On Thursday, September 28, 2023 3:03 AM, Volker Schmid wrote: >Am 27.09.23 um 23:37 schrieb Ray Satiro via curl-library: >> On 9/25/2023 9:59 AM, Volker Schmid via curl-library wrote: >>> we are using libcurl in version 7.71.1 (32 bit) on Windows to send >>> email using SMTP. The login fails to some customers office365.com >>> server. Here is the log. I replaced some sensitive information with >>> xxxxxxx, please apologise. >>> >>> CURL: Trying 52.97.201.114:25... >>> CURL: Connected to smtp.office365.com (52.97.201.114) port 25 >>> (#0) >>> CURL: 220 AM9P195CA0024.outlook.office365.com Microsoft ESMTP >>> MAIL Service ready at Thu, 21 Sep 2023 13:58:47 +0000 >>> CURL: EHLO XXXXXXXXXX-102 >>> CURL: 250-AM9P195CA0024.outlook.office365.com Hello >>> [185.173.180.160] >>> CURL: 250-SIZE 157286400 >>> CURL: 250-PIPELINING >>> CURL: 250-DSN >>> CURL: 250-ENHANCEDSTATUSCODES >>> CURL: 250-STARTTLS >>> CURL: 250-8BITMIME >>> CURL: 250-BINARYMIME >>> CURL: 250-CHUNKING >>> CURL: 250 SMTPUTF8 >>> CURL: STARTTLS >>> CURL: 220 2.0.0 SMTP server ready >>> CURL: EHLO XXXXXXXXXX-102 >>> CURL: 250-AM9P195CA0024.outlook.office365.com Hello >>> [185.173.xxx.xxx] >>> CURL: 250-SIZE 157286400 >>> CURL: 250-PIPELINING >>> CURL: 250-DSN >>> CURL: 250-ENHANCEDSTATUSCODES >>> CURL: 250-AUTH LOGIN XOAUTH2 >>> CURL: 250-8BITMIME >>> CURL: 250-BINARYMIME >>> CURL: 250-CHUNKING >>> CURL: 250 SMTPUTF8 >>> CURL: AUTH LOGIN >>> CURL: 334 xxxxxxxxxxxxxxxx >>> CURL: xxxxxxxxxxxxxxxxxxxxxx== >>> CURL: 334 xxxxxxxxxxxxxxxx >>> CURL: xxxxxxxxxxxxxxxxx= >>> CURL: Operation timed out after 8002 milliseconds with 0 out of 0 >>> bytes received >>> CURL: Closing connection 0 >>> CURL: schannel: shutting down SSL/TLS connection with >>> smtp.office365.com port 25 >>> Error performing GET. Curl ec:28 >>> CURL Error Buffer content: Operation timed out after 8002 >>> milliseconds with 0 out of 0 bytes received >>> >>> It looks like only AUTH LOGIN XOAUTH2 is supported and the lib is >>> trying AUTH LOGIN. This was answered with silence for > 8 seconds and >>> then timed out. >>> >>> Is there some flag or option we need to turn on in libcurl to allow >>> SMTP sending through such email server? >>> >>> I already found the CURLOPT_XOAUTH2_BEARER option, but to be honest I >>> don't know the process to get the values needed. From where do I get >>> a Bearer Token? Do I have to ask the customer on every sending for >>> some token? Or is this some setting the customer enters like a >>> username and I have to save and use it? How does this work? >> >> >> If you're seeing it only on some accounts then maybe there's a setting >> to shut it off. Google had a similar situation for a while and now on >> most accounts they require the tokens for security since by using them >> you can limit the scope of what can be accessed on the account. >> >> I can't speak to MS but for Google there has to be some initial >> interactive authentication (as in, a browser or something will open) >> on the user's end where they are logged in to their account and >> authorize access to an "app" registered beforehand (you can do this as >> a >> developer) that can access specific scopes of the account (eg app can >> only access gmail e-mail). Once the interactive auth is complete it >> gives an access token (ephemeral) and a refresh token (use to get more >> access tokens when they expire). Depending on how long the refresh >> token will last you could use it to generate more access tokens. >> >> I don't know of what library in C can do this. Once the interaction >> phase is over you could work with the user's refresh token via libcurl >> to request new access tokens via libcurl, if MS API allows it. For >> Google I wrote some perl scripts that use curl to retrieve tokens [1]. >> >> >> [1]: https://github.com/jay/curl_google_oauth >> > >Thank you Ray, that was helpful. I just found some small examples calling these >URLs. But if I let the user open some URL, how do I get the result? Webbrowsers >usually don't tell me the results of opening a URL. I'm confused. Theremust be >some >API that I have to call for sure. > >Until now, I only have email address, password and smtp mailserver. This is >provided by the user. The thing is, I should open some URL now. But what URL >is to >be used for the token? Microsoft for sure uses other URLs than Google and >others. >But the mailserver neither tells me the URL nor do I get it from somewhere >else? The >user don't knows it either. Maybe it is derived from the domain part of the >email >address? Is there a standard RFC that I can refer to for learning this?
Office365 uses SMTP host smtp-mail.outlook.com, port 587, and STARTTLS encryption. As far as I know, it does not listen on port 25. Regards, Randall -- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.html
