Outlook sign in technology for notifications
-
Here is the "notice" I think he is referencing - so this is where (and what) they said:
the notice in my case, was not directly related to my pfSense box however, it uses a different mail server.
The link in that email regarding "Modern Authentication ..." is this
-
No doubt anymore.
It's informs the 'admin'** that a dedicated 'app' password must be set up to access (use the smtp or send mail facilities), as it (Microrsoft=) doesn't' want 'pfSense', which is app after all, use the original password. They don't want that to happen anymore.** admins use admin language ^^
Btw : They used the words "third-party email apps". That my cofee machine, the door bell light bulb, my priters and pfSense. Aka : stuff that notifies, so it needs to send a mail ones in a while.
"Second party" is probably the Outlook mail app in your phone, or the outlook (hotmail, msn) web access.
First = Them selves, the 'server'.Google (gmail) invented all this, many years ago. They do the same thing. AFAIK.
-
Actually informs the admin, that the coffee maker is using "Basic Auth" and simply put, don't do that.
"PLAIN' with a user name and password will stop working, that is likely what he has setup.
Really, nothing to do with the brand of coffee maker.
-
it reads "continue syncing Outlook Email in non-Microsoft email apps" pfsense isn't syncing anything - its sending email, that is all.. If you are using an app password.. your not syncing.
As @Gertjan mentions google did this quite some time ago, my pfsense uses a app password to send email, ie send notifications, like my certs are going to expire or there was some other error.
Maybe he got that email because he has some other 3rd party app, but I can find nothing about "app" passwords going away.
-
Syncing also means sending --- Look (for example) at the sample for thunderbird they give in the link, notice the SMTP sample, notice the Auth Method box highlighted and the wording
For Authentication method, select OAuth2 (instead of Normal password).
Normal = Plain in this context.
"users attempting to connect their Microsoft accounts through Basic Authentication will fail to do so."
You have to connect to send...
But isn't this a simple as the Poster likely has "PLAIN" and needs to select the other available option "LOGIN" ?
Maybe the prompt text below the option means something else ..
"Select the authentication mechanism used by the SMTP server. Most work with PLAIN, some servers like Exchange or Office365 might require LOGIN."I can't comment specifically on using an outlook account on a netgate, because I don't.
-
@jrey I don't use it either.. but what I can do is set it up and see.. But if they were taking away the app passwords, don't you think they would mention it on the page on how to create app passwords?
Or state in their warning that APP passwords will no longer function?
And yes its quite possible "basic" or plain auth is going away.. But I can not find anything that says APP passwords are going away...
Agree shouldn't be using plain as auth method.
-
@jrey I double checked and I'm set to LOGIN not PLAIN.
-
@jrey I'm not using PLAIN. I'm using LOGIN.
-
@mtk67 so its the 16th that they make this go away right.. Guess we will know in a few days.. But for sure don't see them taking away app passwords.
-
@johnpoz The best guess on what the 'modern authentication' is that they're referring to is similar to what, I think, Google does. And that is upon entering your creds you have to confirm authentication on another device (like your phone). Microsoft uses their Authenticator app.
I know that Synology uses this now so it was a change they had to make (don't ask me what, maybe OAUTH/2 as someone mentioned in a reply) to make this work. That's really the only other place I'm setup for notifications to this outlook.com address. Thus, this is why I suspect the notice that I received is due to my attempt to use it for pfSense notifications.
-
@mtk67 Well I bet you a beer ;) that app passwords don't go away..
On the 17th I will do a test of sending notification emails with pfsense using a @live.com (microsoft) email address and servers.
-
@johnpoz I'm sure you're right about app passwords. It'll be interesting to see what, if anything, changes next week.
-
Other the other hand, your notice may have been because of another device (the coffee maker) and not because of the pfSense settings at all.. (their notice of course does not tell you what device, only that you have "something" that is using Basic on that account) Assuming you use outlook on other devices, maybe one of those caused you to get the notice from MS and there are clear instructions for some of those cases in the article. They are truly only flagging that something using your account is using Basic Auth, nothing more.
The app password are not going away, the ability to use Normal/Plain/Basic is.
In my case the notice was generated because a legacy system (a script actually not even a mail application installed on this system) but that was still wanting to "talk" to outlook to send mail and it was set to basic, opps. Every thing else was already using what they reference as "modern" connections with regards to outlook - and the account and passwords still apply. You are not being asked to change your account or password.
the extended wording throughout the article and examples they provide are pretty clear and consistent. Don't use Basic Auth.
"Until September 16th, users signing into Outlook.com through Basic Authentication may experience recurring password prompts in Outlook and other third-party email applications. This is a known issue. After September 16th, users attempting to connect their Microsoft accounts through Basic Authentication will fail to do so."
You'll still be able to login with your account and password, again just not using Basic Auth.
Even though I don't use outlook on the netgate, my expectation (and interpretation of the message below the selection) is that LOGIN should work and PLAIN for those set that may be set that way will start to fail consistently. (assuming all the other setting are correct). Since you are already set for LOGIN - hit "Test SMTP Settings" on the 17th and you will know.
Have fun!
-
@jrey I guess I'll find out next week. But as I mentioned in an earlier reply I am only using this email account in two places... One is on my Synology and the other is here. Pretty sure it's not the NAS as mentioned, so that just leaves this. Maybe this is much ado about nothing.
My coffee maker is not connected to the net. ;)
-
@mtk67 and so did your notifications stop?
I just setup notification in my 2.7.2 vm using outlook.com - didn't even create an app password and working
-
The emails are still working as of this morning. That tells me that either they:
A. Didn’t make any change yet despite the 9/16 advertised deadline. -or-
B. Incorrectly identified customers using SMTP with LOGIN and created unnecessary panic.Hoping it’s B. If I end up seeing an impact I will post an update back to this thread. But all seems to be working unchanged as of today (9/18).
-
By the way, thanks for all the replies, ideas, and help here. Much appreciated!
-
@mtk67 said in Outlook sign in technology for notifications:
created unnecessary panic.
No - not MS, don't say it is so ;)
-
@mtk67 Wanted to post an update in case others are having the same problem. The emails continued to work until this week. Now I get an authentication error, so it seems MSFT had a grace period after their stated deadline.
The auth error is
Error: LOGIN authentication failure [SMTP: Invalid response code received from server (code: 535, response: 5.7.139
Authentication unsuccessful, basic authentication is disabled. [LV3P220CA0009.NAMP220.PROD.OUTLOOK.COM 2024-10-01 T01:39:18.356Z 08DCE11B520D41E6])]I'll wait patiently until netgate provides an auth fix for this. Still working fine on Synology which uses OAUTH2. Otherwise I'll need to switch to another email provider, though they all seem to be going the same route these days.
-
@mtk67 still working here
Are you using LOGIN, like in my above example?
PLAIN yeah fails
Change it back to LOGIN and works
what version of pfsense are you using? This is from my 2.7.2 version.