Mail server with 365

Checklist
[ x] I have read intro post: About the Installation Issues category
[ x] I have read the tutorials, help and searched for similar issues
[x ] I provide relevant information about my server (component names and versions, etc.)
[x ] I provide a copy of my logs and healthcheck
[x ] I describe the steps I have taken to trouble shoot the problem
[x ] I describe the steps on how to reproduce the issue

Hello everyone.
I think Passbolt is great.
I use Passbolt on a Debian 12 server.
I use the latest version of passbolt.

I would like to configure the Passbolt mail server with 365.
I’ve tried several leads, including this one:

But this procedure is almost 4 years old, and Microsoft has changed its security policy since then.
My Passbolt installation works with another mail server, but now, I must use 365.

Could someone give me a procedure or could the admins update this procedure ?

My tests answer : timeout or wrong password.

 >     ____                  __          ____
>     / __ \____  _____ ____/ /_  ____  / / /_
>    / /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/
>   / ____/ /_/ (__  |__  ) /_/ / /_/ / / /
>  /_/    \__,_/____/____/_.___/\____/_/\__/
> 
>  Open source password manager for teams
> -------------------------------------------------------------------------------
>  Healthcheck shell
> -------------------------------------------------------------------------------
> 
>  Environment
> 
>  [PASS] PHP version 8.2.7.
>  [PASS] PHP version is 8.1 or above.
>  [PASS] PCRE compiled with unicode support.
>  [PASS] The temporary directory and its content are writable and not executable.
>  [PASS] The logs directory and its content are writable.
>  [PASS] GD or Imagick extension is installed.
>  [PASS] Intl extension is installed.
>  [PASS] Mbstring extension is installed.
> 
>  Config files
> 
>  [PASS] The application config file is present
>  [PASS] The passbolt config file is present
> 
>  Core config
> 
>  [PASS] Debug mode is off.
>  [PASS] Cache is working.
>  [PASS] Unique value set for security.salt
>  [PASS] Full base url is set to https://192.168.1.152
>  [PASS] App.fullBaseUrl validation OK.
>  [PASS] /healthcheck/status is reachable.
> 
>  SSL Certificate
> 
>  [WARN] SSL peer certificate does not validate
>  [WARN] Hostname does not match when validating certificates.
>  [WARN] Using a self-signed certificate
>  [HELP] Check https://help.passbolt.com/faq/hosting/troubleshoot-ssl
>  [HELP] cURL Error (60) SSL certificate problem: self-signed certificate
> 
>  Database
> 
>  [PASS] The application is able to connect to the database
>  [PASS] 31 tables found
>  [PASS] Some default content is present
>  [PASS] The database schema up to date.
> 
>  GPG Configuration
> 
>  [PASS] PHP GPG Module is installed and loaded.
>  [PASS] The environment variable GNUPGHOME is set to /var/lib/passbolt/.gnupg.
>  [PASS] The directory /var/lib/passbolt/.gnupg containing the keyring is writable by the webserver user.
>  [PASS] The server OpenPGP key is not the default one
>  [PASS] The public key file is defined in /etc/passbolt/passbolt.php and readable.
>  [PASS] The private key file is defined in /etc/passbolt/passbolt.php and readable.
>  [PASS] The server key fingerprint matches the one defined in /etc/passbolt/passbolt.php.
>  [PASS] The server public key defined in the /etc/passbolt/passbolt.php (or environment variables) is in the keyring.
>  [PASS] There is a valid email id defined for the server key.
>  [PASS] The public key can be used to encrypt a message.
>  [PASS] The private key can be used to sign a message.
>  [PASS] The public and private keys can be used to encrypt and sign a message.
>  [PASS] The private key can be used to decrypt a message.
>  [PASS] The private key can be used to decrypt and verify a message.
>  [PASS] The public key can be used to verify a signature.
>  [PASS] The server public key format is Gopengpg compatible.
>  [PASS] The server private key format is Gopengpg compatible.
> 
>  Application configuration
> 
>  [PASS] Using latest passbolt version (4.4.2).
>  [FAIL] Passbolt is not configured to force SSL use.
>  [HELP] Set passbolt.ssl.force to true in /etc/passbolt/passbolt.php.
>  [PASS] App.fullBaseUrl is set to HTTPS.
>  [PASS] Selenium API endpoints are disabled.
>  [PASS] Search engine robots are told not to index content.
>  [INFO] The Self Registration plugin is enabled.
>  [INFO] The self registration provider is: Email domain safe list.
>  [PASS] The deprecated self registration public setting was not found in /etc/passbolt/passbolt.php.
>  [WARN] Host availability checking is disabled.
>  [HELP] Make sure this instance is not publicly available on the internet.
>  [HELP] Or set the PASSBOLT_EMAIL_VALIDATE_MX environment variable to true.
>  [HELP] Or set passbolt.email.validate.mx to true in /etc/passbolt/passbolt.php.
>  [PASS] Serving the compiled version of the javascript app.
>  [WARN] Some email notifications are disabled by the administrator.
> 
>  JWT Authentication
> 
>  [PASS] The JWT Authentication plugin is enabled
>  [PASS] The /etc/passbolt/jwt/ directory is not writable.
>  [PASS] A valid JWT key pair was found
> 
>  SMTP Settings
> 
>  [PASS] The SMTP Settings plugin is enabled.
>  [PASS] SMTP Settings coherent. You may send a test email to validate them.
>  [PASS] The SMTP Settings source is: database.
>  [WARN] The SMTP Settings plugin endpoints are enabled.
>  [HELP] It is recommended to disable the plugin endpoints.
>  [HELP] Set the PASSBOLT_SECURITY_SMTP_SETTINGS_ENDPOINTS_DISABLED environment variable to true.
>  [HELP] Or set passbolt.security.smtpSettings.endpointsDisabled to true in /etc/passbolt/passbolt.php.

Thanks a lot.

hey @yoannyop welcome to the forum!

Could you paste the actual output from the send test email?

Additionally could you share your config for this? (make sure to censor anything that you need to hide)

Hello and thank you for response.

My configuration :

Email provider = Other
Athentification = username & pwd
username = user@mydomaine.fr
smtp host = smtp.office365.com
TLS = yes
port = 587
smtp client = mydomaine.fr
sender name = user@mydomaine.fr
sender email = user@mydomaine.fr

this user can send email from another webapp

Output from send test email :

> [
>     {
>         "cmd": null,
>         "response": [
>             {
>                 "code": "220",
>                 "message": "PA7P264CA0386.outlook.office365.com Microsoft ESMTP MAIL Service ready at Tue, 6 Feb 2024 07:33:36 +0000"
>             }
>         ]
>     },
>     {
>         "cmd": "EHLO mydomain.fr",
>         "response": [
>             {
>                 "code": "250",
>                 "message": "PA7P264CA0386.outlook.office365.com Hello [2a01:e0a:1d5:a380:215:5dff:fe01:aa13]"
>             },
>             {
>                 "code": "250",
>                 "message": "SIZE 157286400"
>             },
>             {
>                 "code": "250",
>                 "message": "PIPELINING"
>             },
>             {
>                 "code": "250",
>                 "message": "DSN"
>             },
>             {
>                 "code": "250",
>                 "message": "ENHANCEDSTATUSCODES"
>             },
>             {
>                 "code": "250",
>                 "message": "STARTTLS"
>             },
>             {
>                 "code": "250",
>                 "message": "8BITMIME"
>             },
>             {
>                 "code": "250",
>                 "message": "BINARYMIME"
>             },
>             {
>                 "code": "250",
>                 "message": "CHUNKING"
>             },
>             {
>                 "code": "250",
>                 "message": "SMTPUTF8"
>             }
>         ]
>     },
>     {
>         "cmd": "STARTTLS",
>         "response": [
>             {
>                 "code": "220",
>                 "message": "2.0.0 SMTP server ready"
>             }
>         ]
>     },
>     {
>         "cmd": "EHLO mydomain.fr",
>         "response": [
>             {
>                 "code": "250",
>                 "message": "PA7P264CA0386.outlook.office365.com Hello [2a01:e0a:1d5:a380:215:5dff:fe01:aa13]"
>             },
>             {
>                 "code": "250",
>                 "message": "SIZE 157286400"
>             },
>             {
>                 "code": "250",
>                 "message": "PIPELINING"
>             },
>             {
>                 "code": "250",
>                 "message": "DSN"
>             },
>             {
>                 "code": "250",
>                 "message": "ENHANCEDSTATUSCODES"
>             },
>             {
>                 "code": "250",
>                 "message": "AUTH LOGIN XOAUTH2"
>             },
>             {
>                 "code": "250",
>                 "message": "8BITMIME"
>             },
>             {
>                 "code": "250",
>                 "message": "BINARYMIME"
>             },
>             {
>                 "code": "250",
>                 "message": "CHUNKING"
>             },
>             {
>                 "code": "250",
>                 "message": "SMTPUTF8"
>             }
>         ]
>     },
>     {
>         "cmd": "AUTH LOGIN",
>         "response": [
>             {
>                 "code": "334",
>                 "message": "VXNlcm5hbWU6"
>             }
>         ]
>     },
>     {
>         "cmd": "*****",
>         "response": [
>             {
>                 "code": "334",
>                 "message": "UGFzc3dvcmQ6"
>             }
>         ]
>     }
> ]

Thanks a lot

I believe you don’t need this for o365, could you try with that empty?

Thanks, but error again.

[
    {
        "cmd": null,
        "response": [
            {
                "code": "220",
                "message": "PA7P264CA0453.outlook.office365.com Microsoft ESMTP MAIL Service ready at Tue, 6 Feb 2024 08:05:30 +0000"
            }
        ]
    },
    {
        "cmd": "EHLO 192.168.1.152",
        "response": [
            {
                "code": "250",
                "message": "PA7P264CA0453.outlook.office365.com Hello [2a01:e0a:1d5:a380:215:5dff:fe01:aa13]"
            },
            {
                "code": "250",
                "message": "SIZE 157286400"
            },
            {
                "code": "250",
                "message": "PIPELINING"
            },
            {
                "code": "250",
                "message": "DSN"
            },
            {
                "code": "250",
                "message": "ENHANCEDSTATUSCODES"
            },
            {
                "code": "250",
                "message": "STARTTLS"
            },
            {
                "code": "250",
                "message": "8BITMIME"
            },
            {
                "code": "250",
                "message": "BINARYMIME"
            },
            {
                "code": "250",
                "message": "CHUNKING"
            },
            {
                "code": "250",
                "message": "SMTPUTF8"
            }
        ]
    },
    {
        "cmd": "STARTTLS",
        "response": [
            {
                "code": "220",
                "message": "2.0.0 SMTP server ready"
            }
        ]
    },
    {
        "cmd": "EHLO 192.168.1.152",
        "response": [
            {
                "code": "250",
                "message": "PA7P264CA0453.outlook.office365.com Hello [2a01:e0a:1d5:a380:215:5dff:fe01:aa13]"
            },
            {
                "code": "250",
                "message": "SIZE 157286400"
            },
            {
                "code": "250",
                "message": "PIPELINING"
            },
            {
                "code": "250",
                "message": "DSN"
            },
            {
                "code": "250",
                "message": "ENHANCEDSTATUSCODES"
            },
            {
                "code": "250",
                "message": "AUTH LOGIN XOAUTH2"
            },
            {
                "code": "250",
                "message": "8BITMIME"
            },
            {
                "code": "250",
                "message": "BINARYMIME"
            },
            {
                "code": "250",
                "message": "CHUNKING"
            },
            {
                "code": "250",
                "message": "SMTPUTF8"
            }
        ]
    },
    {
        "cmd": "AUTH LOGIN",
        "response": [
            {
                "code": "334",
                "message": "VXNlcm5hbWU6"
            }
        ]
    },
    {
        "cmd": "*****",
        "response": [
            {
                "code": "334",
                "message": "UGFzc3dvcmQ6"
            }
        ]
    }
]

It seems 4.5.0-rc.1 release has added feature “PB-21484 As an administrator I can define Microsoft 365 and Outlook providers in SMTP settings”. Maybe this will make 365 mail integration easier, haven’t tested it yet though…

Thanks for the information. I hope so too.

So, wait and see …

:pray:

Hello all.

How can I be informed of the release of the update, other than by visiting this forum every day?

Thanks a lot.

Easiest way is by following our RSS feed

Of course.

Thank a lot.

Hello @yoannyop

Just to confirm, are you using your own password or an app password for the authentication? Also is the sender email the account where this app password have been created?

Hello.
The app password function has not been available with 365 for at least a year.
I therefore use a user password, which I use in particular for GLPI (with Oauth authentication) or Zabbix.
Have a nice day.

Hello.
Nobody use o365 with Passbolt to help me ?

Hello @yoannyop !

Where you able to upgrade your Passbolt server to the latest version?

Hello Steph.
Yes, I update each version as soon as they are released.
I’m trying every combination with o365 but nothing.

Just to clarify, my server is not accessible from the Internet.