Re: [S-mailx] microsoft outlook server with xoauth2
Steffen Nurpmeso wrote in <2022091933.njtw7%[email protected]>: |Stephen Isard wrote in | <[email protected]>: ... ||You are right, calling it at the beginning of the account definition ||works. I didn't do it that way because I wasn't certain that s-nail ||would set the password before attempting the imap login. It makes sense ||that the lines in the account definition would get executed in order, ||but I wasn't sure. 'Added documentation snippet with credit to you. Ciao! --steffen | |Der Kragenbaer,The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt)
Re: [S-mailx] microsoft outlook server with xoauth2
Stephen Isard wrote in <[email protected]>: |On Mon, 12 Sep 2022, Steffen Nurpmeso steffen-at-sdaoden.eu |s-nail| wrote: |>|s-nail -X 'call update_access_token' -A oauth |>| |>|The initial call to update_access_token uses the refresh token in your |>|~/.s-nail-tokenfile to get an access token that s-nail treats as a |>|password for logging in. The settings of on-main-loop-tick and |> |> Why do you need this initial call? Ah, you directly log into IMAP |> and use that as your base, hmhm, we really deal bad with that. |> Call it from within the account? | |You are right, calling it at the beginning of the account definition |works. I didn't do it that way because I wasn't certain that s-nail |would set the password before attempting the imap login. It makes sense |that the lines in the account definition would get executed in order, |but I wasn't sure. It will always work in this order, the old account is teared down, the new account macro is evaluated, then if that was successful, the folder is opened. Maybe could also be documented better, especially that on-account-cleanup is called even if the that folder-opening stage is not even reached. Thanks Stephen! --steffen | |Der Kragenbaer,The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt)
Re: [S-mailx] microsoft outlook server with xoauth2
On Mon, 12 Sep 2022, Steffen Nurpmeso steffen-at-sdaoden.eu |s-nail| wrote: ... |s-nail -X 'call update_access_token' -A oauth | |The initial call to update_access_token uses the refresh token in your |~/.s-nail-tokenfile to get an access token that s-nail treats as a |password for logging in. The settings of on-main-loop-tick and Why do you need this initial call? Ah, you directly log into IMAP and use that as your base, hmhm, we really deal bad with that. Call it from within the account? You are right, calling it at the beginning of the account definition works. I didn't do it that way because I wasn't certain that s-nail would set the password before attempting the imap login. It makes sense that the lines in the account definition would get executed in order, but I wasn't sure. Stephen Isard
Re: [S-mailx] microsoft outlook server with xoauth2
On Mon, 12 Sep 2022, Steffen Nurpmeso steffen-at-sdaoden.eu |s-nail| wrote: ... | set user=loginname@organization #the name you log in with on their \ | website | set from=emailname@organization # might be the same as user, or not Really!?! That is interesting, i added smtp-from (superceeding smtp-hostname) to make this work on Microsoft, but it seems they plugged it, as last week it did no longer work. My experience is that 1) Making from be the same as user works, but then emails say that they are from the login name, which in my case isn't my email address 2) Making from be my actual email address there does what I want 3) Making from be somename@somewhereelse produces an error saying that user can't send as that person Stephen Isard
Re: [S-mailx] microsoft outlook server with xoauth2
Stephen Isard wrote in <[email protected]>: |In case there is someone else in my situation, needing to connect to an |institutional outlook account with s-nail, here is a recipe that works |for me on ubuntu 20.04 LTS: Thanks for this write-up, Stephen. |define update_access_token { ... |account oauth { | set inbox=imaps://yourname%[email protected] | set folder=${inbox} | set user=loginname@organization #the name you log in with on their \ | website | set from=emailname@organization # might be the same as user, or not Really!?! That is interesting, i added smtp-from (superceeding smtp-hostname) to make this work on Microsoft, but it seems they plugged it, as last week it did no longer work. | set mta=submission://smtp.office365.com | set smtp-use-starttls | set smtp-auth=oauthbearer | set imap-auth=oauthbearer ... |Now you can connect with | |s-nail -X 'call update_access_token' -A oauth | |The initial call to update_access_token uses the refresh token in your |~/.s-nail-tokenfile to get an access token that s-nail treats as a |password for logging in. The settings of on-main-loop-tick and Why do you need this initial call? Ah, you directly log into IMAP and use that as your base, hmhm, we really deal bad with that. Call it from within the account? Yes it is a problem, on-main-loop-tick happens hm when the main loop ticks, which it never does when only sending one mail message. on-compose-enter will get that thing. Do you think it would be a good idea to run it once in that case, too? (For simplicity etc.? Document it better?) define mlt { echo MLT } account x { echo account x } define xx { echo eins echo zwei xit } set emptystart set on-main-loop-tick=mlt on-compose-enter=mlt comes to #?0|kent:nail.git$ MAILRC=/tmp/t.c mailx -:u -Ax -Xxit account x #?0|kent:nail.git$ MAILRC=/tmp/t.c mailx -:u -Ax -Yxit account x mailx version v14.9.24. Type `?' for help /var/spool/mail/steffen: 0 messages No more mail. MLT #?0|kent:nail.git$
Re: [S-mailx] microsoft outlook server with xoauth2
In case there is someone else in my situation, needing to connect to an
institutional outlook account with s-nail, here is a recipe that works
for me on ubuntu 20.04 LTS:
On Sun, 4 Sep 2022, Steffen Nurpmeso steffen-at-sdaoden.eu |s-nail| wrote:
in the mutt(1) MUA repository there
is contrib/mutt_oauth2.py*, and it reads
-- How to create a Microsoft registration --
Go to portal.azure.com, log in with a Microsoft account (get a free
one at outlook.com), then search for "app registration", and add a
new registration. On the initial form that appears, put a name like
"Mutt", allow any type of account, and put "http://localhost/"; as
the redirect URI, then more carefully go through each
screen:
Branding
- Leave fields blank or put in reasonable values
- For official registration, verify your choice of publisher domain
Authentication:
- Platform "Mobile and desktop"
- Redirect URI "http://localhost/";
- Any kind of account
- Enable public client (allow device code flow)
API permissions:
- Microsoft Graph, Delegated, "offline_access"
- Microsoft Graph, Delegated, "IMAP.AccessAsUser.All"
- Microsoft Graph, Delegated, "POP.AccessAsUser.All"
- Microsoft Graph, Delegated, "SMTP.Send"
- Microsoft Graph, Delegated, "User.Read"
Overview:
- Take note of the Application ID (a.k.a. Client ID), you'll need it shortly
End users who aren't able to get to the app registration screen within
portal.azure.com for their work/school account can temporarily use an
incognito browser window to create a free outlook.com account and use that
to create the app registration.
Edit the client_id (and client_secret if there is one) into the
mutt_oauth2.py script.
Do the above. When I did it, I got a client id, but no client secret.
I put the client id between the '' quotes in the microsoft subsection of
the registrations section of the mutt_oauth2.py script and left the
client secret blank. I also filled in my own gpg id in the
ENCRYPTION_PIPE line of the script.
[Note: mutt-oauth2.py requires a python installation sufficiently
recent to accept the keyword argument "capture_output". Python3
3.8.2 on ubuntu 20.04 is ok. Python3 3.6.8-18 on Centos 7 is too old.
I have seen claims that you don't actually need get your own client id
or secret and can just use the ones for Thunderbird that have been
posted on the web, or, I suppose, the ones for Alpine that Steffen
quoted in a recent message. I haven't tried though.]
Then a one-time run of
mutt_oauth2.py --authorize --verbose --test ~/.s-nail-tokenfile
invites you to log in to your organizational microsoft account and fill
in various stuff, after which you have an encrypted refresh token in
~/.s-nail-tokenfile, as well as a lot of gibberish on your screen.
Put the lines below into your .mailrc. They are mostly copied from the
s-nail man page or the sample fozzy-baer setup that Steffen posted in a
message:
set tokenfile=~/.s-nail-tokenfile # or another location of your choice
set access_token_=0
define o-m-l-t {
xcall update_access_token
}
define o-c-e {
xcall update_access_token
}
set v15-compat=1
define update_access_token {
local set x epoch_sec epoch_nsec
vput vexpr x epoch
eval set $x # set epoch_sec/_nsec of vexpr epoch
vput vexpr i + $access_token_ 2100
if $epoch_sec -ge $i
eval "vput ! password mutt_oauth2.py --test $tokenfile 2>/dev/null"
# need eval to get the value of "tokenfile" passed out to the shell
vput csop password trim "$password"
if -n "$verbose"
echo password is <$password>
endif
set access_token_=$epoch_sec
endif
}
account oauth {
set inbox=imaps://yourname%[email protected]
set folder=${inbox}
set user=loginname@organization #the name you log in with on their website
set from=emailname@organization # might be the same as user, or not
set mta=submission://smtp.office365.com
set smtp-use-starttls
set smtp-auth=oauthbearer
set imap-auth=oauthbearer
set on-main-loop-tick=o-m-l-t on-compose-enter=o-c-e
}
[Note: This is minimal. You can add your own further preferences.
Steffen's fozzi-baer script sets the boolean variables nosmtp-hostname
and nonetrc-lookup and sets tls-config-pairs=MinProtocol=TLSv1.2, but I
don't appear to need those. Setting user looks necessary for sending
with smtp. Not setting it or setting it wrong gives an error message
when you try to send, although you can read mail without it. Email can
be different from login, e.g., user=joebloggs@organization,
[email protected]. The @organization part probably has to be
the same though.]
Now you can connect with
s-nail -X 'call update_access_token' -A oauth
The initial call to update_access_token uses the refresh token in your
~/.s-nail-tokenfile to get an access token that s-nail treats as a
password for logging in. The settings of on-main-loop-tick and
Re: [S-mailx] microsoft outlook server with xoauth2
Hello Stephen. Stephen Isard wrote in <[email protected]>: |On Mon, 5 Sep 2022, Steffen Nurpmeso steffen-at-sdaoden.eu |s-nail| wrote: |... |>|microsoft says it [basic authentication] will stop |>|working next month, which is why I am trying to set up |> |> They do?! | |They do. See |https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange\ |-onl |ine/deprecation-of-basic-authentication-exchange-online Thanks. Microsoft instructions are pretty clear, but i will not be able to do this today. |> I have no idea how to get an application ID for S-nail that can |> simply be used. | |Nor do I, but alpine has a fairly painless process for setting up |xoauth2 for microsoft. See |https://alpineapp.email/alpine/alpine-info/misc/xoauth2.html (which |starts off by explaining that "The idea of XOAUTH2 is to create the |illusion of security"). Well i mean one thing there is with all this OAuth stuff, and that is that services are capable to identify clients, and therefore clients can be restricted in what they are allowed to do. That is not a bad thing. Especially with future protocols like JMAP, which will be able to drive the entire portfolio (mail, calendar, whatever). (Surely there are protocols which can do this already today, of course.) To me it is just that application specific passwords .. etc etc. And couldn't it have been integrated via Kerberos, etc etc. Thanks for the info. Yes i mean with the scripts from [1,2] it is fairly easy with s-nail, too. I will not integrate it into s-nail itself, because it needs HTTP, and -- this is what i said on an IETF list regarding all this, too, after someone said something "you are capable to do some HTTP, no?", in that spirit -- whereas HTTP 1.0 and 1.1 are easy, HTTP/2 is not even implemented by cURL, that uses an external library, and that in turn uses two other libraries to implement the QUIC variant, which is HTTP/3. [1] http://mmogilvi.users.sourceforge.net/software/oauthbearer.html [2] http://mmogilvi.users.sourceforge.net/downloads/oauthbearerScripts-2022-07-10.tar.bz2 My problem with it: if they want it, why not simply via some text messages via TLS, even -- what i said -- in the protocol itself, as an extension (just one back and forth it is), without JSON in the protocol, but as simple text K=V\0 pairs? But complaining does nothing to the actual reality, of course. Anyhow i will not blow up S-nail with HTTP easy now, hard later. And that "later" is soon given how they all hype QUIC at the moment. Granted: OpenSSL seems to implement its own QUIC driver, and since we do need and yes want OpenSSL, we would get QUIC via it, and then HTTP/[23] is possibly not that hard either. And maybe cURL to unfortunately not do socket programming on our own. Yes. So what you need is a client-id, and a client-secret, so that the service can decide what is to be granted for you, and the application you are actually using. These are very complicated to get, impossible to accomplish for Google in practice, except you let users go through a myriads of complicated "developer" things. Very user friendly. Whereas i somehow failed to configure Microsoft in June last year, and had lots of trouble with Google, i think it was because i use firefox-bin, as the interface was incomplete and what the help said i should use was simply not there!, it seems Alpine somehow got all this, when i look at https://repo.or.cz/alpine.git/blob/HEAD:/alpine/xoauth2.h i see 21 #define GMAIL_NAME (unsigned char *) "Gmail" 22 #define GMAIL_ID "624395471329-0qee3goofj7kbl7hsukou3rqq0igntv1.apps.googleusercontent.com" 23 #define GMAIL_SECRET "vwnqVJQrJZpR6JilCfAN5nY7" 24 #define GMAIL_TENANT NULL 25 #define GMAIL_FLAGS (OA2_AUTHORIZE) 26 27 #define OUTLOOK_NAME (unsigned char *) "Outlook" 28 #define OUTLOOK_ID "f21dcaf2-8020-469b-8135-343bfc35d046" 29 #define OUTLOOK_SECRET "Tk-DAcEi13-FeSsY_Ja4Y.-MyL66I.wIPt" 30 #define OUTLOOK_TENANT "common" 31 #define OUTLOOK_FLAGS (OA2_DEVICE) 32 33 #define YANDEX_NAME (unsigned char *) "Yandex" 34 #define YANDEX_ID "393578fee26f47858023cf59681882a7" 35 #define YANDEX_SECRET "7304c4993583498f8ab63e2f21ad6960" 36 #define YANDEX_TENANT NULL 37 #define YANDEX_FLAGS (OA2_AUTHORIZE) 38 39 #define YAHOO_NAME (unsigned char *) "Yahoo!" 40 #define YAHOO_ID "dj0yJmk9RTdyZEQ2TWxGMzV6JmQ9WVdrOWVrTllZbGgyV2tjbWNHbzlNQT09JnM9Y29uc3VtZXJzZWNyZXQmc3Y9MCZ4PTli" 41 #define YAHOO_SECRET "3a8b12d51c09b0a5c0733c36d04cd3c69e33baef" 42 #define YAHOO_TENANT NULL 43 #define YAHOO_FLAGS (OA2_AUTHORIZE) so it seems to be doable to get client IDs and client secrets for a console application for all these giants services! |I've also discovered davmail http://davmail.sourceforge.net/, which does |the xoauth2 stuff for you and shows your mail on a local server. It |works with s-nail and I'll us
Re: [S-mailx] microsoft outlook server with xoauth2
On Mon, 5 Sep 2022, Steffen Nurpmeso steffen-at-sdaoden.eu |s-nail| wrote: ... |microsoft says it [basic authentication] will stop |working next month, which is why I am trying to set up They do?! They do. See https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-onl ine/deprecation-of-basic-authentication-exchange-online I have no idea how to get an application ID for S-nail that can simply be used. Nor do I, but alpine has a fairly painless process for setting up xoauth2 for microsoft. See https://alpineapp.email/alpine/alpine-info/misc/xoauth2.html (which starts off by explaining that "The idea of XOAUTH2 is to create the illusion of security"). I've also discovered davmail http://davmail.sourceforge.net/, which does the xoauth2 stuff for you and shows your mail on a local server. It works with s-nail and I'll use it if I can't manage to connect with s-nail directly. Stephen Isard
Re: [S-mailx] microsoft outlook server with xoauth2
Stephen Isard wrote in <[email protected]>: |On Mon, 5 Sep 2022, Steffen Nurpmeso steffen-at-sdaoden.eu |s-nail| wrote: |... |>|>|authenticating with xoauth2? |>|> |>|> The released S-nail's have oauthbearer which de facto _is_ |>|> XOAUTH2. No? I think yes. |>| |>|Can you post the imap authentication settings for your fozzi-baer |>|account? That would be very helpful. |> |> I actually do not have any. | |But aren't you then getting plain/basic/password authentication for |imap, rather than xoauth2/oathbearer? (I have no problem connecting |with plain authentication at the moment, but microsoft says it will stop |working next month, which is why I am trying to set up They do?! I wished they would offer Kerberos, they use it anyway, do they. |xoauth2/oathbearer.) Like i said, with the helper scripts which do all the updates and such we do support it, though falsely named. I have no idea how to get an application ID for S-nail that can simply be used. For Google it is a _very_ expensive thing, and they want things i simply cannot offer. You could somehow make it private, but the documentation does not match what i see when i go there with firefox-bin. Also i think it is forbidden to offer public access to "private" applications. Or whatever the term is. We had a thread on that regarding Google in May i think. --steffen | |Der Kragenbaer,The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt)
Re: [S-mailx] microsoft outlook server with xoauth2
On Mon, 5 Sep 2022, Steffen Nurpmeso steffen-at-sdaoden.eu |s-nail| wrote: ... |>|authenticating with xoauth2? |> |> The released S-nail's have oauthbearer which de facto _is_ |> XOAUTH2. No? I think yes. | |Can you post the imap authentication settings for your fozzi-baer |account? That would be very helpful. I actually do not have any. But aren't you then getting plain/basic/password authentication for imap, rather than xoauth2/oathbearer? (I have no problem connecting with plain authentication at the moment, but microsoft says it will stop working next month, which is why I am trying to set up xoauth2/oathbearer.) Stephen Isard
Re: [S-mailx] microsoft outlook server with xoauth2
Stephen Isard wrote in <[email protected]>: |On Mon, 5 Sep 2022, Steffen Nurpmeso steffen-at-sdaoden.eu |s-nail| wrote: |> Stephen Isard wrote in |> <[email protected]>: ... |>|> s-nail: >>> T9 LOGIN "[email protected]" "..." |>|> s-nail: >>> SERVER: T9 OK LOGIN completed. |>| |>|authenticating with xoauth2? |> |> The released S-nail's have oauthbearer which de facto _is_ |> XOAUTH2. No? I think yes. | |Can you post the imap authentication settings for your fozzi-baer |account? That would be very helpful. I actually do not have any. account fozzi-baer { \call fozzi-baer } define fozzi-baer { \set hostname=outlook.com \ mta=submission://smtp.office365.com \ netrc-lookup \ tls-config-pairs=MinProtocol=TLSv1.2 \ [email protected] \set smtp-from=$user \ from='Steffen Nurpmeso ' ^ Ok this will not work out, i have not updated it on Saturday. This all is v14.10.. \shortcut pop '%:pop3s://outlook.office365.com' \shortcut imap '%:imaps://outlook.office365.com' \commandalias xp 'fi pop' \commandalias xi 'fi imap' } I think this should choose default stuff all over the place. Dear Stephen i am out of time .. tomorrow at latest i try to adapt fozzi-baer to v14.9.24 and check it out. (But.. i do not think anything needs to be changed. I mean, *smtp-from* does not exist in v14.9.24.) Ok? Ciao! --steffen | |Der Kragenbaer,The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt)
Re: [S-mailx] microsoft outlook server with xoauth2
On Mon, 5 Sep 2022, Steffen Nurpmeso steffen-at-sdaoden.eu |s-nail| wrote: Stephen Isard wrote in <[email protected]>: ... |So is your report | |> s-nail: >>> SERVER: * OK The Microsoft Exchange IMAP4 service is \ |> ready. .. |> s-nail: >>> T8 CAPABILITY |> s-nail: >>> SERVER: * CAPABILITY IMAP4 IMAP4rev1 AUTH=PLAIN AUTH=XOAUTH2\ |> SAS$ |> s-nail: >>> SERVER: T8 OK CAPABILITY completed. |> s-nail: >>> T9 LOGIN "[email protected]" "..." |> s-nail: >>> SERVER: T9 OK LOGIN completed. | |authenticating with xoauth2? The released S-nail's have oauthbearer which de facto _is_ XOAUTH2. No? I think yes. Can you post the imap authentication settings for your fozzi-baer account? That would be very helpful. Thanks, Stephen Isard
Re: [S-mailx] microsoft outlook server with xoauth2
SZÉPE Viktor wrote in <[email protected]>: |Hello folks! | |I'm not really into console based mailing. (maybe with v15 it will change!) | |In 2022 isn't it obvious that xoauth2 should be an integral part of |your email client? |This is only my feeling. My 15 year old self hosted Horde webmail is |also oauth-less. Well there is Author: Steffen Nurpmeso AuthorDate: 2019-09-08 03:12:08 +0200 Commit: Steffen Nurpmeso CommitDate: 2022-08-24 01:43:44 +0200 [net-test] (BWDIC!) Extend authentication stuff, support automatic such.. In order to finally "just work" (tm), to reduce the number of variables which need to be set to configure a single protocol, and also to require lesser code once it is possible to do the configuration also as part of an URL query string, rework the authentication stuff a bit. So with this we now have the framework to automatically handle AUTHentication, by parsing those mechanisms which the server supports, collate that with user wishes, and finally select the best mechanism in the current context. This also changes several other things: - Add XOAUTH2 authentication (at least as a name). This is BWDIC!, because we falsely claimed OAUTHBEARER to be XOAUTH2 in the past. - EXTERNAL and EXTERNANON require TLS. - OAUTHBEARER and XOAUTH2 require TLS. But unfortunately so much is still missing for v14.10, it will not happen before Christmas for sure. It did case mx_CRED_AUTHTYPE_OAUTHBEARER: + case mx_CRED_AUTHTYPE_XOAUTH2: /* TODO XOAUTH2 == OAUTHBEARER */ f |= a_IS_OAUTHBEARER; /* FALLTHRU */ case mx_CRED_AUTHTYPE_PLAIN: - default: /* (this does not happen) */ #define a_MAX \ (2 + sizeof("AUTH XOAUTH2 " "user=\001auth=Bearer \001\001" NETNL)) ... if(f & a_IS_OAUTHBEARER){ authfmt = NETLINE("AUTH XOAUTH2 %s"); so i am pretty sure it _was_ XOAUTH2. --steffen | |Der Kragenbaer,The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt)
Re: [S-mailx] microsoft outlook server with xoauth2
Stephen Isard wrote in <[email protected]>: |Thanks very much for the pointers, Steffen. I don't actually need to |use the microsoft smtp server. There is another server that I can send |through. I just need to read mail on the imap server. So is your |report | |> s-nail: >>> SERVER: * OK The Microsoft Exchange IMAP4 service is \ |> ready. .. |> s-nail: >>> T8 CAPABILITY |> s-nail: >>> SERVER: * CAPABILITY IMAP4 IMAP4rev1 AUTH=PLAIN AUTH=XOAUTH2\ |> SAS$ |> s-nail: >>> SERVER: T8 OK CAPABILITY completed. |> s-nail: >>> T9 LOGIN "[email protected]" "..." |> s-nail: >>> SERVER: T9 OK LOGIN completed. | |authenticating with xoauth2? The released S-nail's have oauthbearer which de facto _is_ XOAUTH2. No? I think yes. v14.10 will detangle this to oauthbearer and xoauth2, i am afraid configurations possibly need to be changed. Or not, since there will be a new *smtp-config* which replaces all the others and automatically chooses a thing, unless told otherwise. But your console will be complain. |> But regarding your question, in the mutt(1) MUA repository there |> is contrib/mutt_oauth2.py*, and it reads |> |> -- How to create a Microsoft registration -- |... | |That looks promising. I'll give it a try. | |Stephen Isard --End of <[email protected]> --steffen | |Der Kragenbaer,The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt)
Re: [S-mailx] microsoft outlook server with xoauth2
Hello folks! I'm not really into console based mailing. (maybe with v15 it will change!) In 2022 isn't it obvious that xoauth2 should be an integral part of your email client? This is only my feeling. My 15 year old self hosted Horde webmail is also oauth-less. Idézem/Quoting Stephen Isard : Thanks very much for the pointers, Steffen. I don't actually need to use the microsoft smtp server. There is another server that I can send through. I just need to read mail on the imap server. So is your report s-nail: >>> SERVER: * OK The Microsoft Exchange IMAP4 service is ready. .. s-nail: >>> T8 CAPABILITY s-nail: >>> SERVER: * CAPABILITY IMAP4 IMAP4rev1 AUTH=PLAIN AUTH=XOAUTH2 SAS$ s-nail: >>> SERVER: T8 OK CAPABILITY completed. s-nail: >>> T9 LOGIN "[email protected]" "..." s-nail: >>> SERVER: T9 OK LOGIN completed. authenticating with xoauth2? But regarding your question, in the mutt(1) MUA repository there is contrib/mutt_oauth2.py*, and it reads -- How to create a Microsoft registration -- ... That looks promising. I'll give it a try. Stephen Isard SZÉPE Viktor, webes alkalmazás üzemeltetés / Running your application https://github.com/szepeviktor/debian-server-tools/blob/master/CV.md ~~~ ügyelet 🌶️ hotline: +36-20-4242498 [email protected] skype: szepe.viktor Budapest, III. kerület smime.p7s Description: S/MIME Signature
Re: [S-mailx] microsoft outlook server with xoauth2
Thanks very much for the pointers, Steffen. I don't actually need to use the microsoft smtp server. There is another server that I can send through. I just need to read mail on the imap server. So is your report s-nail: >>> SERVER: * OK The Microsoft Exchange IMAP4 service is ready. .. s-nail: >>> T8 CAPABILITY s-nail: >>> SERVER: * CAPABILITY IMAP4 IMAP4rev1 AUTH=PLAIN AUTH=XOAUTH2 SAS$ s-nail: >>> SERVER: T8 OK CAPABILITY completed. s-nail: >>> T9 LOGIN "[email protected]" "..." s-nail: >>> SERVER: T9 OK LOGIN completed. authenticating with xoauth2? But regarding your question, in the mutt(1) MUA repository there is contrib/mutt_oauth2.py*, and it reads -- How to create a Microsoft registration -- ... That looks promising. I'll give it a try. Stephen Isard
Re: [S-mailx] microsoft outlook server with xoauth2
Steffen Nurpmeso wrote in <20220903225350.wezi7%[email protected]>: ... |Hmm. Well i can SMTP LOGIN as fozzi-baer, but can no longer send |a message as [email protected] | | 554 5.2.252 SendAsDenied; [email protected] not allowed to send \ | as [email protected]; STOREDRV.Submission.Exception:SendAsDeniedExcepti\ | on.MapiExceptionSendAsDenied; Failed to process message due to a \ | permanent exception with message [BeginDiagnosticData]Cannot submit \ | message. They now not only test the "MAIL FROM:<>" that can be "set smtp-from=X" (since some time), they also check for "set from=Y" now! Spoiler alarm. But if i "set from=$smtp-from" (aka $user): #?0|kent:src$ >> Date: Sun, 04 Sep 2022 00:56:22 +0200 s-nail: >>> Author: [email protected] s-nail: >>> From: [email protected] s-nail: >>> To: [email protected] s-nail: >>> Subject: Test without XOAUTH2 s-nail: >>> Message-ID: <[email protected]> s-nail: >>> User-Agent: s-nail v14.9.24-295-g629abc8b54 s-nail: >>> s-nail: >>> . s-nail: >>> QUIT s-nail: >>> SERVER: 250 2.0.0 OK ... s-nail: >>> SERVER: 221 2.0.0 Service closing transmission channel Ciao! --steffen | |Der Kragenbaer,The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt)
Re: [S-mailx] microsoft outlook server with xoauth2
Hello Stephen! Sorry, late and tired.. But.. Stephen Isard wrote in <[email protected]>: |A university mail server that I use was outsourced to microsoft. I have I truly hate that outsourcing everywhere. A few years back a university of Vienna/Austria outsourced to GMail i think, then i stopped complaining, but now that you come in. aaeehh. It is likely the easy integration of calendars and mail and anything. We had that Univention Corporate Server thing in Germany, but hey this is a business, sorry for mentioning it. It drives some public schools anyhow. Sifh. |been connecting to this server in s-nail using "plain" authentication, |i.e., a password. Now microsoft is about to stop supporting plain |authentication |https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange\ |-online/deprecation-of-basic-authentication-exchange-online |and it will be necessary to use xoauth2. I have read the s-nail man |page section "But, how about XOAUTH2 / OAUTHBEARER?" and can copy the |oauth2.py stuff, but I don't know the microsoft equivalents to the gmail |instructions for getting and storing the “client ID” and “client secret” |given in |https://github.com/google/gmail-oauth2-tools/wiki/OAuth2DotPyRunThrough. For Google use [1], that works instead. Aka [2], which i plan to somehow integrate into s-nail v14.10, whenever that happens (christmas). (I have not looked in [2] yet, i read more in detail over the 2020-11-03 version. It seems to be a 1518 line diff.) [1] http://mmogilvi.users.sourceforge.net/software/oauthbearer.html [2] http://mmogilvi.users.sourceforge.net/downloads/oauthbearerScripts-2022-07-10.tar.bz2 |Has anyone been connecting to an outlook account using xoauth2 with |s-nail? Steffen, did you try to use xoauth2 with your fozzi-baer |account? Oh i have even forgotten i have this account. Hmm, login works for me still. s-nail: >>> SERVER: * OK The Microsoft Exchange IMAP4 service is ready. .. s-nail: >>> T8 CAPABILITY s-nail: >>> SERVER: * CAPABILITY IMAP4 IMAP4rev1 AUTH=PLAIN AUTH=XOAUTH2 SASL-IR UIDPLUS ID UNSELECT CHILDREN IDLE NAMESPACE LITERAL+ s-nail: >>> SERVER: T8 OK CAPABILITY completed. s-nail: >>> T9 LOGIN "[email protected]" "..." s-nail: >>> SERVER: T9 OK LOGIN completed. But regarding your question, in the mutt(1) MUA repository there is contrib/mutt_oauth2.py*, and it reads -- How to create a Microsoft registration -- Go to portal.azure.com, log in with a Microsoft account (get a free one at outlook.com), then search for "app registration", and add a new registration. On the initial form that appears, put a name like "Mutt", allow any type of account, and put "http://localhost/"; as the redirect URI, then more carefully go through each screen: Branding - Leave fields blank or put in reasonable values - For official registration, verify your choice of publisher domain Authentication: - Platform "Mobile and desktop" - Redirect URI "http://localhost/"; - Any kind of account - Enable public client (allow device code flow) API permissions: - Microsoft Graph, Delegated, "offline_access" - Microsoft Graph, Delegated, "IMAP.AccessAsUser.All" - Microsoft Graph, Delegated, "POP.AccessAsUser.All" - Microsoft Graph, Delegated, "SMTP.Send" - Microsoft Graph, Delegated, "User.Read" Overview: - Take note of the Application ID (a.k.a. Client ID), you'll need it shortly End users who aren't able to get to the app registration screen within portal.azure.com for their work/school account can temporarily use an incognito browser window to create a free outlook.com account and use that to create the app registration. Edit the client_id (and client_secret if there is one) into the mutt_oauth2.py script. And use the above script instead. I tried to use mutt_oauth2.py with Microsoft, but failed. That was in June 2021 however. Well i did that a year ago, but could not get SMTP to work if i recall correctly, and then they blocked my account because i said "Microsoft, please" in a test message, which was against their policy. Ozzy Osbourne wants to leave, saying "This is not America no more" or something in that spirit. Impossible to imagine that in America Bianca Jagger was sitting on a horse, and the guy with the big penis (Hugo?!) was naked. 2.5.1977. Hmm. Well i can SMTP LOGIN as fozzi-baer, but can no longer send a message as [email protected] 554 5.2.252 SendAsDenied; [email protected] not allowed to send as [email protected]; STOREDRV.Submission.Exception:SendAsDeniedException.MapiExceptionSendAsDenied; Failed to process message due to a permanent exception with message [BeginDiagnosticData]Cannot submit message. I am too tired to look into this now. Poor Stephen that has to use Microsoft. But the above hopefully helps, and the script is really good and easy to use. Please report back on problems, Stephen
