Outlook sign in technology for notifications

johnpoz

@mtk67 so its the 16th that they make this go away right.. Guess we will know in a few days.. But for sure don't see them taking away app passwords.

mtk67

@johnpoz The best guess on what the 'modern authentication' is that they're referring to is similar to what, I think, Google does. And that is upon entering your creds you have to confirm authentication on another device (like your phone). Microsoft uses their Authenticator app.

I know that Synology uses this now so it was a change they had to make (don't ask me what, maybe OAUTH/2 as someone mentioned in a reply) to make this work. That's really the only other place I'm setup for notifications to this outlook.com address. Thus, this is why I suspect the notice that I received is due to my attempt to use it for pfSense notifications.

johnpoz

@mtk67 Well I bet you a beer ;) that app passwords don't go away..

On the 17th I will do a test of sending notification emails with pfsense using a @live.com (microsoft) email address and servers.

mtk67

@johnpoz I'm sure you're right about app passwords. It'll be interesting to see what, if anything, changes next week.

jrey

@mtk67

Other the other hand, your notice may have been because of another device (the coffee maker) and not because of the pfSense settings at all.. (their notice of course does not tell you what device, only that you have "something" that is using Basic on that account) Assuming you use outlook on other devices, maybe one of those caused you to get the notice from MS and there are clear instructions for some of those cases in the article. They are truly only flagging that something using your account is using Basic Auth, nothing more.

The app password are not going away, the ability to use Normal/Plain/Basic is.

In my case the notice was generated because a legacy system (a script actually not even a mail application installed on this system) but that was still wanting to "talk" to outlook to send mail and it was set to basic, opps. Every thing else was already using what they reference as "modern" connections with regards to outlook - and the account and passwords still apply. You are not being asked to change your account or password.

the extended wording throughout the article and examples they provide are pretty clear and consistent. Don't use Basic Auth.

"Until September 16th, users signing into Outlook.com through Basic Authentication may experience recurring password prompts in Outlook and other third-party email applications. This is a known issue. After September 16th, users attempting to connect their Microsoft accounts through Basic Authentication will fail to do so."

You'll still be able to login with your account and password, again just not using Basic Auth.

Even though I don't use outlook on the netgate, my expectation (and interpretation of the message below the selection) is that LOGIN should work and PLAIN for those set that may be set that way will start to fail consistently. (assuming all the other setting are correct). Since you are already set for LOGIN - hit "Test SMTP Settings" on the 17th and you will know.

Have fun!

mtk67

@jrey I guess I'll find out next week. But as I mentioned in an earlier reply I am only using this email account in two places... One is on my Synology and the other is here. Pretty sure it's not the NAS as mentioned, so that just leaves this. Maybe this is much ado about nothing.

My coffee maker is not connected to the net. ;)

johnpoz

@mtk67 and so did your notifications stop?

I just setup notification in my 2.7.2 vm using outlook.com - didn't even create an app password and working

mtk67

The emails are still working as of this morning. That tells me that either they:
A. Didn’t make any change yet despite the 9/16 advertised deadline. -or-
B. Incorrectly identified customers using SMTP with LOGIN and created unnecessary panic.

Hoping it’s B. If I end up seeing an impact I will post an update back to this thread. But all seems to be working unchanged as of today (9/18).

mtk67

By the way, thanks for all the replies, ideas, and help here. Much appreciated!

johnpoz

@mtk67 said in Outlook sign in technology for notifications:

created unnecessary panic.

No - not MS, don't say it is so ;)

mtk67

@mtk67 Wanted to post an update in case others are having the same problem. The emails continued to work until this week. Now I get an authentication error, so it seems MSFT had a grace period after their stated deadline.

The auth error is
Error: LOGIN authentication failure [SMTP: Invalid response code received from server (code: 535, response: 5.7.139
Authentication unsuccessful, basic authentication is disabled. [LV3P220CA0009.NAMP220.PROD.OUTLOOK.COM 2024-10-01 T01:39:18.356Z 08DCE11B520D41E6])]

I'll wait patiently until netgate provides an auth fix for this. Still working fine on Synology which uses OAUTH2. Otherwise I'll need to switch to another email provider, though they all seem to be going the same route these days.

johnpoz

@mtk67 still working here

Are you using LOGIN, like in my above example?

PLAIN yeah fails

Change it back to LOGIN and works

what version of pfsense are you using? This is from my 2.7.2 version.

jrey

@jrey said in Outlook sign in technology for notifications:

But isn't this a simple as the Poster likely has "PLAIN" and needs to select the other available option "LOGIN" ?

Gertjan

@jrey

Yeah,
and this one (@mtk67 :):
Microsoft has not like 'us, the common mortals', just one mail server behind one IP.
They have probably a couple of hundreds or more, and they get updated and upgraded one by one - not "all at ones at midnight". After all, if there was some update/upgrade issue, its always better to hinder just 1 % of you clients instead of "all of them at ones".

So, imho, the upcoming app password is a thing, and will be phased in over time.

mtk67

@jrey no. It’s not that simple. I have LOGIN selected not PLAIN.

jrey

@mtk67

@johnpoz said in Outlook sign in technology for notifications:

what version of pfsense are you using?

Same question.

johnpoz

@jrey so have you created a app password? You sure you hit save all the way on the bottom for if you changed it login? Your is saying basic, my error says plain.

Once/If I get the failure I can switch it over to app password to see if that corrects it. But @Gertjan could be right they could have it rolling through their servers, and I have just not hit one yet.

mtk67

@johnpoz 100% that I’m using an app password. I needed it because I enabled 2FA on the account. Also certain that I’m not using PLAIN. If I can post screenshots here I’ll post it of my settings tonight when I get home. Then we can compare notes.

I read a tech note on their site last night and even went so far as to try using settings for the old POP format (ewww) just to see if it would make a difference.

mtk67

@jrey the latest 24-03 release. I am not running any prerelease/beta code.

jrey

@johnpoz

Not me with the issue. That would be @mtk67

PLAIN = BASIC

LOGIN should work IMHO. -

But I also stated very early, I don't use outlook accounts on the Netgate. I received the notice from MS from a different system that was sending with PLAIN/BASIC it failed, I changed it works.
Which is why I suspect the pfSense stuff "should" work the same.

I also thought that is what your previous post 4 hours ago - was demonstrating.

Yes rollouts of new code can take longer than expected (take Netgate for example - lol) may as well call it 24.10 now if that mark is hit..