Help needed

[AGenius]

Due to a security need to stop using SMTP sending to Office 365 and the email server being used does not support OAuth, I found this proxy project

I have been struggling to get it to work by using telnet to test the login and its been failing.

My main problem is the scope is not recognized

Firstly the server is behind a firewall, the server also is using ports 443 and 80 for a web server (this is windows based) using iis
We only need this for sending emails from the server to clients and our own accounts mailbox.

I setup the firewall to allow port 8888 through to the server and tested the firewall rules work. should this work? will this make it so that I dont have to interact with the proxy to authenticate ?

I have been using telnet to test the oauth using a1 login emailaddress random pass

I have had multiple failed logs showing the following errors:
The provided value for the input parameter 'scope' is not valid. The scope https://outlook.office.com/ https://outlook.office.com/SMTP.Send offline_access is not valid.

Then found that the scope should be like this
The resource principal named https://graph.microsoft.com/SMTP.Send was not found in the tenant named

From other articles I should have "Mail.Send" permission as thats all we need, also the scope has to have /.default
according to another error seen
Client credential flows must have a scope value with /.default suffixed to the resource identifier
and had to remove offline_access

Last error I am getting now
AADSTS500011: The resource principal named https://graph.microsoft.com/Mail.Send was not found in the tenant named ...... Limited. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant.

My Config

[IMAP-1993]
server_address = outlook.office365.com
server_port = 993
local_address = 127.0.0.1

[[email protected]]
permission_url = https://login.microsoftonline.com/tennantID/oauth2/v2.0/authorize
token_url = https://login.microsoftonline.com/tennantID/oauth2/v2.0/token
oauth2_flow = client_credentials
oauth2_scope = https://graph.microsoft.com/Mail.Send/.default offline_access
redirect_uri = http://localhost:8888
client_id = id
client_secret = secret

[emailproxy]
delete_account_token_on_password_error = True
encrypt_client_secret_on_first_use = False

Help would be much appreciated

[simonrob]

Rather than trying to figure out the configuration via trial and error, it's always best to start from one of the examples in the sample configuration file. Look below the basic account entries and you'll find samples for CCG too. And don't switch to the Graph ones as you've done - they will not work.

[AGenius]

I did follow the example which did not work! the office 365 example shows all the scope entries and they are not accepted

[AGenius]

Also, my question about the port 8888 and being behind a firewall might not help either

[simonrob]

You'll only need to let the normal email ports through the firewall if you're using the CCG method.

Re: scopes - if you're starting from a one with offline_access you're using the wrong configuration for CCG.

Either way this is a configuration problem rather than something wrong with the proxy, so it's best to put this as a discussion rather than an issue. You could also try auth-email.com for more commercial support.

[AGenius]

Thank you for pointing out my mistake with the wrong config

I think i should be using this section then

[[email protected]]
documentation = *** note: this is an advanced O365 account example; in most cases you want the version above instead ***
token_url = https://login.microsoftonline.com/*** your tenant id here ***/oauth2/v2.0/token
oauth2_scope = https://outlook.office365.com/.default
oauth2_flow = client_credentials
client_id = *** your client id here ***
client_secret = *** your client secret here (remove this entire line if a secret is not required) ***

I will re-try my testing tonight when client is not using the system

I will update