Hello Morten.

Morten Bo Johansen wrote in
 <slrnul9ipu.63hr.mbj@localhost.localdomain>:
 |Is anybody able to send mail with s-nail through the outlook.com smtp \
 |server?

Just yesterday (because on some other list someone had problems)
i logged into IMAP.  (I use v14.10 development branch though.)

 |I have this in my ~/.mailrc:
 |
 |   set v15-compat
 |   
 |   account hotmail {
 |      localopts yes
 |      set from="Morten Bo Johansen <morte...@hotmail.com>"
 |      set imap-keepalive=240
 |      shortcut imap imaps://outlook.office365.com
 |      set tls-config-pairs=MinProtocol=TLSv1.2
 |      set smtp-use-starttls
 |      set mta=smtp://mortenbo%40hotmail.com:sec...@smtp-mail.outlook.com:58\
 |      7

Microsoft likely enforces OAuth.  I have written a Python program
(Python because it ships all necessary modules out of the box)
which handles the stuff:

  curl -b ./TMPCOOKIE -c ./TMPCOOKIE \
    -O https://git.sdaoden.eu/browse/s-toolbox.git/plain/oauth-helper.py

(No longer authentication required, but sets HTTP cookie.)
It needs a configuration file,

  python3 oauth-helper.py -p Microsoft -R morten.rc --action=template

creates it (see --help).  flow= must be auth however, i think.
Last night i had

  # /home/steffen/sec.arena/mail/.sitm-ms.oauth, written 2023-11-15 
00:29:01.875595
  
authorize_endpoint=https://login.microsoftonline.com/common/oauth2/v2.0/authorize
  
devicecode_endpoint=https://login.microsoftonline.com/common/oauth2/v2.0/devicecode
  token_endpoint=https://login.microsoftonline.com/common/oauth2/v2.0/token
  redirect_uri=https://login.microsoftonline.com/common/oauth2/nativeclient
  tenant=common
  scope=https://outlook.office.com/IMAP.AccessAsUser.All 
https://outlook.office.com/POP.AccessAsUser.All 
https://outlook.office.com/SMTP.Send
  flow=auth
  access_token=
  client_id=bf0f4488-089e-46ee-a48d-8f0717388be3
  login_hint=sugar.in.the.morn...@outlook.com

^ change this

  timeout=3600
  timestamp=
  refresh_token=

Last October i posted a v14.9.* script that makes use of this (but
do not use oauth-helper.py from that post, current is beter); i no
longer have it nor tried it ever since, i am all forward on v14.10
[1].

  [1] https://lists.sdaoden.eu/pipermail/s-mailx/2022-October/001650.html

Note Microsoft uses grazy-long tokens and requires a browser visit
each and every time the token expires (ie a normal refresh will
not work out).  The new token is also only seen in the browser
address line.

 |I get various error messages, no matter what I try, e.g.:
 |
 | $ mail -s "Test" morte...@hotmail.com < /dev/null 
 |   
 |  mail: SMTP server: 504 5.7.4 Unrecognized authentication type
 |   [MM0P280CA0062.SWEP280.PROD.OUTLOOK.COM 2023-11-15T13:28:04.587Z
 |   08DBE55409C962D3]
 |  
 |If I try with smtps://.. instead of smtp, I get
 |
 |  $ mail -s "Test" morte...@hotmail.com < /dev/null
 |    mail: could not initiate TLS connection: error:0A00010B:SSL routines::w\
 |    rong
 |    version number
 |  
 |I have also tried to remove the "tls-config-pairs" line to no effect.
 |
 |These are my "tls-features":          
 ...
 IMAP works fine. It is just smtp that doesn't work.

Oh.  Wait.  SMTP i have not tried.

  $ s-nail -A sitm-ms -s 'SMTP should work' stef...@sdaoden.eu
  ! Warning: --resource mode permissions other than user read/write: 0640: 
/home/steffen/sec.arena/mail/.sitm-ms.oauth
    ! refresh_token response: HTTP Error 400: Bad Request
    ! Let us try --authorize instead (sleeping 3 seconds)

^ Always with Microsoft :(  Yandex is much more relaxex.  Even
Google.

  * OAuth 2.0 RFC 6749, 4.1.1. Authorization Request
    . To create an authorization code, please visit the shown URL:

  lynx-redux 'https://login.microsoftonline.com/[.]'

^ $BROWSER that is

      - Shall i invoke this command? [y/else] n

  Please enter authorization [URI?code=]token: [.]

  * OAuth 2.0 RFC 6749, 4.1.3. Access Token Request
  s-nail:  .. updating password to OAuth token [.]
  s-nail: Conditional expression: expected an operator: stop during: =~ 
^imaps?://: of: =~ ^imaps?://

(oops, a bug)

  s-nail: Obsoletion warning: conditional expressions exclusively use 
shell-style notation; compatibility shims were removed!

  ...
  (Preliminary) Envelope contains:
  ...
  Send this message [yes/no, empty: recompose]? y
  ...
  #?0|kent:nail.git$

Works!
Now i hope this works with v14.9.24 also.  Its oauthbearer
authentication should be xoauth2 indeed, please complain if it
does not work.  (I hate OAuth.)

I am undecided how to do it for this MUA indeed.  I personally now
do "call oauth-activate sitm-ms" from within my account:

  define oauth-activate {
          \se password imap-auth=xoauth2 [.]
          \call oauth-check-token-init
          \se oauth-helper='$HOME/src/toolbox.git/oauth-helper.py \
                                  --resource $HOME/sec.arena/mail/.'$1'.oauth' \
                          oauth-helper-times=$HOME/sec.arena/mail/.$1.oauth \
                          on-oauth-password-change=_oauth-on-new-token
  }

  define _oauth-on-new-token {
          \if -n "$1"
                  \echoe ' .. updating password to OAuth token '$1
                  \se password=$1
                  \if $mailbox-resolved =~ ^imaps?://
                          \echoe ' .. reconnecting IMAP mailbox after password 
change'
                          \disco
                          \conn
                  \en
          \el
                  \echoe ' .. deleting password'
                  \uns password
          \en
  }

These then get driven by the code that i posted in October last
year (at least in its current v14.10-and-above form, but i *think*
nothing has changed regarding that).
Since you seem to drive it from the command line only you can as
well simply call the python script, and then call the MUA with the
password already resolved, no?

Ring through on problems!

--steffen
|
|Der Kragenbaer,                The moon bear,
|der holt sich munter           he cheerfully and one by one
|einen nach dem anderen runter  wa.ks himself off
|(By Robert Gernhardt)

Reply via email to