Closed drakkan closed 1 year ago
wneessen
commented
1 year ago Thanks again for the work you're putting into this @drakkan. I do have a private O365 account for Office, so I have access to outlook.com. Not sure if this also supports MS Exchange Online or if that's only for business customers. I'm happy to test with my credentials if this works.
drakkan
commented
1 year ago @wneessen I think you are right. I can register an application targeting personal accounts. I think I can also test it myself this way. I will try it during the next week
james-d-elliott
commented
1 year ago Worst case I have access to both providers enterprise offerings and I have access to the Microsoft Sponsored Azure Program.
drakkan
commented
1 year ago uhmm, the protocol implementation looks correct, maybe I have to fix something with my app registration
2023/05/29 11:17:10 DEBUG: C <-- S: 250 MR1P264CA0133.outlook.office365.com Hello [82.84.55.116]
SIZE 157286400
PIPELINING
DSN
ENHANCEDSTATUSCODES
AUTH LOGIN XOAUTH2
8BITMIME
BINARYMIME
CHUNKING
SMTPUTF8
2023/05/29 11:17:10 DEBUG: C --> S: AUTH XOAUTH2
2023/05/29 11:17:10 DEBUG: C <-- S: 334
2023/05/29 11:17:10 DEBUG: C --> S: dXNlcj1vdXRsb29rX0I0QUREOUQ4QjJEMkZCN0VAb3V0bG9vay5jb20BYXV0aD1CZWFyZXIgZXlKMGVYQWlPaUpLVjFRaUxDSnViMjVqWlNJNkltcEdaWFJhV1ZoeWVWTk5NMmRzY1ZBMk9WWk1UMGQ2ZEU1S1owUkpaWFZrVUMxTlNsSlZUMFZJZVVVaUxDSmhiR2NpT2lKU1V6STFOaUlzSW5nMWRDSTZJaTFMU1ROUk9XNU9VamRpVW05bWVHMWxXbTlZY1dKSVdrZGxkeUlzSW10cFpDSTZJaTFMU1ROUk9XNU9VamRpVW05bWVHMWxXbTlZY1dKSVdrZGxkeUo5LmV5SmhkV1FpT2lKb2RIUndjem92TDI5MWRHeHZiMnN1YjJabWFXTmxMbU52YlNJc0ltbHpjeUk2SW1oMGRIQnpPaTh2YzNSekxuZHBibVJ2ZDNNdWJtVjBMemRtTmpCbE5ETTBMV0V4TlRndE5EZzNOeTA0WXpBeUxUa3dZbVV5TlRFd1lqbGlOUzhpTENKcFlYUWlPakUyT0RVek5URTFNamtzSW01aVppSTZNVFk0TlRNMU1UVXlPU3dpWlhod0lqb3hOamcxTXpVMk5ERTFMQ0poWTJOMElqb3hMQ0poWTNJaU9pSXhJaXdpWVdsdklqb2lRVmRSUVcwdk9GUkJRVUZCUkVJdk1saGhTWFJPY0hWSlozWlVjV0kxUm10RFV6aGpWRTA1YnpGNGFtTmpLM05qUTBKbWRqQTBUREJWYWxaUmRqRndjVzFHVFRGNmJsZHpkRk5hY1VwU2VUa3pNSEpTWm5kUVZXSk1NVGRIYnpJNVVtaGthMk0wY1doRVNHNVBiMnBtVXpGbmIyZ3daMlZqTWxoWkwzQldORmg2UTJkUGRFOHlRMEowVVRBaUxDSmhiSFJ6WldOcFpDSTZJakU2YkdsMlpTNWpiMjA2TURBd016ZEdSa1ZETkRRMU1EQTFPQ0lzSW1GdGNpSTZXeUp3ZDJRaVhTd2lZWEJ3WDJScGMzQnNZWGx1WVcxbElqb2lVMFpVVUVkdklpd2lZWEJ3YVdRaU9pSTVOR1ZqTnpBNE5DMHpNbVE1TFRRNE9XSXRPR1F6TXkwek1UWTJObUpqWWpKallqRWlMQ0poY0hCcFpHRmpjaUk2SWpFaUxDSmxiV0ZwYkNJNklteHBjM1J6UUhOMmNtbHVabTl5YldGMGFXTmhMbWwwSWl3aVpXNW1jRzlzYVdSeklqcGJYU3dpWm1GdGFXeDVYMjVoYldVaU9pSlRWbElpTENKbmFYWmxibDl1WVcxbElqb2lUR2x6ZEhNaUxDSnBaSEFpT2lKc2FYWmxMbU52YlNJc0ltbHdZV1JrY2lJNklqZ3lMamcwTGpVMUxqRXhOaUlzSW01aGJXVWlPaUpzYVhOMGN5SXNJbTlwWkNJNklqY3hNVEF4Wm1VMExUUmxPR1V0TkdGaE55MDVNR1JrTFdZM05EYzNNVEF4WldRMVlTSXNJbkIxYVdRaU9pSXhNREF6TWpBd01rRTVNMEU0TmtJNElpd2ljbWdpT2lJd0xrRlZORUZPVDFKblpqRnBhR1F3YVUxQmNFTXRTbEpETlhSUlNVRkJRVUZCUVZCRlVIcG5RVUZCUVVGQlFVRkNUMEZLWnk0aUxDSnpZM0FpT2lKVFRWUlFMbE5sYm1RaUxDSnphV1FpT2lJM09XVm1aalk1WlMxaVpEazBMVFE1WXpZdFlqYzVOaTAzWVRrM09EWmhObVpqWVRFaUxDSnpkV0lpT2lJMlN6aFZka3RLTlZodWRHZ3hjbVpUU0d0NVVGRlhhVkJGVDI1MFJIa3RaSHBDZVc5TmJVbG9TR2xWSWl3aWRHbGtJam9pTjJZMk1HVTBNelF0WVRFMU9DMDBPRGMzTFRoak1ESXRPVEJpWlRJMU1UQmlPV0kxSWl3aWRXNXBjWFZsWDI1aGJXVWlPaUpzYVhabExtTnZiU05zYVhOMGMwQnpkbkpwYm1admNtMWhkR2xqWVM1cGRDSXNJblZ3YmlJNklteHBjM1J6WDNOMmNtbHVabTl5YldGMGFXTmhMbWwwSTBWWVZDTkFjMlowY0dkdkxtOXViV2xqY205emIyWjBMbU52YlNJc0luVjBhU0k2SW5sdVNERndTMlIyU2pCeFJsWlVSbDk0WWxJMlFVRWlMQ0oyWlhJaU9pSXhMakFpTENKM2FXUnpJanBiSWpFelltUXhZemN5TFRabU5HRXROR1JqWmkwNU9EVm1MVEU0WkROaU9EQm1NakE0WVNKZGZRLmgxLUp4SUVGQ3cyZmFyM1VJcnFsT0xYcm0xT2pJOUY4YjRkZGVZbkJaQkpqZ2lKby01QWs0TElYbTB2TVhRTmUySUNObl9INnRaNUtsQzNUcGc2RDBPdWpHYTZfOWpxdlFBb1VjbFc0cnFXWWM0WjhyNkZvWWctdDh6WTlhNjZhR2JzYXcxRm9mTk02Q0hDVlpaNHlGSTh1YTVvLU9taVcwUE5PSXdralhiazZiclpIdEttclhJNnhPa1NDNl94ZnB3WmFqai1aN2FuVmFRbDdORFNXX1l3a2dfdm1zUm5pNHMwS2JLSWJ3TlVqajE0WnhRaFVSd3pxR2ZHekxfRmhERXJZTEc1YzNGUEQyVGZ3S1U3NWh0aWZ0R1dxOHA0X1o5bkdHMTdFMVphS3VkOXZHaEEtektPNUZIZ0YzUVlxeHdlWExvWlZzeERJaWdGLXp4bllRUQEB
2023/05/29 11:17:15 DEBUG: C <-- S: 535 5.7.3 Authentication unsuccessful [MR1P264CA0133.FRAP264.PROD.OUTLOOK.COM 2023-05-29T09:17:15.530Z 08DB5FF35BA9DFD7]
2023/05/29 11:17:15 DEBUG: C --> S: *
2023/05/29 11:17:20 DEBUG: C <-- S: 500 5.3.3 Unrecognized command '*' [MR1P264CA0133.FRAP264.PROD.OUTLOOK.COM 2023-05-29T09:17:20.561Z 08DB5FF35BA9DFD7]
2023/05/29 11:17:20 DEBUG: C --> S: QUIT
2023/05/29 11:17:20 DEBUG: C <-- S: 221 2.0.0 Service closing transmission channelalso note the 5 seconds delay after the * command (unrelated to this PR I think)
james-d-elliott
commented
1 year ago [connection begins]
C: C01 CAPABILITY
S: * CAPABILITY … AUTH=XOAUTH2
S: C01 OK Completed
C: A01 AUTHENTICATE XOAUTH2 dXNlcj1zb21ldXNlckBleGFtcGxlLmNvbQFhdXRoPUJlYXJlciB5YTI5LnZGOWRmdDRxbVRjMk52YjNSbGNrQmhkSFJoZG1semRHRXVZMjl0Q2cBAQ==
S: A01 OK AUTHENTICATE completed.This reads to me like the server (S) sends * CAPABILITY .. AUTH=XOAUTH2, but you're sending the * in the logs. Looks to me the client only sends one important command. Maybe it's the same as Google?
james-d-elliott
commented
1 year ago This is probably more relevant (pretty sure on closer inspection it is indeed the same):
AUTH XOAUTH2 <base64 string in XOAUTH2 format>
[connection begins]
C: auth xoauth2
S: 334
C: dXNlcj1zb21ldXNlckBleGFtcGxlLmNvbQFhdXRoPUJlY
XJlciB5YTI5LnZGOWRmdDRxbVRjMk52YjNSbGNrQmhkSFJoZG1semRHRXVZMj
l0Q2cBAQ==
S: 235 2.7.0 Authentication successful
[connection continues...]It works! I missed a permission while registering my app
2023/05/29 11:59:14 DEBUG: C <-- S: 250 ZR2P278CA0019.outlook.office365.com Hello [82.84.55.116]
SIZE 157286400
PIPELINING
DSN
ENHANCEDSTATUSCODES
STARTTLS
8BITMIME
BINARYMIME
CHUNKING
SMTPUTF8
2023/05/29 11:59:14 DEBUG: C --> S: STARTTLS
2023/05/29 11:59:14 DEBUG: C <-- S: 220 2.0.0 SMTP server ready
2023/05/29 11:59:14 DEBUG: C --> S: EHLO p1
2023/05/29 11:59:14 DEBUG: C <-- S: 250 ZR2P278CA0019.outlook.office365.com Hello [82.84.55.116]
SIZE 157286400
PIPELINING
DSN
ENHANCEDSTATUSCODES
AUTH LOGIN XOAUTH2
8BITMIME
BINARYMIME
CHUNKING
SMTPUTF8
2023/05/29 11:59:14 DEBUG: C --> S: AUTH XOAUTH2
2023/05/29 11:59:14 DEBUG: C <-- S: 334
2023/05/29 11:59:14 DEBUG: C --> S: dXNlcj1kcmFra2FuMTAwMEBvdXRsb29rLmNvbQFhdXRoPUJlYXJlciBFd0JBQStsM0JBQVVzaG5sS1VhY3lRZFFLT3FjVUdSMDBlR0xkbndBQWF3b3BJenZGeFVDK1Bqc0E3Q2dLaGZLSFFsUmZVTXdzRTY4VTA5L2NZU2d0M1gycjNKUUFpbmNSZGpaL1JScmtoSi9PL2JudkI5anN6S1h3UFFyTHlFNldseU0xMDZpNWVRRElMV0ZvaGQ3M3hsZmpVSEt5S1hBS0pmQ1ZRelpZeE16ak9BY0JZbkdDK0tOQXBCOWFEWkRuTW9HUFZRRXVrektVVXZCQXl6UHl3TDN6b00vMmlybDhHS3ZOcXNxTjdjOG5kV1JGcjQ1ajFNNkYzM2FQeXlFRUEvbCtTWC9CQklGTm9md0lYTXVGTDBkelEwaEdBTGFCR1oyU3RuazdMYXF2TnBHNTE0R0sxZ0ZQTFZkdTNzdE5iekZUeDZjMmtGTERycEQvazAxTWN2SE1hSTN0a0xxblREWnIwMjJ1bTBNQzZkV3pIdXl5NnhidTNHSy9tc0RaZ0FBQ04rRktIdWgwU2tDRUFLYWhiV3RnUlFnT1F4WVBKbWFmUFlvLzlVOHBpVS9WNm4zejg1dHJvYjR6bjlPUHcyRlllclRqWmlKSndrSlNKUzIrOE1WNEFyeElNWXJ0YjFPT0hZdW9WMmJpeEtPc1RnMC9JMXF5VFZDblVCZ01qNWVuRGRPVi9RYlJKU2wvZW5LN1JyTVBjNGZmNnlVanNBeEdUdENWV0daazY0L01BUlc1Tzc2MVQwY0REMUYyVkYwQktWVVl2WlBZajlxM3dKLzlwVzRQZUxCSEhOUlZQMFI0WGdXa1orRk14WDhlNlVIVlMxTGJKZWEzN3hSTzZDK2NnU3A1MEJZMkFBbW9HUHVYdjlHT3htSjFlL2tLNDU4VXlPRXpZM0t0Y0RKLy8rT2dCTXZiU3MxMDh0M3dMWE5OWWp4K3FlMVVSM0ZxSHBBd3FTd0dSaWJlcGVuZUFZS09GTUZIdGp0dHNJK1IvYVNzaldiMENhVm9rQyt0TmNrb043cTcrbUhsYzdXK0FuV3hNSFkrTzU3aGF3T1hHZ2hxTk91OGdEVkovSTZqNlRRVmwvNS9LclE5cXpaZVlHeXJ3cUxwSHV0Q2NJbGZrV3RyL0VhNnNlWDEzMmUwM2V0dXdJbFZaYVU0ZkJlV3RPSFlCSnVPcVlUSkZUQjhtd0Yxa1NPazYzMEl5SXZaR0dTdTdoWCswVjByZEtrMktlbVJnQk5PelZ0cXBiWVpwckw0QU9ZZjljVmIycSt4TlhOQVRGaXlQTWJZVElKSzZjZ3IzenBQWFFhQWwvMVdzbHFURWcxRk4ralNMeGhJWHRwdEFkSEN5MmVxV2pKbkVjcVMyc2VoRlR4eGlzVENYUkpqM1NsU3ljRDBDMmZOUHMyQzJnZ0RYRnJ6WFdTYmhHK3dpTUlRWUhXV2hDaGgwdGZyRm9MR2RGY0haRVh3RkZGQWc9PQEB
2023/05/29 11:59:14 DEBUG: C <-- S: 235 2.7.0 Authentication successful
2023/05/29 11:59:14 DEBUG: C --> S: MAIL FROM:<redacted@outlook.com> BODY=8BITMIME SMTPUTF8
2023/05/29 11:59:15 DEBUG: C <-- S: 250 2.1.0 Sender OK
2023/05/29 11:59:15 DEBUG: C --> S: RCPT TO:<redacted@gmail.com>
2023/05/29 11:59:15 DEBUG: C <-- S: 250 2.1.5 Recipient OK
2023/05/29 11:59:15 DEBUG: C --> S: DATA
2023/05/29 11:59:15 DEBUG: C <-- S: 354 Start mail input; end with <CRLF>.<CRLF>
2023/05/29 11:59:15 DEBUG: C --> S: RSET
2023/05/29 11:59:15 DEBUG: C <-- S: 250 2.0.0 Resetting
2023/05/29 11:59:15 DEBUG: C --> S: QUIT
2023/05/29 11:59:15 DEBUG: C <-- S: 221 2.0.0 Service closing transmission channelDoes it happen to work with the default implementation too? I suspect it may
drakkan
commented
1 year ago Does it happen to work with the default implementation too? I suspect it may
yes it works
2023/05/29 12:06:08 DEBUG: C <-- S: 250 MR1P264CA0147.outlook.office365.com Hello [82.84.55.116]
SIZE 157286400
PIPELINING
DSN
ENHANCEDSTATUSCODES
AUTH LOGIN XOAUTH2
8BITMIME
BINARYMIME
CHUNKING
SMTPUTF8
2023/05/29 12:06:08 DEBUG: C --> S: AUTH XOAUTH2 dXNlcj1kcmFra2FuMTAwMEBvdXRsb29rLmNvbQFhdXRoPUJlYXJlciBFd0JBQStsM0JBQVVzaG5sS1VhY3lRZFFLT3FjVUdSMDBlR0xkbndBQVhBa21WQ1F5My9odTQvN04yZVlRWmNwM3pidVRpTmFyTXJnSHhzd2k0K3Zvak9DbkFDQjhZSnllWndpY09aUDVQUHE1cUlFTGh2R1V0dHExV0VmT2tJU2I3aFV4U29mVy9YUjBPdkdQQkhxYVVPbHNLWktCb2VaYWFCc0gydXdGK1g4TlF0Yng2NWJQSkN5TTNyZUNGOFBwSE9KZ1p5eEZZTkxIYzZybjlyZUZuSUdVU0FhY2kzMzNPMEdnbnRlem52ZGhITHY5WU9DQ3VDdmk0cjU3NnJJWUw2bFdDUlJ5S3RYY1hnTnZqOUtFQmFzYjJ6L1RETGZxRnRqbC9yN3IvTGVYYTdUN0lxdlk5c3U1ZmVUQXlhM3RpZUdSZkVHZ3o0eUFMRVlMUFdJWkE3OVVkWDNQa0t0WUQzZXFLNmxPazVuQlQyL2JCQVZxNWx3S1NWWkFvSURaZ0FBQ0piMWxJRThDK05iRUFKbnZEZlM3NE94UUpUcXZvK29WZWVIWXFpWnd4dmQ3aGpnZEJzYjZNWXJvTU5NNXhWYk5yRGMvTElzYWcrTGhLNktZYm5JbjNOZmFlOFllN3VneVJsWXRhS3VJaHNQN0dvdU5lQ0VsMWlDaHlMYnp5bWwwN0VQUkVRRFFVaGZhVkFudVptRUsxUTJXM3RNS2oyNWdvWFEzS0RDWVRpUlFBaW5iVThFN2xtN3YxMnU2YjdHSVZlTC9oY3NuQ2JmWUhPWkVneWo4REVoMERBdHNwa0hpdTh5NUg2LzdreFFRYmpIQmFidU11aGVHUGtON0dYQkdqTm9WblJyQU5IWjFTaXdGRytzUUZ3TlRLZk5idXZqL0N2a0hTMXF4Vk1EL05XTWh1UGp5SFVkWkE1VllPS2NxYVZnNnBrR2t5SkdQOHFpcHMwOUtGbzFkeXA0ZlhMUm8zdHpWZFR6TmFhblk5WlRQK3FkeVJSS0xvV0lhZHBJNHkza096Qk4rSjJZdWcrV2JGVWxQMHlIdTVtQklhS0pFU3lXOU5uRnF3QTRSYmRhSDlBdWd6bkQ2NW9RNFc4Q3pPOWs3RTA1YTlUbnpYdkRMVzJKOUcxbFR3ZXFpYUxHT2VTcTZyTGZ1QVNURzVkay9YNW9EaGMvS1FWU1Zja1ZnTkNZTEVxcUFRamYwSVJBRisralY5Z09uYmQ3SHhrUkUrZFYzN0dRRi96YlR2YWRzbmVnalY2bmlnbEZvT28zcEg2U1FDWU96NXpobTgxSWZId2EvdjdoMzhzRm1vODNWRDVEdlg4alJDVVBHaWd2NWMvMVBtWVkrU2NVejdncFBMVXJ1NkZET2x0K3dVa09Kd2xOcEpnYm12enUvaStSSlg5MXFOamxxZEV3MU01L1NyVmlHZzhid29BRDZHRTE3K2h6dUppZ0VGTUFtcFJGQWc9PQEB
2023/05/29 12:06:09 DEBUG: C <-- S: 235 2.7.0 Authentication successful
2023/05/29 12:06:09 DEBUG: C --> S: MAIL FROM:<redacted@outlook.com> BODY=8BITMIME SMTPUTF8
2023/05/29 12:06:09 DEBUG: C <-- S: 250 2.1.0 Sender OK
2023/05/29 12:06:09 DEBUG: C --> S: RCPT TO:<redacted@gmail.com>
2023/05/29 12:06:09 DEBUG: C <-- S: 250 2.1.5 Recipient OK
2023/05/29 12:06:09 DEBUG: C --> S: DATA
2023/05/29 12:06:09 DEBUG: C <-- S: 354 Start mail input; end with <CRLF>.<CRLF>
2023/05/29 12:06:10 DEBUG: C --> S: RSET
2023/05/29 12:06:10 DEBUG: C <-- S: 250 2.0.0 Resetting
2023/05/29 12:06:10 DEBUG: C --> S: QUIT
2023/05/29 12:06:10 DEBUG: C <-- S: 221 2.0.0 Service closing transmission channeland here is the output for an auth error
2023/05/29 12:11:35 DEBUG: C <-- S: 250 ZR0P278CA0163.outlook.office365.com Hello [82.84.55.116]
SIZE 157286400
PIPELINING
DSN
ENHANCEDSTATUSCODES
AUTH LOGIN XOAUTH2
8BITMIME
BINARYMIME
CHUNKING
SMTPUTF8
2023/05/29 12:11:35 DEBUG: C --> S: AUTH XOAUTH2 dXNlcj1kcmFra2FuMTAwMEBvdXRsb29rLmNvbQFhdXRoPUJlYXJlciAxMTExMTExMTExMTExMTExMTEBAQ==
2023/05/29 12:11:42 DEBUG: C <-- S: 535 5.7.3 Authentication unsuccessful [ZR0P278CA0163.CHEP278.PROD.OUTLOOK.COM 2023-05-29T10:11:42.622Z 08DB5F9615773452]
2023/05/29 12:11:42 DEBUG: C --> S: *
2023/05/29 12:11:47 DEBUG: C <-- S: 500 5.3.3 Unrecognized command '*' [ZR0P278CA0163.CHEP278.PROD.OUTLOOK.COM 2023-05-29T10:11:47.652Z 08DB5F9615773452]
2023/05/29 12:11:47 DEBUG: C --> S: QUITNice work! Probably want to delete those credentials. Looks like you can probably just remove variants all together for now probably?
wneessen
commented
1 year ago Great work @drakkan and thanks as always for the helpful input as well @james-d-elliott! If you give me a hint on how get the tokens created, I can set up a github secret for the GH test environment, so that they don't fail.
drakkan
commented
1 year ago Nice work! Probably want to delete those credentials. Looks like you can probably just remove variants all together for now probably?
yes, no need for variants, I'll update the PR later. Outputs with Google
2023/05/29 12:28:14 DEBUG: C <-- S: 250 smtp.gmail.com at your service, [82.84.55.116]
SIZE 35882577
8BITMIME
AUTH LOGIN PLAIN XOAUTH2 PLAIN-CLIENTTOKEN OAUTHBEARER XOAUTH
ENHANCEDSTATUSCODES
PIPELINING
CHUNKING
SMTPUTF8
2023/05/29 12:28:14 DEBUG: C --> S: AUTH XOAUTH2 dXNlcj1tYXJ6aWFlbGlhNzhAZ21haWwuY29tAWF1dGg9QmVhcmVyIHlhMjkuYTBBV1k3Q2tuTmJRX1YwYm5WVVl2dW5XZlBjV1BBVG1fTHF2elZyYUVrNDNWQVJMSmtzQUNqQVE2cF9sV1ZUUzJMN2liVEJIUXRCU0VxRXZSVDdUV2FkeS15U3l0cGh6Vk1rQ3J3M2pINWtucndyUE1Fd3VzYUtDN2h3bV9CaGlFOU4xd2stdHA3Wm42UzE2Q051czVXMk5XU3ROX1N6X3B3YUNnWUtBYzRTQVJNU0ZRRzF0RHJwTlhBTWdsWDBMS3VUdDAwbFdEM0pLQTAxNjcBAQ==
2023/05/29 12:28:14 DEBUG: C <-- S: 235 2.7.0 Accepted
2023/05/29 12:28:14 DEBUG: C --> S: MAIL FROM:<redacted@gmail.com> BODY=8BITMIME SMTPUTF8
2023/05/29 12:28:14 DEBUG: C <-- S: 250 2.1.0 OK j17-20020a170906279100b00969f44bbef3sm5794725ejc.11 - gsmtp
2023/05/29 12:28:14 DEBUG: C --> S: RCPT TO:<redacted@gmail.com>
2023/05/29 12:28:14 DEBUG: C <-- S: 250 2.1.5 OK j17-20020a170906279100b00969f44bbef3sm5794725ejc.11 - gsmtp
2023/05/29 12:28:14 DEBUG: C --> S: DATA
2023/05/29 12:28:15 DEBUG: C <-- S: 354 Go ahead j17-20020a170906279100b00969f44bbef3sm5794725ejc.11 - gsmtp
2023/05/29 12:28:15 DEBUG: C --> S: RSET
2023/05/29 12:28:15 DEBUG: C <-- S: 250 2.1.5 Flushed j17-20020a170906279100b00969f44bbef3sm5794725ejc.11 - gsmtp
2023/05/29 12:28:15 DEBUG: C --> S: QUIT
2023/05/29 12:28:15 DEBUG: C <-- S: 221 2.0.0 closing connection j17-20020a170906279100b00969f44bbef3sm5794725ejc.11 - gsmtpBad token
2023/05/29 12:30:38 DEBUG: C <-- S: 250 smtp.gmail.com at your service, [82.84.55.116]
SIZE 35882577
8BITMIME
STARTTLS
ENHANCEDSTATUSCODES
PIPELINING
CHUNKING
SMTPUTF8
2023/05/29 12:30:38 DEBUG: C --> S: STARTTLS
2023/05/29 12:30:38 DEBUG: C <-- S: 220 2.0.0 Ready to start TLS
2023/05/29 12:30:38 DEBUG: C --> S: EHLO p1
2023/05/29 12:30:38 DEBUG: C <-- S: 250 smtp.gmail.com at your service, [82.84.55.116]
SIZE 35882577
8BITMIME
AUTH LOGIN PLAIN XOAUTH2 PLAIN-CLIENTTOKEN OAUTHBEARER XOAUTH
ENHANCEDSTATUSCODES
PIPELINING
CHUNKING
SMTPUTF8
2023/05/29 12:30:38 DEBUG: C --> S: AUTH XOAUTH2 dXNlcj1tYXJ6aWFlbGlhNzhAZ21haWwuY29tAWF1dGg9QmVhcmVyIDExMTExMTExMTExMTExAQE=
2023/05/29 12:30:38 DEBUG: C <-- S: 334 eyJzdGF0dXMiOiI0MDAiLCJzY2hlbWVzIjoiQmVhcmVyIiwic2NvcGUiOiJodHRwczovL21haWwuZ29vZ2xlLmNvbS8ifQ==
2023/05/29 12:30:38 DEBUG: C --> S:
2023/05/29 12:30:38 DEBUG: C <-- S: 535 5.7.8 Username and Password not accepted. Learn more at
5.7.8 https://support.google.com/mail/?p=BadCredentials d7-20020a170906c20700b0096f55247570sm5710307ejz.0 - gsmtp
2023/05/29 12:30:38 DEBUG: C --> S: *
2023/05/29 12:30:38 DEBUG: C <-- S: 502 5.5.1 Unrecognized command. d7-20020a170906c20700b0096f55247570sm5710307ejz.0 - gsmtp
2023/05/29 12:30:38 DEBUG: C --> S: QUIT
2023/05/29 12:30:38 DEBUG: C <-- S: 221 2.0.0 closing connection d7-20020a170906c20700b0096f55247570sm5710307ejz.0 - gsmtpGreat work @drakkan and thanks as always for the helpful input as well @james-d-elliott! If you give me a hint on how get the tokens created, I can set up a github secret for the GH test environment, so that they don't fail.
To create the tokens you need first to register your app on Google/Microsoft and then you can use the oauth2 library. To complete the oauth exchange and get a refresh token. I don't think this can be done in go-mail, you need an http server to get the auth callback. This is a one time operation, the refresh tokens never expire or expire after a long time
drakkan
commented
1 year ago @wneessen for Microsoft for example, I registered an app in the Azure portal like this
You need to set credentials, redirect uri, permissions etc. Not sure if you can automate this in GitHub. Using the refresh token you can create access tokens to use for sending emails
wneessen
commented
1 year ago Ok, that sounds more complex than expected. Not sure if the GH workflow will let us accomplish this easily.
drakkan
commented
1 year ago @wneessen we need to better investigate this:
2023/05/29 12:30:38 DEBUG: C <-- S: 535 5.7.8 Username and Password not accepted. Learn more at
5.7.8 https://support.google.com/mail/?p=BadCredentials d7-20020a170906c20700b0096f55247570sm5710307ejz.0 - gsmtp
2023/05/29 12:30:38 DEBUG: C --> S: *I don't thing my PR sends the *, do you have ideas? I have no more time for now. I can take a look after my working hours
wneessen
commented
1 year ago 2023/05/29 12:30:38 DEBUG: C <-- S: 535 5.7.8 Username and Password not accepted. Learn more at 5.7.8 https://support.google.com/mail/?p=BadCredentials d7-20020a170906c20700b0096f55247570sm5710307ejz.0 - gsmtp 2023/05/29 12:30:38 DEBUG: C --> S: *I don't thing my PR sends the
*, do you have ideas? I have no more time for now. I can take a look after my working hours
@drakkan I'm pretty sure that comes from the smtp auth method: https://github.com/wneessen/go-mail/blob/13c8d0a32c76aad415fba0834298e46a3e72bf23/smtp/smtp.go#L238
Reason behind this is the SMTP AUTH RFC where it states:
If the client wishes to cancel the authentication exchange, it issues a line with a single "*". If the server receives such a response, it MUST reject the AUTH command by sending a 501 reply.I assume that the OAUTH implementations of MS and Google did not implement this behaviour. Not sure if it's better to extend Client.Auth() to catch this behaviour or maybe catch it in the OAUTH implementation instead. Since we have our own smtp client, we should be free to do either way.
drakkan
commented
1 year ago Ok, that sounds more complex than expected. Not sure if the GH workflow will let us accomplish this easily.
yes it is not so easy to automate, additional the first time the user must be redirected to its account and grant the required permission. Take a look here for an overview
drakkan
commented
1 year ago 2023/05/29 12:30:38 DEBUG: C <-- S: 535 5.7.8 Username and Password not accepted. Learn more at 5.7.8 https://support.google.com/mail/?p=BadCredentials d7-20020a170906c20700b0096f55247570sm5710307ejz.0 - gsmtp 2023/05/29 12:30:38 DEBUG: C --> S: *I don't thing my PR sends the
*, do you have ideas? I have no more time for now. I can take a look after my working hours@drakkan I'm pretty sure that comes from the smtp auth method:
https://github.com/wneessen/go-mail/blob/13c8d0a32c76aad415fba0834298e46a3e72bf23/smtp/smtp.go#L238
Reason behind this is the SMTP AUTH RFC where it states:
If the client wishes to cancel the authentication exchange, it issues a line with a single "*". If the server receives such a response, it MUST reject the AUTH command by sending a 501 reply.I assume that the OAUTH implementations of MS and Google did not implement this behaviour. Not sure if it's better to extend
Client.Auth()to catch this behaviour or maybe catch it in the OAUTH implementation instead. Since we have our own smtp client, we should be free to do either way.
Thanks, I'll take a look later today and/or in the next few days
wneessen
commented
1 year ago @drakkan Is the PR ready to review/merge or are you still working on it?
drakkan
commented
1 year ago @drakkan Is the PR ready to review/merge or are you still working on it?
It should be ready. Both success and auth error cases seem to work as expected
wneessen
commented
1 year ago Perfect. I'll review and get a new release ready in the next days.
drakkan
commented
1 year ago @drakkan Is the PR ready to review/merge or are you still working on it?
It should be ready. Both success and auth error cases seem to work as expected
Thank you. No hurry for the new release. I think I need about 2 weeks to integrate the oauth part into SFTPGo (get refresh token, UI etc) and it's not a problem for me to use an untagged version or even temporary replace go-mail with my branch. If you prefer to have more real tests before tagging a new release, you can wait a few weeks after the feature is released in SFTPGo.
wneessen
commented
1 year ago That's good to know. Might actually be a good idea to get some "real life" data first.
drakkan
commented
1 year ago Worst case I have access to both providers enterprise offerings and I have access to the Microsoft Sponsored Azure Program.
@james-d-elliott this feature has been included in the development version of SFTPGo since last week but unfortunately I still haven't received any feedback from the user who requested it. If you have time/motivation to test it, please contact me at nicola dot murino at gmail dot com. Thanks in advance
wneessen
commented
1 year ago @drakkan Were you able to get in some more real-life testing from your project? Do you think we are ready for an official release?
drakkan
commented
1 year ago @drakkan Were you able to get in some more real-life testing from your project? Do you think we are ready for an official release?
not yet, sorry. I'll tag SFTPGo v2.5.2 with this feature included the next weekend anyway.
james-d-elliott
commented
1 year ago I did email you on the 9th, figured you were busy because I didn't see a response.
james-d-elliott
commented
1 year ago I have sent the email, you can remove them from this post. I mistyped "gmail" incidentally it looks like.
drakkan
commented
1 year ago I have sent the email, you can remove them from this post. I mistyped "gmail" incidentally it looks like.
sent some instructions via email, check your spam folder if you dont't see any reply :smile: Thank you!!!
james-d-elliott
commented
1 year ago I see them, will take a look this weekend.
drakkan
commented
1 year ago I see them, will take a look this weekend.
no hurry, thank you!
fixes #129
The Microsoft variant is untested. Do no merge.
If in the meantime you have suggestions to improve the code, they are welcome. If anyone can share a Microsoft Exchange Online account for testing and is interested in this feature, please contact me privately