Closed Bug 1974875 Opened 10 months ago Closed 4 months ago

Oauth2 authentication failures result in broken connections, failure to get mail, and SMTP to google and office365 time out in thunderbird 139.0

Categories

(MailNews Core :: Networking: SMTP, defect)

Product:
MailNews Core
Component:
Networking: SMTP
Version:
Thunderbird 139
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED INCOMPLETE

People

(Reporter: kobaz, Unassigned)

References

Details

(Keywords: regression, Whiteboard: [works in TB 128.2.0])

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0

Steps to reproduce:

1 - Install TB 139.0
2 - Attempt to send 0auth2 authenticated SMTP email via Office365 or Gmail using existing config. Send times out.

IMPORTANT: correct operation restored by reversing install back to TB 128.2.0.

Actual results:

Attempt to send email times out.

Expected results:

email should send as it does in TB 128.2.0.

Error Console Log
mailnews.smtp: Authentication failed: Unrecognized command 'Length: 7' [MN0PR02CA0012.namprd02.prod.outlook.com 2025-06-30T21:03:28.461Z 08DDB7CE0B3B5CF0] SmtpClient.sys.mjs:784:17
_onAuthFailed resource:///modules/SmtpClient.sys.mjs:784
_actionAUTHComplete resource:///modules/SmtpClient.sys.mjs:1185
_onCommand resource:///modules/SmtpClient.sys.mjs:605
_parse resource:///modules/SmtpClient.sys.mjs:402
_onData resource:///modules/SmtpClient.sys.mjs:459

GUI popup says to enter a new password, but you cannot. There is no way to enter a new password.

This bug still persists from the original bug 1919695

Summary: Oauth2 authentication failures result in broken connections, failure to get mail, and SMTP to google and office365 time out in thunderbird 128.2.2 → Oauth2 authentication failures result in broken connections, failure to get mail, and SMTP to google and office365 time out in thunderbird 139.0
Version: Thunderbird 128 → Thunderbird 139

Are you sure you're not using an alias address (for microsoft)?
Also, what does the log say for gmail?

Keywords: regression
See Also: → 1919695, 1917321
Whiteboard: [works in TB 128.2.0]

(In reply to Magnus Melin [:mkmelin] (away, back Aug 4) from comment #1)

Are you sure you're not using an alias address (for microsoft)?
Also, what does the log say for gmail?

kobaz, in case it wasn't obvious, we very much need your response. Thanks

Flags: needinfo?(kobaz)

Hi Magnus,

There is no alias for Microsoft. Also... it seems like an environmental issue. My desktop can send email (same office365 account, same smtp server, same password). But my laptop has this auth problem.

Both systems... I went through the office365 validation to add access on both machines, and then for some reason on my desktop has kept access. It does look like a comms + UI problem because when TB tries to log in, you get the error (Unrecognized command 'Length: 7'). And then when you click on 'Enter New Password' it just blindly tries the login again without asking for a new password.

So... obviously there's a protocol issue, and then secondly, the UI doesn't respond properly.

The gmail flow I don't have 100% reproduction on, but this office365 issue happens every single time, and across app restarts and reboots/etc.

And... as mentioned on the original bug report that was closed 1919695 (not mine)... this has been going on across many versions... so it looks like either it wasn't ever fixed or it's a regression.

Flags: needinfo?(kobaz)

Oh, and additionally. Same thunderbird version on my desktop. Same Debian distro (bookworm)

kobaz: Can you try setting security.tls.enable_kyber to false?

kobaz?

Same result.
security.tls.enable_kyber = false

Here's the flow:

  • Send email
  • Login to server smtp.office365.com failed with username xyz...
  • Options [Enter New Password] [Cancel] [Retry]
  • Click 'Enter New Password'

And then this leads to an endless loop of
Login to server smtp.office365.com failed
Enter New Password

And there's never a prompt to actually input a new password. I think the auth process itself is 'stuck'.

Try clearing the OAuth2 token (delete it from the logins). Then restart and try again.

See Also: → 1935379

After removing oauth2 for office and then restarting. I do finally get the login coming up for office365. I authenticated, and it looked like it worked.

And then on sending mail I still get password failed.

Oddly enough, receiving mail on imap from o365 works fine.

mailnews.smtp: Command failed: 535 Authentication unsuccessful, SmtpClientAuthentication is disabled for the Tenant. Visit https://aka.ms/smtp_auth_disabled for more information. [BL6PEPF00013E00.NAMP222.PROD.OUTLOOK.COM 2025-09-16T16:50:51.137Z 08DDF534C8A89CF3]; currentAction=_actionAUTH_XOAUTH2 SmtpClient.sys.mjs:578:19
mailnews.smtp: Error during AUTH XOAUTH2, sending empty response SmtpClient.sys.mjs:1097:19
mailnews.smtp: Command failed: 500 Unrecognized command 'Length: 7' [BL6PEPF00013E00.NAMP222.PROD.OUTLOOK.COM 2025-09-16T16:50:56.153Z 08DDF534C8A89CF3]; currentAction=_actionAUTHComplete SmtpClient.sys.mjs:578:19
mailnews.smtp: Authentication failed: Unrecognized command 'Length: 7' [BL6PEPF00013E00.NAMP222.PROD.OUTLOOK.COM 2025-09-16T16:50:56.153Z 08DDF534C8A89CF3] SmtpClient.sys.mjs:762:17
mailnews.smtp: Authentication failed: Socket closed. SmtpClient.sys.mjs:762:17
mailnews.smtp: Command failed: 535 Authentication unsuccessful, SmtpClientAuthentication is disabled for the Tenant. Visit https://aka.ms/smtp_auth_disabled for more information. [BL6PEPF00013E00.NAMP222.PROD.OUTLOOK.COM 2025-09-16T16:51:10.434Z 08DDF534C8A89CF3]; currentAction=_actionAUTH_XOAUTH2

My security protocol is STARTTLS
And auth method is oauth2

Well, that explains why: SmtpClientAuthentication is disabled for the Tenant.
Your organization admin must enable SMTP authentication for you to be able to send.

This doesn't explain why I'm able to send via smtp on my desktop by not my laptop (same account)

SmtpClientAuthentication... does this mean is not trying to use the oauth2 that was established?

It would make sense that it's being rejected if it's not sending the correct authentication.

Wild guess: you're using something else on the desktop without realizing it.

I don't think you'd get that error for wrong creds/settings. Most likely, SMTP AUTH is disabled for your org or account. Check that before anything else.
https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/authenticated-client-smtp-submission

Flags: needinfo?(kobaz)
Component: Security → Networking: SMTP
Product: Thunderbird → MailNews Core
Whiteboard: [works in TB 128.2.0] → [closeme 2025-10-25][works in TB 128.2.0]

Resolved per whiteboard

Status: UNCONFIRMED → RESOLVED
Closed: 4 months ago
Flags: needinfo?(kobaz)
Resolution: --- → INCOMPLETE
Whiteboard: [closeme 2025-10-25][works in TB 128.2.0] → [works in TB 128.2.0]
You need to log in before you can comment on or make changes to this bug.