SMTP OAuth2 Authentication issue with MS 365.
Categories
(Thunderbird :: Security, defect)
Tracking
(thunderbird_esr115 affected)
| Tracking | Status | |
|---|---|---|
| thunderbird_esr115 | --- | affected |
People
(Reporter: judith, Unassigned)
References
Details
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/114.0
Steps to reproduce:
When I want to send an email, the SMTP authentication fails with prompts to retry or enter password.
Actual results:
Sending of the message failed.
Unable to authenticate to Outgoing server (SMTP) smtp.office365.com. Please check the password and verify the 'Authentication method' in 'Account Settings | Outgoing server (SMTP)'.
Expected results:
Authentication should succeed and email sent.
|
||
Comment 1•2 years ago
|
||
It can use either normal password, or OAuth2. You can try the other one if one doesn't work.
If you're using a custom domain, the admin may have disabled SMTP for your domain.
|
Reporter | |
Comment 2•2 years ago
|
||
Hi Magnus. I tried that and it did not work. My firm's admin tried all sorts of things such as re-authorizing me in case there was some issue but that did not work. Nothing seemed to work. I cannot use either normal password or OAuth2 as they both give the same error. I even updated to the small new version but that also did not work. My admin is stumped on what could be the issue and it seems it is strictly a Thunderbird issue so would love to figure out a solution.
|
||
Comment 3•2 years ago
|
||
Only one other report in bug 1836445, but that's a timeout issue.
So anecdotally, if it was caused by Thunderbird I think we'd be having a lot more reports.
Anje, are you seeing reports in support?
|
|
Reporter | |
Comment 4•2 years ago
|
||
I get this using any email accounts running over Microsoft 365. Sending of email works fine with the APP or using the web version of outlook but will not work with Thunderbird.
Sorry for delay - F1 Silverstone weekend
Lots of reports some only smtp issue - some just lost connection no download no smtp
Many people who were godaddy and migrated to MS 365
https://support.mozilla.org/en-US/questions/1417587
https://support.mozilla.org/en-US/questions/1417677
https://support.mozilla.org/en-US/questions/1417692
https://support.mozilla.org/en-US/questions/1417704
https://support.mozilla.org/en-US/questions/1417715
https://support.mozilla.org/en-US/questions/1417668
|
|
Reporter | |
Comment 6•2 years ago
|
||
I have no problems with receiving messages but do IMAP. I am using the server name--outlook.office365.com and my email address as the user name. Using SSL/TLS as my connection security and OAuth2 as my authentication. I select smtp.office365.com as my server name and use port 465. Using SSL/TLS as my connection security and OAuth2 as my authentication. It then produces this same error message each time.
I receive these same errors when trying to send messages. Sending of the message failed.
"The message could not be sent because connecting to Outgoing server (SMTP) smtp.office365.com failed. The server may be unavailable or is refusing SMTP connections. Please verify that your Outgoing server (SMTP) settings are correct and try again"
I have two email accounts at two different places and it produces the same results.
More Support issue with outlook and smtp -
https://support.mozilla.org/en-US/questions/1418434
https://support.mozilla.org/en-US/questions/1418798
User reports:
Server: smtp.office365.com
Port: 587
Connection: STARTTLS
Authentication: OAuth2A browser looking window opens up with a long URL in it (https://login.microsoftonline.com/common/oauth2/v2.0/authorize?response_type=code&client_id=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx&redirect_uri=https%3A%2F%2Flocalhost&scope=https%3A%2F%2Foutlook.office365.com%2FIMAP.AccessAsUser.All+https%3A%2F%2Foutlook.office365.com%2FPOP.AccessAsUser.All+https%3A%2F%2Foutlook.office365.com%2FSMTP.Send+offline_access&login_hint=xxxxxxxx%40hotmail.com) the windows is just blank and the dialog box for sending opens. The browser window shuts and the sending dialog box just sits there.
It ends up timing out saying it can't connect to the smtp server. I cannot send any e-mails at all. Please help or advise. Thank you!
Same issue with 115.0 on Windows, with two Microsoft accounts, @live.fr and @hotmail.com
I can't send messages, I see briefly the Oauth2 popup, then it vanishes, and the message in hanging then fails to be sent.
Reception is working.
I've rolled back to v112.13.0 and will wait for a fix.
|
|
||
Comment 9•2 years ago
|
||
Something to to try:
- Help | Troubleshoot mode
- Go to Settings, in saved passwords remove any old microsoft passwords, then try again.
|
|
||
Comment 10•2 years ago
|
||
Confirming based on multiple reports. But they might not be all the same.
Anje, can you follow up in the support topics to see who still has issues?
|
|
||
Comment 11•2 years ago
|
||
|
|
Reporter | |
Comment 12•2 years ago
|
||
(In reply to Anje from comment #7)
More Support issue with outlook and smtp -
https://support.mozilla.org/en-US/questions/1418434
https://support.mozilla.org/en-US/questions/1418798User reports:
Server: smtp.office365.com
Port: 587
Connection: STARTTLS
Authentication: OAuth2A browser looking window opens up with a long URL in it (https://login.microsoftonline.com/common/oauth2/v2.0/authorize?response_type=code&client_id=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx&redirect_uri=https%3A%2F%2Flocalhost&scope=https%3A%2F%2Foutlook.office365.com%2FIMAP.AccessAsUser.All+https%3A%2F%2Foutlook.office365.com%2FPOP.AccessAsUser.All+https%3A%2F%2Foutlook.office365.com%2FSMTP.Send+offline_access&login_hint=xxxxxxxx%40hotmail.com) the windows is just blank and the dialog box for sending opens. The browser window shuts and the sending dialog box just sits there.
It ends up timing out saying it can't connect to the smtp server. I cannot send any e-mails at all. Please help or advise. Thank you!
HI I still have these same issues-- https://support.mozilla.org/en-US/questions/1418434 This is my issues as well but the other one you posted is not my issue.
MY IT person tried to recreate my account but still have these same issues. I am using a MAC
|
||
Comment 13•2 years ago
|
||
We are getting alot of complaints about trying to send to office365 failing.
The user at this Support Forum question :
https://support.mozilla.org/en-US/questions/1423804
says :
When I set up an account (Outlook or Gmail) to use OAuth, sending emails fails. When I click 'send,' a large window flashes up, but then nothing happens until I receive a server time-out error.
When using OAuth for retrieving emails, no errors occur.
If I switch to an app password, then it works fine.
Using Thunderbird version 115.2.2.
Others with same issue:
https://support.mozilla.org/en-US/questions/1421965
https://support.mozilla.org/en-US/questions/1423736
https://support.mozilla.org/en-US/questions/1423654
Please read this support forum question.
https://support.mozilla.org/en-US/questions/1423746
Good info at above link.
User provides info:
I encounter constantly popups with the following error messages:
- "...user ist authenticated but not connected"
- "the server is offline"
- something like "authentification error while connecting to server outlook.office365.com"
Also the Page where i should enter the password to create the OAuth-Token keeps opening and closing before it could load completely.
Here is an entry from the Thunderbird error-log:
"mailnews.oauth: Error response from the authorization server: invalid_grant; AADSTS50196: The server terminated an operation because it encountered a client request loop. Please contact your app vendor.
https://login.microsoftonline.com/error?code=50196
I believe this bug needs a high priority.
|
|
||
Comment 14•2 years ago
|
||
I've asked some people with issues to try using app generated password and Authentication Method: Normal Password.
Hopefully this may get them able to send but it does not solve the bug. I'll post any further results.
|
|
Reporter | |
Comment 15•2 years ago
|
||
I tried to switch it to a normal password but it would not even login as it said there was a problem with the password. So had to switch back to OATH so I could receive mail. I can only send from the Outlook App, or logging in to Outlook to send mail
Alternatively, I can respond via another non-Microsoft outlook account and respond. So it is still a problem
|
|
||
Comment 16•2 years ago
|
||
|
|
||
Comment 17•2 years ago
|
||
(In reply to Judith Hellerstein from comment #15)
I tried to switch it to a normal password but it would not even login as it said there was a problem with the password. So had to switch back to OATH so I could receive mail. I can only send from the Outlook App, or logging in to Outlook to send mail
Alternatively, I can respond via another non-Microsoft outlook account and respond. So it is still a problem
You cannot use a normal password - that is the Authentication Method setting which you need to select.
Thunderbird can only access server by using either oauth or using app generated password providing you have switched on 2FA.
You have to logon to your webmail account and switch on 2FA and then create an app specific password.
You then need to alter settings in Thunderbird in order to use that app generated password.
In Thunderbird
In Account Settings, you have to change the incoming and outgoing smtp 'Authentication Method' to say 'Normal Password'
In Settings > Privacy & Security > Saved Passwords > Show Passwords
If you see 'oauth://account...' for the relevant account - remove it.
If you see 'mailbox://account...' for pop accounts , 'imap://account....' for imap accounts, 'smtp://account....'
Right click on each relevant line and select 'Edit Password'
Clear all contents and then enter that 'app generated specific password' you created.
If you DO NOT see 'mailbox://account...' for pop accounts , 'imap://account....' for imap accounts, 'smtp://account....'
When you start up Thunderbird you will get prompted for password.
Enter the app generated password.
Select checkbox for Thunderbird to remember password before you click on OK
|
|
||
Comment 18•2 years ago
|
||
Feedback from Support Forum regarding those who CAN receive via oauth but CANNOT send/smpt -
I asked them to switch on 2FA and use app specific password as a temp means of being able to receive and send.
I am seeing reports that this works as a current workaround.
https://support.mozilla.org/en-US/questions/1423671
That worked perfectly thank you
https://support.mozilla.org/en-US/questions/1423746
able to overcome the issue by using "Password, normal" as authentication method instead of OAuth2, but this should be only a temporal workaround as OAuth2 is the future.
https://support.mozilla.org/en-US/questions/1423736
Thank you! This seems to have worked!
However, it does not solve the bug where people cannot send via oauth.
Hopefully the Thunderbird error-log will point developers in the right direction:
"mailnews.oauth: Error response from the authorization server: invalid_grant; AADSTS50196: The server terminated an operation because it encountered a client request loop. Please contact your app vendor.
|
|
||
Updated•2 years ago
|
|
|
||
Comment 19•1 year ago
|
||
Some reports did post some updated feedback before questions were archived saying the following which worked for them.
change the SMTP server from the default 'smtp.office365.com' to 'smtp.outlook.office365.com' then Authentication Method: OAuth2 worked.
|
||
Comment 20•1 year ago
•
|
||
(In reply to Anje from comment #19)
Some reports did post some updated feedback before questions were archived saying the following which worked for them.
change the SMTP server from the default 'smtp.office365.com' to 'smtp.outlook.office365.com' then Authentication Method: OAuth2 worked.
in my testing on ubuntu, windows11 and macos the following SMTP settings work for my hotmail.com account here in Vancouver, Canada: smtp.office365.com, 58, STARTTLS, OAuth2 i.e. what Thunderbird autoconfigures
Conclusion: NONE :-) perhaps 'smtp.outlook.office365.com' works for some countries but not others? This would seem to be a "Microsoft inconsistent fleet of servers" problem or something :-)
|
||
Comment 21•1 year ago
|
||
(In reply to Roland Tanglao :rolandtb :adobo :sinigang :mapotofu previous tour of duty profile: https://bugzilla.mozilla.org/user_profile?login=rtanglao%40mozilla.com from comment #20)
(In reply to Anje from comment #19)
Some reports did post some updated feedback before questions were archived saying the following which worked for them.
change the SMTP server from the default 'smtp.office365.com' to 'smtp.outlook.office365.com' then Authentication Method: OAuth2 worked.
in my testing on ubuntu, windows11 and macos the following SMTP settings work for my hotmail.com account here in Vancouver, Canada: smtp.office365.com, 58, STARTTLS, OAuth2 i.e. what Thunderbird autoconfigures
Conclusion: NONE :-) perhaps 'smtp.outlook.office365.com' works for some countries but not others? This would seem to be a "Microsoft inconsistent fleet of servers" problem or something :-)
Just perhaps it is a transition period. I know that I was presented in the Outlook.com settings with the server settings for my account on this link https://outlook.live.com/mail/0/options/mail/accounts and at that time the setting showed as smtp-mail.outlook.com:587.
A couple of months ago Microsoft ceased to show the server settings you should use in your account settings on that page and instead adopted the link to https://support.microsoft.com/en-us/office/pop-imap-and-smtp-settings-for-outlook-com-d088b986-291d-42b8-9564-9c414e2aa040 But that page still says that the SMTP server is smtp-mail.outlook.com
Checking this Microsoft link for setting up your Multifunction device to send mail and Microsoft are saying to use smtp.office365.com on Port 25. https://learn.microsoft.com/en-us/exchange/mail-flow-best-practices/how-to-set-up-a-multifunction-device-or-application-to-send-email-using-microsoft-365-or-office-365
So I think the issue probably has more to do with if you are a paid office365 customer or a free one than anything else. This "idea" is supported by the folk at the University of Southern California, who with the benefit of a full IT department recommend the use of the office365 server for setting up office365 accounts. https://itservices.usc.edu/office365/emailclients/
If my assumption that different SMTP servers are required for paid V's Free users, I really do not know how to differentiate them at the account wizard stage short of asking if the person is subscribed to Office365. Or defaulting everyone to the Free outgoing server smtp-mail.outlook.com if that actually works universally. The wizard could try both and use the one that works. But that is really a second best approach.
|
|
||
Comment 22•1 year ago
|
||
Judith, is this resolved now when using a current version?
|
|
Reporter | |
Comment 23•1 year ago
|
||
I am using Thunderbird 115.2.2 (64-bit) and I still can not send mail from any Microsoft email accounts. I can try the suggestion that Matt made above and see if it works. The only way I found to reply to emails under the two client organizations that use Outlook is to change the email to my non-Microsoft account address and respond that way or respond online using Outlook for the web or the Outlook app
Judith
|
|
||
Comment 24•1 year ago
•
|
||
Additional info for Judith
Microsoft have made some changes recently. All mail accounts/email addresses that you may have using the outlook server are now called alias accounts to the Microsoft account.
You say 'any Microsoft email accounts' - so I'm presuming you have more than one.
- Microsoft account password and all mail accounts using outlook server must have same password.
- In Microsoft account whatever account has been selected as the 'primary' account is the only username/email address which can be used to 'send' email using smtp no matter what the incoming account name. You can choose what you want set up as primary, but then you have to use it as smtp for any mail account that uses the outlook server.
Example: if you have an email address which is name@hotmail.com and another which is name@mydomain.com and another name@outlook.com.
If in Microsoft Account accessed via a browser you have the hotmail account set up as 'primary' account then in Thunderbird, all of these accounts : name@hotmail.com, name@mydomain.com, name@outlook.com must have identical smtp settings where username = name@hotmail.com because it is the primary account.
It took a while to find out what was going on. So many people suddenly cannot send - but this is a more recent issue. Maybe this is effecting you.
I've been offering this advise to people in Support Forum and it fixes the issue for sending etc. Microsoft do have this info in their help pages but finding it is not exactly that simple.
|
|
||
Comment 25•1 year ago
|
||
(In reply to Wayne Mery (:wsmwk) from comment #22)
Judith, is this resolved now when using a current version?
Meaning version 128. The version you cite in comment 23 (I hope you mean 115.12.2) is 7 months old, and anything version 115.x is not going to have the most recent authentication fixes.
In short, it's time to upgrade :) Otherwise, we're at a dead end.
|
|
Reporter | |
Comment 26•1 year ago
|
||
Ok I just updated several times and finally I am on version 128.6.0esr (64-bit) but it seems the problem is not fixed and I still cannot send email from any Outlook domain via Thunderbird. The system has been trying for several minutes but has not had success
Best,
Judith
|
|
Reporter | |
Comment 27•1 year ago
|
||
(In reply to Anje from comment #24)
Additional info for Judith
Microsoft have made some changes recently. All mail accounts/email addresses that you may have using the outlook server are now called alias accounts to the Microsoft account.You say 'any Microsoft email accounts' - so I'm presuming you have more than one.
- Microsoft account password and all mail accounts using outlook server must have same password.
- In Microsoft account whatever account has been selected as the 'primary' account is the only username/email address which can be used to 'send' email using smtp no matter what the incoming account name. You can choose what you want set up as primary, but then you have to use it as smtp for any mail account that uses the outlook server.
Example: if you have an email address which is name@hotmail.com and another which is name@mydomain.com and another name@outlook.com.
If in Microsoft Account accessed via a browser you have the hotmail account set up as 'primary' account then in Thunderbird, all of these accounts : name@hotmail.com, name@mydomain.com, name@outlook.com must have identical smtp settings where username = name@hotmail.com because it is the primary account.It took a while to find out what was going on. So many people suddenly cannot send - but this is a more recent issue. Maybe this is effecting you.
I've been offering this advise to people in Support Forum and it fixes the issue for sending etc. Microsoft do have this info in their help pages but finding it is not exactly that simple.
Hi.
I only have Exchange accounts via two clients who use it as their firm email addresses. I have two separate accounts but have the same issues with both. I updated to the latest Thunderbird--version 128.6.0esr (64-bit) and still have the same issue
Judith
|
|
Reporter | |
Comment 28•1 year ago
|
||
(In reply to Judith Hellerstein from comment #26)
Ok I just updated several times and finally, I am on version 128.6.0esr (64-bit) but it seems the problem is not fixed and I still cannot send email from any Outlook domain via Thunderbird. The system has been trying for several minutes but has not had success
I still get the following message--Sending of the message failed.
The message could not be sent because connecting to Outgoing server (SMTP) failed. The server may be unavailable or is refusing SMTP connections. Please verify that your Outgoing server (SMTP) settings are correct and try again.
Best,
Judith
|
|
||
Comment 29•1 year ago
|
||
(In reply to Judith Hellerstein from comment #6)
I have no problems with receiving messages but do IMAP. I am using the server name--outlook.office365.com and my email address as the user name. Using SSL/TLS as my connection security and OAuth2 as my authentication. I select smtp.office365.com as my server name and use port 465.
You have the wrong port in the settings then! (And should be STARTTLS as well)
You should use server: smtp.office365.com
Port: 587
Connection security: STARTTLS
Authentication: OAuth2
|
||
Comment 30•10 months ago
|
||
Hi, I'm noticing the same issue as Judith. With Thunderbird 136, SMTP doesnt work. I had 128 in the pacman cache, so downgraded to it, created new profile, and SMTP works. Clearly a regression. I double checked SMTP server and settings, they're the same.
Settings:
Server: smtp.office365.com
Port: 587
Security: STARTTLS
Auth: OAuth2
|
|
||
Comment 31•10 months ago
|
||
If you start with thunderbird.exe --allow-downgrade -P you can select the old profile. Can you verify there's a regression with the same profile?
|
||
Comment 32•8 months ago
|
||
Resolved per whiteboard
Description
•