Cannot send mails using office365 smtp server

VoosW · Nov 18, 2014, 2:22 PM

The problem is not exactly with Office 365 Mail servers - rather with Exchange (and potentially other mailservers as well):

While researching the issue that pfSense won't send using our Exchange 2010 Server I found the underlying cause for it.

pfSense (our version is 2.1.5-RELEASE, but I guess other versions are also affected) seems to support several Authentication mechanisms for SMTP (at least that's what I gathered from the various files), but it ALWAYS uses "PLAIN".
If the E-Mail-Server does not support "PLAIN", E-Mail-Notifications will fail - typically with "Authentication mechanism not supported".
Now - guess what … Exchange does support plaintext-logins when configured correctly, but only using the method "LOGIN" ...

The culprit is in File /etc/inc/notices.inc , Line 324:
// Use SMTP Auth if fields are filled out
if($config['notifications']['smtp']['username'] &&
$config['notifications']['smtp']['password']) {
$smtp->authentication_mechanism = "PLAIN";
$smtp->user = $config['notifications']['smtp']['username'];
$smtp->password = $config['notifications']['smtp']['password'];

if I change this line to
$smtp->authentication_mechanism = "LOGIN";
I can send e-mail-notifications via our Exchange-Server. But I guess this will break Notifications for other mailservers.

IMHO there are two ways to fix this behaviour (sadly both beyond my pfSense/php-Knowledge):

get the list of supported auth-mechanisms from the server (after doing TLS if necessary - some servers offer plaintext-login only after a secue session was established) and "match" with local supported mechanisms (perhaps the smtp-class allows this already)?
allow the admin to select the auth-mechanism from a list of mechanisms supported by pfsense

arrmo · Nov 19, 2014, 2:17 AM

Hi,

Very cool finding - awesome! I'll give it a try (manual change), but also … why not start with 2), try 1) later? At least 2) would get things up and running.

Thanks!

Cacique · Nov 21, 2014, 4:54 PM

I had the same problem Authenticating but with Symantec Messaging Gateway (SMG). Changing PLAIN with LOGIN solve it. Thanks!

@VoosW:

The problem is not exactly with Office 365 Mail servers - rather with Exchange (and potentially other mailservers as well):

While researching the issue that pfSense won't send using our Exchange 2010 Server I found the underlying cause for it.

pfSense (our version is 2.1.5-RELEASE, but I guess other versions are also affected) seems to support several Authentication mechanisms for SMTP (at least that's what I gathered from the various files), but it ALWAYS uses "PLAIN".
If the E-Mail-Server does not support "PLAIN", E-Mail-Notifications will fail - typically with "Authentication mechanism not supported".
Now - guess what … Exchange does support plaintext-logins when configured correctly, but only using the method "LOGIN" ...

The culprit is in File /etc/inc/notices.inc , Line 324:
// Use SMTP Auth if fields are filled out
if($config['notifications']['smtp']['username'] &&
$config['notifications']['smtp']['password']) {
$smtp->authentication_mechanism = "PLAIN";
$smtp->user = $config['notifications']['smtp']['username'];
$smtp->password = $config['notifications']['smtp']['password'];

if I change this line to
$smtp->authentication_mechanism = "LOGIN";
I can send e-mail-notifications via our Exchange-Server. But I guess this will break Notifications for other mailservers.

IMHO there are two ways to fix this behaviour (sadly both beyond my pfSense/php-Knowledge):

get the list of supported auth-mechanisms from the server (after doing TLS if necessary - some servers offer plaintext-login only after a secue session was established) and "match" with local supported mechanisms (perhaps the smtp-class allows this already)?

allow the admin to select the auth-mechanism from a list of mechanisms supported by pfsense

arrmo · Nov 23, 2014, 12:20 AM

Hi,

If you don't mind me asking - what are the rest of your settings (like port number, SSL/TLS or STARTTLS, etc.)? Still struggling a bit.

Thanks!!!

arrmo · Nov 23, 2014, 4:05 AM

Got it working! Issue was STARTTLS (and save before Test).

Thanks!

andygorze · Feb 20, 2015, 12:32 PM

This also fixed my issue, many thanks.

creiglee · Mar 20, 2018, 5:57 AM

for this issue I added my account via POP3 and SMTP in outlook 2016 it works fine and also I test it via power shell and It works fine too.

bethelcolonyit · Aug 10, 2018, 4:05 PM

E-Mail server: smtp.office365.com
SMTP Port of E-Mail server: 587
Connection timeout to E-Mail server: blank
Secure SMTP Connection: unchecked
From e-mail address: user@example.com
Notification E-Mail address: user@example.com
Notification E-Mail auth username (optional): user@example.com
Notification E-Mail auth password: userpassword
Notification E-Mail auth mechanism: Login
Send Test
Save after successful test

vishal.mhatre2310 · May 22, 2019, 11:47 AM

@bethelcolonyit. Helped in big way. Thank you so much for the poast

SteveITS · Oct 10, 2020, 5:48 AM

I know this is old but it was a top search result.

The good news, there are 3 methods:
https://docs.microsoft.com/en-us/exchange/mail-flow-best-practices/how-to-set-up-a-multifunction-device-or-application-to-send-email-using-microsoft-365-or-office-365

The bad news: the purple note in section 1 (info on using a login and password) on that page:
"This option is not compatible with Microsoft Security Defaults or multi-factor authentication (MFA). If your environment uses Microsoft Security Defaults or MFA, we recommend using Option 2 or 3 below.

You must also verify that SMTP AUTH is enabled for the mailbox being used. See Enable or disable authenticated client SMTP submission (SMTP AUTH) in Exchange Online for more information."