (localhost:1587; ::1:51978->smtp.office365.com:587) --> [ Client disconnected ]
2023-05-31 20:14:21: SMTP (localhost:1587; ::1:51978->smtp.office365.com:587) <-- [ Server disconnected ]
2023-05-31 20:14:21: Warning: SMTP server at localhost:1587 (unsecured) proxying smtp.office365.com:587 (STARTTLS) unable to remove orphan client connection <__main__.SMTPOAuth2ClientConnection ('::1', 51978, 0, 0) at 0x11cb7abe220>
2023-05-31 20:14:21: Warning: SMTP server at localhost:1587 (unsecured) proxying smtp.office365.com:587 (STARTTLS) unable to remove orphan client connection <__main__.SMTPOAuth2ClientConnection ('::1', 51978, 0, 0) at 0x11cb7abe220>
2023-05-31 20:14:21: SMTP (localhost:1587; ::1:51978->smtp.office365.com:587) <-- [ Server disconnected ]
2023-05-31 20:14:21: SMTP (localhost:1587; ::1:51978->smtp.office365.com:587) <-- [ Server disconnected ]
2023-05-31 20:14:21: SMTP (localhost:1587; ::1:51978->smtp.office365.com:587) --> [ Client disconnected ]The end here was due to my stopping the script. However, I still did not get the Azure login credentials prompt.
If you have time, take a look at this video (https://www.youtube.com/watch?v=GgC42YOBEak). Granted he's setting up EO2P for single application purpose, but the procedure used seems to link the mailbox to the App Registration.
simonrob
commented
1 year ago FYI: the emailproxy.log file did not capture some of these details:
The reason for this—and the reason you're not getting the authentication popup—is that the proxy is encountering an error when displaying the popup.
This is the relevant traceback from your log, and is probably an issue with your pythonnet installation (it is not the proxy):
An error occurred when calling message handler
Traceback (most recent call last):
File "C:\Program Files\Python\Python38\lib\site-packages\pystray\_win32.py", line 401, in _dispatcher
return int(icon._message_handlers.get(
File "C:\Program Files\Python\Python38\lib\site-packages\pystray\_win32.py", line 213, in _on_notify
descriptors[index - 1](self)
File "C:\Program Files\Python\Python38\lib\site-packages\pystray\_base.py", line 324, in inner
callback(self)
File "C:\Program Files\Python\Python38\lib\site-packages\pystray\_base.py", line 449, in __call__
return self._action(icon, self)
File "emailproxy.py", line 2446, in authorise_account
webview.start(gui=forced_gui, debug=Log.get_level() == logging.DEBUG)
File "C:\Program Files\Python\Python38\lib\site-packages\webview\__init__.py", line 132, in start
guilib = initialize(gui)
File "C:\Program Files\Python\Python38\lib\site-packages\webview\guilib.py", line 101, in initialize
if not try_import(guis):
File "C:\Program Files\Python\Python38\lib\site-packages\webview\guilib.py", line 62, in try_import
if import_func():
File "C:\Program Files\Python\Python38\lib\site-packages\webview\guilib.py", line 52, in import_winforms
import webview.platforms.winforms as guilib
File "C:\Program Files\Python\Python38\lib\site-packages\webview\platforms\winforms.py", line 27, in <module>
import clr
File "C:\Program Files\Python\Python38\lib\site-packages\clr.py", line 6, in <module>
load()
File "C:\Program Files\Python\Python38\lib\site-packages\pythonnet\__init__.py", line 143, in load
if func(b"") != 0:
File "C:\Program Files\Python\Python38\lib\site-packages\clr_loader\types.py", line 64, in __call__
return self._callable(ffi.cast("void*", buf_arr), len(buf_arr))
RuntimeError: cannot call null pointer pointer from cdata 'int(*)(void *, int)'The proxy's readme already has a suggestion to work around this: use a prebuilt wheel for pythonnet. Have you tried this?
simonrob
commented
1 year ago I'm going to assume that this has now been resolved, and will close this issue shortly. Please do follow up if that's not the case.
Hi, I'm interested to know if your proxy will work with IIS SMTP Relay? If so, would I simply follow the instructions in readme or are there special setup instructions?