Usually, for Gmail and outlook we have app passwords to connect to SMTP (though we can use email passwords by enabling less secure app access).
But for my Microsoft Exchange mail I can't find the app password, nor I can connect my app with the mail to send emails.
import smtplib
password = "mypassword"
email = "usrname#tsac-uae.com"
s = smtplib.SMTP('smtp.office365.com', 587)
s.starttls()
s.login(email, password)
I get an error saying
smtplib.SMTPAuthenticationError: (535, b'5.7.139 Authentication unsuccessful,
SmtpClientAuthentication is disabled for the Tenant.
Visit https://aka.ms/smtp_auth_disabled for more information.
[AM9P192CA0015.EURP192.PROD.OUTLOOK.COM]')
To avoid these complications, I need to use an app password. But I can't find how to set up app password in exchange. Also, the steps said in the website is outdated. I can't find enable SMTP anywhere.
You need to enable SMTP submission (an organization-wide setting)
within your Microsoft Tenant as per the link you get in the error message, which expands to https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/authenticated-client-smtp-submission.
The change can only be performed via powershell. An easy way to perform this change is by logging in at https://shell.azure.com. To use Exchange Online cmdlets in the Azure Cloud Shell, the Exchange Online cmdlets need to be imported using Connect-EXOPSSession.
Once connected, to enable SMTP submission use
Set-TransportConfig -SmtpClientAuthenticationDisabled $false
Make sure you read the article linked above to understand the security implications.
Also beware that
If your authentication policy disables basic authentication for SMTP,
clients cannot use the SMTP AUTH protocol even if you enable the
settings outlined in this article. For more information, see Disable
Basic authentication in Exchange Online.
Related
I have been trying to configure SMTP in order to send an confirmation email to email based self-registration users but each time an error message appear saying that
Tried to send you an email but failed!
this is my moodle email configurations
this is the error message I get when I run a test email
when searched the error I found that Moodle does not connect to email server.
is there any other configurations that I should check?
since this did not work I tried to connect through outlook.
I tried to configure outlook but it also failed.
this is the configuration for outlook
this is the error I get
please help..!!!
I'm not entirely sure what the problem is, we are using our own mailserver..
However, there are some restrictions to Gmail usage, which can require you to make some changes on your Gmail account.
Have a look at this to allow a new service access to your Gmail account:
https://www.lifewire.com/unlock-gmail-for-a-new-email-program-or-service-1171974
And here to allow your Gmail access to less secure services and programs:
https://myaccount.google.com/lesssecureapps?pli=1
I want to send automated emails form my raspberry pi. I followed this guide https://wiki.archlinux.org/index.php/SSMTP
I got an error when trying to send an email
~>cat tmp.txt | mail -s "subject" -t EXAMPLE#gmail.com
mail: cannot send message: Process exited with a non-zero status
I also got an email from Google telling me a sign-in attempt was prevented because I wasn't using modern security standards:
Should I be using a different was of sending email or should I use a different email service?
You can go to that gmail account setting and look for "Allow less secure apps" and turn it on.
myaccount.google.com -> "Sign-in & security" -> "Allow less secure apps: ON"
That will allow you to send email with less secure login process.
Otherwise, I saw some post which said this helped on python 2.7
Ref: https://www.raspberrypi.org/forums/viewtopic.php?t=94023&p=659005
Enable Less Secure Apps doesn't help for me.
However I found that if I turn on 2-factor auth and set a app-specific password then I can successfully log in to my gmail account.
I'll try to be clearest as possible as I think this is not a usual situation. If you need more details, please say it.
I work on a company that has an Exchange Server. They provide a laptop which is on company domain and I can connect in Outlook just fine with my company e-mail. If I go home with my company laptop I can connect via VPN to company domain and connect to Outlook just fine as well.
We have a webmail which we can use in ANY untrusted computer on browser, something like webmail.mycompany.com and I just need to put my username and password to connect.
I also have an Android smartphone which is not on domain as well and I can configure it to connect to my company Exchange mail.
However I work on a remote server which is not on company domain (I can't change the domain on the remote server) and I'm trying to configure Outlook on the remote server unsuccessfully...
I'm very confused and wondering:
If I can connect via VPN to my company Exchange mail on Outlook anywhere as long as I have internet access on my company laptop
I can connect to my company Exchange mail on a webmail on browser on any computer (not on company domain) providing username and password.
I can connect to my company Exchange mail on my Android smartphone (not on company domain) by providing the Exchange mail server, username, domain and password.
Question: Is it possible to connect to Outlook in a different domain on a remote server with the information I have?
Thank you!
If an Exchange server is published correctly with ActiveSync enabled, then an device that supports ActiveSync should be able to connect to it. I am contracted out to 4 partner organisations during the week, 1 orgs email is Exchange Online, the others are local exchanges, one each of 2007, 2010, 2013.
I can easily hook up my email accounts to each of these from my phones, outlook 2010 at home (not connected to the domain or VPN) and outlook 2013 in the office (that is domain connected). (For 2 of these orgs my first job was to correctly publish their exchange farm for their employees)
You mentioned a VPN tunnel, if you have to establish a VPN to connect to the exchange then it sounds like it has not been correctly published externally, possibly by design.
The first thing you should do is talk to your Exchange Admin and ask them to confirm or publish the Autodiscover and ActiveSync related services for the exchange you wish to connect to externally, it's quite secure by default and has been designed to be used in this way so you shouldn't get much resistance on this front.
If you are the admin, or just playing along at home, then your next stop should be the Microsoft Connectivity Analyzer https://testconnectivity.microsoft.com , previously testexchangeconnectivity.com... that uses the same protocols that outlook and mobile devices use to connect to MS Exchange, this includes Exchange Online.
If the connectivity analyzer can connect, but your client can't then download the client analyzer from the "client" tab in the connectivity analyzer site. The error prompts are really informative and help to improve your understanding of how the Exchange platform works
Outlook 2010 can only add one domain connected Exchange service at a time, but it can have many activeSync compatible services connected no worries at all. Follow the test results on the connectivity analyzer site described above for guidance, the two most common issues that I come across are:
You primary email alias may not match the autodiscover service. For instance user#email.com might belong to an exchange that is published as 'electronicemail.com' In this case you need to make sure you connect to the exchange service as 'user#electronicemail.com' your default replay to address as configured in exchange will still work as user#email.com, but outlook doesn't know about these details untile after it has established a connection to the exchange server via the autodiscover service.
The other common issue is that the autodiscover service is not contactable externally or does not resolve correctly when you are external. (this happens a lot with Small Business Server and Essential Business server) In these cases you can sometimes make some quick edits to your c:\windows\system32\drivers\etc\hosts file to direct outlook to the right server IPaddress to configure the account. If you add a hosts entry for autodiscover.yourEmailDomainName.whateveritis into your hosts file this can often get around issues caused by the organisations public DNS not being configured for exchange.
Note that the hosts solution above can work in many instances for both of these issues
I would like to do authentication at proxy on behalf of user via Kerberos/Negotiate protocol.
user will authenticate with form login with server, server knows the who the user is, and server has to authenticate to backend server on behalf of user using kerberos.
Please help me with sample code or point me to some good references.
thank you in advance
-csr
Michael: the OP is asking about what MS calls "constrained delegation," the S4U Kerberos extension they invented, rather than the standard delegation (TGT forwarding) to which you're referring.
CSR: first off: is the user providing their Kerberos password in your "form login?" If so, you don't need to use S4U; you can just kinit with the password and get credentials directly.
If not, then this is indeed one use case for which S4U is intended. You didn't say, but I'll assume you're in a Windows environment, although S4U has been added to MIT Kerberos as well.
Rather than have the client forward a TGT, S4U allows the domain administrator to authorize a service principal to independently impersonate any user to a limited set of other services. To enable a service for constrained delegation:
MMC "Users and Computers" snap-in
select the properties for the service account
"Delegation" tab
"trust... for delegation to specified services"
In your case, you'll also need to set "use any authentication protocol;" this enables "protocol transition." If your service were authenticating the user with Kerberos, you could have the DC require the service to present a recent ticket from the client, proving it has some business doing this. Since you're using different authentication method, though, you have to forgo that check; that's what protocol transition does.
I'd start here for understanding S4U: http://msdn.microsoft.com/en-us/library/cc246071(PROT.13).aspx.
I have written a patch for Apache mod_auth_kerb implementing constrained delegation for Unix web services, so it does in fact work. :)
Have the client to send a forwardable (OK-AS-DELEGATE) ticket to you. You can extract the TGT from that and impersonate to perform your task. This works in my case when I receive a service ticket from IE or FF and bind against the AD for the user.
I have to write a VBScript which will run on a Windows Server 03 (no Office, SMTP, etc. installed - like it's a fresh installation). This script should send E-Mails over an MS Exchange Server (on another server). So now I have a meeting with the head of the team managing those Servers. To prepare I'd like to know what ways I have to send an E-Mail from a VBScript over an MS Exchange (also including how to authenticate with the Exchange Server)?
As far as my googling goes there is one way with CDO (only SMTP?) which can use the current user for authentication or a clear text username & password.
edit:
Or am I mistaking and there is only SMTP for sending E-Mails over Exchange Server? Also that there is only authentication with clear text / using current credentials?
Cheers,
Gregor
There are other ways as well.
I'd prefer Exchange WebDav for previous versions of Exchange server
and use Exchange WebServices with the latest version of Exchange.
These method requires no client install so can be used anywhere.
WebDav: http://www.msexchange.org/articles/Access-Exchange-2000-2003-Mailbox-WebDAV.html
WebService: http://msdn.microsoft.com/en-us/library/aa563009(v=EXCHG.140).aspx
EWS scripting sample: Link
If you use CDO with SMTP and use Windows Authentication (NTLM).
Set objMessage = CreateObject("CDO.Message")
objMessage.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/smtpauthenticate") = 2
Setting that value to 0 makes it not use authentication, setting it to 1 uses basic authentication, and 2 makes it use NTLM.