Always getting 500 Unrecognized Command errors

[Heroin-Bob]

I'm unsure of what I could possibly be doing wrong but in an effort to get this to work with Microsoft 365 / SMTP I keep getting the errors at the bottom of this post.

Here are the steps I've gone through:

• registered app in entra
• noted secret and app ID
• downloaded most recent source of oauth2 proxy
• edited the config for just Microsoft 365
• updated client_id and client_secret fields
• saved conf
• started with python3 emailproxy.py --no-gui --debug
• received response of Initialised Email OAuth 2.0 Proxy - listening for authentication requests. Connect your email client to begin
• connected in a browser to http://127.0.0.1:1587/ and this is when I get thrown the errors

I have been fighting this for 2 days and cannot figure out what the issue might be. I don't receive any errors regarding Python, Apache, or PHP.

Any help would be greatly appreciated.

220 DS7PR03CA0257.outlook.office365.com Microsoft ESMTP MAIL Service ready at Fri, 24 May 2024 16:18:18 +0000
500 5.3.3 Unrecognized command 'Length: 3' [DS7PR03CA0257.namprd03.prod.outlook.com 2024-05-24T16:18:23.748Z 08DC7BA4204A987B]
500 5.3.3 Unrecognized command 'Length: 5' [DS7PR03CA0257.namprd03.prod.outlook.com 2024-05-24T16:18:28.764Z 08DC7BA4204A987B]
500 5.3.3 Unrecognized command 'Length: 11' [DS7PR03CA0257.namprd03.prod.outlook.com 2024-05-24T16:18:33.764Z 08DC7BA4204A987B]
500 5.3.3 Unrecognized command 'Length: 7' [DS7PR03CA0257.namprd03.prod.outlook.com 2024-05-24T16:18:38.764Z 08DC7BA4204A987B]
500 5.3.3 Unrecognized command 'Length: 16' [DS7PR03CA0257.namprd03.prod.outlook.com 2024-05-24T16:18:43.764Z 08DC7BA4204A987B]
500 5.3.3 Unrecognized command 'Length: 16' [DS7PR03CA0257.namprd03.prod.outlook.com 2024-05-24T16:18:48.764Z 08DC7BA4204A987B]
500 5.3.3 Unrecognized command 'Length: 11' [DS7PR03CA0257.namprd03.prod.outlook.com 2024-05-24T16:18:53.764Z 08DC7BA4204A987B]
500 5.3.3 Unrecognized command 'Length: 26' [DS7PR03CA0257.namprd03.prod.outlook.com 2024-05-24T16:18:58.764Z 08DC7BA4204A987B]
500 5.3.3 Unrecognized command 'Length: 15' [DS7PR03CA0257.namprd03.prod.outlook.com 2024-05-24T16:19:03.780Z 08DC7BA4204A987B]
500 5.3.3 Unrecognized command 'Length: 15' [DS7PR03CA0257.namprd03.prod.outlook.com 2024-05-24T16:19:08.785Z 08DC7BA4204A987B]
500 5.3.3 Unrecognized command 'Length: 15' [DS7PR03CA0257.namprd03.prod.outlook.com 2024-05-24T16:19:13.780Z 08DC7BA4204A987B]
500 5.3.3 Unrecognized command 'Length: 15' [DS7PR03CA0257.namprd03.prod.outlook.com 2024-05-24T16:19:18.796Z 08DC7BA4204A987B]
500 5.3.3 Unrecognized command 'Length: 9' [DS7PR03CA0257.namprd03.prod.outlook.com 2024-05-24T16:19:23.796Z 08DC7BA4204A987B]
500 5.3.3 Unrecognized command 'Length: 7' [DS7PR03CA0257.namprd03.prod.outlook.com 2024-05-24T16:19:28.796Z 08DC7BA4204A987B]

[Heroin-Bob]

Oh couple things I meant to mention,

• I'm running this on Ubuntu Server 24.04 running in Hyper-V
• I did add my email to the field for Microsoft 365, replacing your.office365.address@example.com with a licensed email example@mydomain.com

[simonrob]

I'm not sure what Apache or PHP have to do with this, or why you're connecting in a browser - please could you clarify? Please also post the full debug log from the proxy.

[Heroin-Bob]

Sorry php and apache have nothing to do with it, I was mixing up this with the site I'm working on to use this. I should have just left that at Python. Below is the log using telnet 127.0.0.1 1587 and the a1 login e@mail.com password commands mentioned in the troubleshooting:

2024-05-25 01:15:12: Starting IMAP server at 127.0.0.1:1993 (unsecured) proxying outlook.office365.com:993 (SSL/TLS)
2024-05-25 01:15:12: Starting POP server at 127.0.0.1:1995 (unsecured) proxying outlook.office365.com:995 (SSL/TLS)
2024-05-25 01:15:12: Starting SMTP server at 127.0.0.1:1587 (unsecured) proxying smtp.office365.com:587 (STARTTLS)
2024-05-25 01:15:12: Starting IMAP server at 127.0.0.1:2993 (unsecured) proxying imap.gmail.com:993 (SSL/TLS)
2024-05-25 01:15:12: Starting POP server at 127.0.0.1:2995 (unsecured) proxying pop.gmail.com:995 (SSL/TLS)
2024-05-25 01:15:12: Starting SMTP server at 127.0.0.1:2465 (unsecured) proxying smtp.gmail.com:465 (SSL/TLS)
2024-05-25 01:15:12: Initialised Email OAuth 2.0 Proxy - listening for authentication requests. Connect your email client to begin
2024-05-25 01:17:52: New incoming connection to SMTP server at 127.0.0.1:1587 (unsecured) proxying smtp.office365.com:587 (STARTTLS)
2024-05-25 01:17:52: Accepting new connection from 127.0.0.1:39208 to SMTP server at 127.0.0.1:1587 (unsecured) proxying smtp.office365.com:587 (STARTTLS)
2024-05-25 01:17:52: SMTP (127.0.0.1:39208-{127.0.0.1:1587}-smtp.office365.com:587) --> [ Client connected ]
2024-05-25 01:17:53: SMTP (127.0.0.1:39208-{127.0.0.1:1587}-smtp.office365.com:587)     <-- b'220 SA1PR03CA0021.outlook.office365.com Microsoft ESMTP MAIL Service ready at Sat, 25 May 2024 01:17:52 +0000\r\n'
2024-05-25 01:17:53: SMTP (127.0.0.1:39208-{127.0.0.1:1587}-smtp.office365.com:587) <-- b'220 SA1PR03CA0021.outlook.office365.com Microsoft ESMTP MAIL Service ready at Sat, 25 May 2024 01:17:52 +0000\r\n'
2024-05-25 01:18:04: SMTP (127.0.0.1:39208-{127.0.0.1:1587}-smtp.office365.com:587) --> b'a1 login [[ Credentials removed from proxy log ]]\r\n'
2024-05-25 01:18:04: SMTP (127.0.0.1:39208-{127.0.0.1:1587}-smtp.office365.com:587)     --> b'a1 login test@domain.com Tester1!\r\n'
2024-05-25 01:18:09: SMTP (127.0.0.1:39208-{127.0.0.1:1587}-smtp.office365.com:587)     <-- b"500 5.3.3 Unrecognized command 'Length: 2' [SA1PR03CA0021.namprd03.prod.outlook.com 2024-05-25T01:18:09.696Z 08DC79388CF741D4]\r\n"
2024-05-25 01:18:09: SMTP (127.0.0.1:39208-{127.0.0.1:1587}-smtp.office365.com:587) <-- b"500 5.3.3 Unrecognized command 'Length: 2' [SA1PR03CA0021.namprd03.prod.outlook.com 2024-05-25T01:18:09.696Z 08DC79388CF741D4]\r\n"
2024-05-25 01:23:09: SMTP (127.0.0.1:39208-{127.0.0.1:1587}-smtp.office365.com:587)     <-- b'451 4.7.0 Timeout waiting for client input [SA1PR03CA0021.namprd03.prod.outlook.com 2024-05-25T01:23:09.702Z 08DC79388CF741D4]\r\n'
2024-05-25 01:23:09: SMTP (127.0.0.1:39208-{127.0.0.1:1587}-smtp.office365.com:587) <-- b'451 4.7.0 Timeout waiting for client input [SA1PR03CA0021.namprd03.prod.outlook.com 2024-05-25T01:23:09.702Z 08DC79388CF741D4]\r\n'
2024-05-25 01:23:09: SMTP (127.0.0.1:39208-{127.0.0.1:1587}-smtp.office365.com:587) <-- [ Server disconnected ]
2024-05-25 01:23:09: SMTP (127.0.0.1:39208-{127.0.0.1:1587}-smtp.office365.com:587) --> [ Client disconnected ]```

[simonrob]

You are using IMAP commands with a SMTP server. You need to use the correct commands or, simpler, a SMTP client.

[simonrob]

To follow up and add a little more context (which I'll link from the readme for the benefit of others too): IMAP, POP and SMTP are all different protocols, so a different login/authentication method is required for each one.

IMAP

See the Troubleshooting section of the proxy's readme.

POP

For POP (and SMTP) connections, you need to obtain the base64-encoded version of your username (i.e., your email address) and a password, separated by (and starting with) a null character. To generate this value from the terminal you can do the following:

printf '\x00email@example.com\x00password' | base64

Note the two \x00 values, which must be present. Replace email@example.com with your email address, and password with any value you like (see the readme for an explanation of why this value does not need to be your actual password).

You can now connect to a POP server through the proxy. As an example, to connect to the O365 server from the proxy's example configuration file, use telnet localhost 1995. You can then enter the authentication command auth plain [base64], replacing [base64] with the encoded value you generated earlier.

If you have already authorised your account with the proxy you should see a response starting with +OK; if not, this command should trigger a notification from the proxy about authorising your account.

SMTP

SMTP's protocol is similar to POP, but requires another "greeting" message first. For this, you need the IP address of the machine you are connecting from. If you don't already know how to retrieve this, visit one of the many IP displaying websites, such as this one.

Secondly, you need the base64-encoded version of your username joined with a password as discussed in the POP section above.

Now you are ready to open a connection to an SMTP server through the proxy. As an example, to connect to the Gmail SMTP server from the proxy's example configuration file, use telnet localhost 2465. You can then enter the following two commands. Each one requires one of the values you obtained earlier. Do not include the square brackets.

1. helo [your IP address], after which the server will respond with a greeting such as 250 smtp.gmail.com at your service. You can then enter the second command:
2. auth plain [base64], where [base64] is the encoded value you generated earlier.

If you have already authorised your account with the proxy you should see a response starting with 235 and a success message; if not, this command should trigger a notification from the proxy about authorising your account.