Exchange Online SMTP

telefunken · December 27, 2025, 5:11pm


*********@pass:/usr/share/php/passbolt/bin$ sudo ./cake passbolt send_test_email --recipient=*********@*********.com
[sudo] password for *********:

     ____                  __          ____
    / __ \____  _____ ____/ /_  ____  / / /_
   / /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/
  / ____/ /_/ (__  |__  ) /_/ / /_/ / / /
 /_/    \__,_/____/____/_.___/\____/_/\__/

 Open source password manager for teams
-------------------------------------------------------------------------------
 Debug email shell
-------------------------------------------------------------------------------
Email configuration
-------------------------------------------------------------------------------
Host: smtp.office365.com
Port: 587
Username: *********@*********.com
Password: *********
TLS: true
Sending email from: *********@*********.com
Sending email to: *********@*********.com
-------------------------------------------------------------------------------
Trace
[220] AM9P195CA0017.outlook.office365.com Microsoft ESMTP MAIL Service ready at Sat, 27 Dec 2025 17:03:18 +0000 [08DE42E7B51B0BB3]
 EHLO localhost
[250] AM9P195CA0017.outlook.office365.com Hello [*********]
[250] SIZE 157286400
[250] PIPELINING
[250] DSN
[250] ENHANCEDSTATUSCODES
[250] STARTTLS
[250] 8BITMIME
[250] BINARYMIME
[250] CHUNKING
[250] SMTPUTF8
 STARTTLS
[220] 2.0.0 SMTP server ready
 EHLO localhost
[250] AM9P195CA0017.outlook.office365.com Hello [*********]
[250] SIZE 157286400
[250] PIPELINING
[250] DSN
[250] ENHANCEDSTATUSCODES
[250] AUTH LOGIN XOAUTH2
[250] 8BITMIME
[250] BINARYMIME
[250] CHUNKING
[250] SMTPUTF8
 AUTH LOGIN
[334] VXNlcm5hbWU6
 *****
[334] UGFzc3dvcmQ6
Could not send the test email.
Error: SMTP server did not accept the password.

I’m having trouble setting SMTP AUTH with our Exchange Online subscription. The password is correct, I can log on to outlook.com with the same password.

I’ve read multiple tutorials and tried most of the settings. Authenticated SMTP is enabled for the sending account in the admin panel. And I’ve set:

SmtpClientAuthenticationDisabled : False

Does anybody have a step-by-step guide on how to get this working with the new MS Policies? Seems to me MS really wants me to use OAuth2.0 but Passbolt doesn’t support it.

/edit:

I’m pretty sure this is because of the Exchange Online settings and not Passbolt, but I have no idea how to set this up and decided to start a topic here for future reference.

gyaresu · December 29, 2025, 2:13am

G’day Telefunken.

Off the top of my head I’m thinking you probably need to use an application password from Microsoft.

Depending on your Microsoft settings you may need to setup an SMTP relay but my first guess would be app password because the account has MFA setup on it.

Happy to troubleshoot this with you.

Cheers
Gareth

telefunken · December 29, 2025, 11:13am

Microsoft documentation is really confusing on the matter, probably because they are in a transition period and there’s a lot of old information floating around. So while researching, check the dates.

What MS just recently did was create High Volume Email (HVE). Which is ok when you just mail internally, when you mail externally it is limited to 1 mail per 2 seconds, which shouldn’t be a problem in my case.

Also, once you have created the account, you have to wait for everything to come into effect. Probably because MS datacenters need time to process all the security settings.

Once you have done that, it will work. You just need to use smtp-hve.office365.com as your SMTP server with all the usual settings.

gyaresu · December 29, 2025, 10:57pm

Excellent news!

Can you please share any of the Microsoft help pages that you found useful?
I have SMTP stuff on my 2026 radar for passbolt. Would love to reproduce your work.

Cheers
Gareth

telefunken · December 29, 2025, 11:33pm

https://learn.microsoft.com/en-us/exchange/mail-flow-best-practices/how-to-set-up-a-multifunction-device-or-application-to-send-email-using-microsoft-365-or-office-365

All the other learn docs are obsolete.

My experience so far, keep in mind HVE as of now is in preview beta so things could be different by the time you read this:

CRUCIAL!!

For HVE to work you need to toggle the security defaults off and on again. If you just try to send it, it wil still give you the same error message:

Goto: https://portal.azure.com/
Goto Manage > Properties and at the bottom of the page: “Manage security defaults”, and turn it off
Send an email from your application, you will see it will be sent this time around
Go back to the security defaults and toggle it on again.

BUG OR BETA RELATED:

As of now I cannot mail external mailadresses, even if the Microsoft learn article says it should be possible. I get the following error:
5.5.105 Message rejected. External sending is not supported for High Volume Email accounts.

It’s not an issue for me as I’m not planning on mailing external mailboxes, but it is somehting you should keep in mind in your setup.