I am trying to email EML files via Gmail SMTP server using MailKit. I followed example provided by jstedfast to build MimeMesage and send via Gmail SMTP server. I am able to send email using both the simple authentication using (user account, user password) and using OAUTH2. I followed example how to Setting up OAuth2 for use with Google Mail and all works fine, except that it seems that I have to configure access Scopes to include "https://mail.google.com/"
var accessScopes = new[]
{
"https://mail.google.com/",
"https://www.googleapis.com/auth/gmail.send"
};
otherwise sending fails with the following error:
535: 5.7.8 Username and Password not accepted. Learn more at
5.7.8 https://support.google.com/mail/?p=BadCredentials c5sm231676iod.25 - gsmtp
I assumed that I need to configure access scope with the gmail.send only but it doesn't seem to work.
"https://www.googleapis.com/auth/gmail.send"
I don't want to configure "https://mail.google.com/" which implies full access to the gmail account. When the consent screen is presented to users, users may hesitate to accept all access scopes which seems to be required otherwise sending of mails fails.
I tried to configure some of the read only scopes instead of "https://mail.google.com/" but it doesn't seem to work.
What I am missing?
Thank you
The "https://mail.google.com/" scope is the only scope that works with SMTP, POP3 and/or IMAP.
All of the other scopes are only available to use with the Google REST APIs.
Related
I'm trying to send an email via smtp.live.com using an OAuth token generated via https://login.microsoftonline.com/common/oauth2/v2.0/… but I'm receiving the following error:
535 5.7.3 Authentication unsuccessful
I can make it work by obtaining an auth token via https://login.live.com/oauth20_authorize.srf (a legacy API) but that only works for free Microsoft accounts (I need to support business/Outlook365 accounts too).
The fact I can make it work using that legacy endpoint seems to validate that:
The server supports XOAUTH2 (which I also validated via Telnet EHLO)
That the encoding is correct (I'm using this process)
That I'm meant to pass the full access token via XOAUTH2 and not something odd like pass it in via LOGIN, or decode the JWT and pass in some component etc.
The access token seems valid (it works for other calls, including sending an email via the Graph API).
I've requested the following scopes:
[
'offline_access', 'User.Read', 'MailboxSettings.ReadWrite',
'Mail.Send', 'Mail.ReadWrite', 'Mail.Read', 'Mail.ReadBasic', 'Contacts.ReadWrite',
'Mail.Read.Shared', 'Mail.ReadWrite.Shared', 'Mail.Send.Shared', 'MailboxSettings.Read',
'profile', 'openid', 'email', 'Calendars.ReadWrite',
'EAS.AccessAsUser.All', 'EWS.AccessAsUser.All',
];
For the legacy token (the one which works), the scopes are different:
[
'wl.emails', 'wl.offline_access', 'wl.imap'
];
(I've tried including these scopes when requesting the v2 token too, but it's invalid).
Other things I've tried:
Using smtp.office365.com instead of smtp.live.com
Obtaining fresh access tokens
Ensuring app settings/permissions are configured correctly, as per this article
Enable Exchange SMTP Auth
Office 365 SMTP servers do not support OAuth authentication as of this time.
Office 365 SMTP servers is supporting OAuth authentication only through Code Authorization Flow not with the other mechanisms like Client Credentials flow e.t.c
We have been trying to use Office365 SMTP OAUTH2 authentication with client credentials flow without success.
The documentation claims that SMTP should work
https://learn.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth
but also states the following:
<<Note As per the current test with SMTP Oath 2.0 client credential flow with non-interactive sign in is not supported.">>
We can generate a token using the code interactive flow and with the delegation dynamic scope
https://outlook.office.com/SMTP.Send
The resulting token has scope "SMTP.Send" which can be used in JavaMail to successfully send emails from a specific user.
We are building a non-interactive application, the above does not work for us.
When we try to generate a token with the client credential flow, the only scope format supported is {resource}/.default
HTTP POST https://login.microsoftonline.com/{tenantid}/oauth2/v2.0/token
client_id=...
client_secret=...
grant_type=client_credentials
scope=https://outlook.office365.com/.default
There are no application's permissions for SMTP we can set under the Microsoft Office API.
Authentication always returns "535 5.7.3 Authentication unsuccessful"
This should work like IMAP does.
The only option we have found is to disable Security Defaults under
Azure Active Directory
-> Properties
-> Manage Security Defaults
Which enables PLAIN TEXT authentication.
You also need make sure that your emailbox does not have Smtp Client Authentication disabled with the following powershell command
Set-CASMailbox -Identity -SmtpClientAuthenticationDisabled $false
after these two changes JavaMail can authenticate using user/pwd and can send emails.
Per https://learn.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth:
Note As per the current test with SMTP Oauth 2.0 client credential flow with non-interactive sign in is not supported.
I just discovered this myself.
The Microsoft Graph API is an alternative option and I have confirmed it does work with the Client Credentials flow, but it has other limitations related to volume and file attachments to be considered.
After reinstalling windows on my machine, i have tried to login to my Github account using the same user-name password stored in the browser with my Microsoft account...
with Sign in to GitHub
Username or email address page:
its seems to accept the credentials (tried with email as well with username) and then navigate to the next page saying:
Device verification code
We just sent your authentication code via email to y**************#hotmail.com.
But I never receive any email!!!
not in inbox or junk email beside the GitHub Community Summary..
i am afraid to try the Forgot password option - because perhaps it get the auth issue even worse.
Resetting the password seems to be a solution.
The email should arrive within a few minutes in case of setting a new password, even if you had problems in the authentication process.
I have setup an API Connect developer portal in the sandbox catalog (I've been following the basic tutorials about configuring an API developer portal found here).
I receive a message saying that i'll get a one time login link so that i can login to the portal as admin and reset my password. However, this never arrives. I have tried configuring the portal a number of times now and this link never comes. Therefore i'm unable to login as admin.
I've also tried using the 'request new password' option on the developer portal itself and entering my email but this also does not work
Is there a way I can retrieve the login link?
This could be a number of things:
1) the IBM emails often get flagged as spam
2) the IBM email server, or rather the people they've contracted this out to, doesn't fully comply with DKIM/SPF security, so if you are on a corporate server that requires this then you won't get your emails.
The workaround I've done in the past is spin up a gmail account and be sure to check my spam folder.
I have looked through every single bit of documentation I can find on this matter, and cannot figure this out. There must be people out there using Sendgrid as SMTP for discourse blogs, but I cannot figure out how.
Here's my app.yml setup:
env:
LANG: en_US.UTF-8
# DISCOURSE_DEFAULT_LOCALE: en
UNICORN_WORKERS: 3
DISCOURSE_DEVELOPER_EMAILS: 'admin#my_domain.com'
DISCOURSE_HOSTNAME: 'my_domain.com'
DISCOURSE_RELATIVE_URL_ROOT: /forum
## TODO: The mailserver this Discourse instance will use
DISCOURSE_SMTP_ADDRESS: smtp.sendgrid.net
DISCOURSE_SMTP_PORT: 587
DISCOURSE_SMTP_USER_NAME: apikey
DISCOURSE_SMTP_PASSWORD: API_KEY
DISCOURSE_SMTP_ENABLE_START_TLS: true
Obviously my_domain and API_KEY are replaced for the proper values. I have triple checked that these things are correct. I have rebuilt the app via launcher rebuild app many times.
The discourse admin UI shows these settings:
However, when I try to send any email, I get a popup that says:
There was a problem sending the test email. Please double-check your mail settings, verify that your host is not blocking mail connections, and try again.
The actual logs on the server aren't very helpful:
Sent mail to test#my_email.com (91.2ms)
Completed 422 Unprocessable Entity in 287ms (Views: 0.2ms | ActiveRecord: 0.4ms)
But when I check the "Skipped" tab of the admin email UI, I see that the "Skip Reason" is [Sender] 550 Unauthenticated senders not allowed - so I assume this is an authentication problem with SendGrid. How can I resolve this?
"Unauthenticated Senders not allowed" is a SendGrid-specific error that explicitly means that your system isn't sending the AUTH command. So even though you have authentication plain set, something is overriding that, and not attempting to authenticate when connecting to SendGrid.
Have you enabled "Mail Send" for that API Key?