talking to smtp.office365.com

Started by Thomas Bock, July 26, 2024, 09:57:51 AM

Previous topic - Next topic

Thomas Bock

We use an own implementation of SMTP if the user runs a mail server on his own.
This doesn't work with the MS server, as it requires TLS.
What is best practice for using that server from a Linux host?

Allen Miglore

By 'own implementation of SMTP', I'm thinking you've written an SMTP client and now need to work with a STARTTLS type connection with the server.  I had to figure that out a while back.  The trick is to get pxplus to switch the socket to a secure one after it's already open.  STARTTLS isn't like SMTPS or HTTPS where you open a secure connection initially.  Instead, you open a regular [tcp] connection, start the SMTP communication with EHLO, and as soon as you see the server responses indicating STARTTLS is needed, you send it a STARTTLS command, to which it responds with a 220 message indicating it is waiting on you to upgrade the connection.  At that point, print(socket,err=*next)'option'("Secure","") and pxplus will try to upgrade to a secure connection.  If that is successful, you then re-start with the ELHO command and you'll be able to proceed through all the normal sending steps.

Thomas Bock

That sounds so easy, but I can't get it working  :(
I post my sample program below. After 'option'("Secure","") nothing useful is happening any more. I tried many different things and combinations but the program can never send the second EHLO. All I received where many errors 2 or 3 or 11.

begin
delay = 3
eol$ = $0D0A$
channel = hfn
open (channel, err = FINISH) "[tcp]smtp.office365.com;587;TLS1.3;CERTIFICATES=IGNORE"
gosub GET_RESPONSE
write record (channel) "EHLO " + nid + eol$
gosub GET_RESPONSE
write record (channel) "STARTTLS" + eol$
gosub GET_RESPONSE
write record (channel) 'option'("Secure", $$) + eol$
gosub GET_RESPONSE
!write record (channel) 'option'("TLS", $$) + eol$
!gosub GET_RESPONSE
write record (channel) "EHLO " + nid + eol$
gosub GET_RESPONSE
FINISH:
write record  (channel,err=*next) "quit" + eol$
close (channel)
end
GET_RESPONSE:
read record (channel, tim = delay, err = FINISH) response$
print str(++i:"#0: "),response$
wait 0
return

Devon Austen

If you are trying to change a non secure TCP connection to secure you need to use SETDEV SET directive or the PRINT 'OPTION' mnemonic with SSL/TLS specific options. See SETDEV SET directive, 'OPTION' mnemonic and TCP Options. For an example of switching an unsecure TCP connection to a secure one, see Changing from Non-Secure to Secure.

From your example it looks like you want to replace

write record (channel) 'option'("Secure", $$) + eol$

with

print(channel) 'option'("Secure", "")
Principal Software Engineer for PVX Plus Technologies LTD.

Thomas Bock

That change has no effect. After sending the secure option I cannot read the answers from the server any more. It accepts everything I send, but does nothing.
Is there a sample code showing a successful change to a secure connection and what needs to be send next in case of smtp?

Mike King

Why wouldn't you simply use the standard mail interfaces included with PxPlus.  Simply convert your existing home-grown interface to call the standard interface so your application code remains the same for the most part?
Mike King
President - BBSysco Consulting
eMail: mike.king@bbsysco.com

Mike King

Just checked and it appears smtp.office365.com does claim to support standard SSL connections on port 465. Using this port should allow you to simply use a initial SSL/TLS connection avoiding the need to issue STARTTLS.
Mike King
President - BBSysco Consulting
eMail: mike.king@bbsysco.com

ChrisKCAi

As an adjunct to this, I'd like to resurrect a previous question - Previously, SMTP was excluded from requiring OAUTH2 for sending emails via Exchange/365 online. It appears that will no longer be the case in the near future (Sep '25) https://techcommunity.microsoft.com/t5/exchange-team-blog/exchange-online-to-retire-basic-auth-for-client-submission-smtp/ba-p/4114750

We use *web/email throughout our system to send emails and many of our installations use Exchange online as their SMTP server (typically port 587/STARTTLS). In a previous thread about this https://forum1.pvxplus.com/index.php?topic=996.msg3417#msg3417 Mike mentions that requiring OAUTH2 for SMTP would be "problematic" but it appears we are going to have that problem. Is anyone else anticipating this and/or have a proposed solution?

Thomas Bock

*web/email works for me. Thank you Mike.
But I have an issue with text attachments. I will start a new thread for that.

martinp

I currently use office365 for all office machines, but for pvxplus I use the local linux server with relaying to office365, if the internet is down the messages are still queued up.  This doesn't happen often anymore thought.

I was thinking of switching the smtp to office365 I assume *web/email will work and I hope PvxPlus will continue to ensure this is compatible in the future?