SMTP issue with smtp.office365.com

Installation Issues
42

in my call with microsft they configure my tenant but still didnt work thats they recommend to use Auth2.0.
passsbolt dont recognize base64 user and password provided my smtp-credential from AWS SES , right?

43

It appears AWS smtp connection (postfix) is rejecting your smtp credentials.

The credentials should be entered into passbolt as plain text, not the base64 versions.

44

AWS SES only provide smtp credencial on base64, what can i do?

45

#7 here Obtaining Amazon SES SMTP credentials - Amazon Simple Email Service Whatever you downloaded as credentials, those should be entered into passbolt without modification. If that is what you did, then maybe the steps for setting up postfix need to be re-done as postfix will be listening for those credentials when passbolt calls in.

46

yes i put those credentials in passbolt.php. but the from SMTP-crendentials are on base64

image
image973×443 76.5 KB

47

AUTH LOGIN
[334] VXNlcm5hbWU6

[334] UGFzc3dvcmQ6

This part is normal for the AUTH LOGIN protocol. Passbolt is telling the mail server that the username is coming, and then the password.

image

48

yes i put my username and password and failed with the error 535 Authentication credentials invalid

49

After many hours of troubleshooting yet experiencing the very same issues at @ricardo I’ve finally found the culprit and I hope this may help others as well!

in Azure or now entra, navigate to “Identity > Overview > Properties” then scroll to the bottom in which you will find " Your organization is protected by security defaults. [Manage security defaults]“(Microsoft Entra admin center)”

Disable this as this prevents any access and will constantly show up in the logs as a “login failure”. or in O365 logs “October 2, 2023 at 5:41 AM Failure Access has been blocked by security defaults.”

Once disabled, emails route properly however, with security features disabled you will now need to create your own Conditional Access policies.

UPDATE

This will remove 2FA authentication from your accounts… Simply go back into Azure now Entra > USERS > “SELECT USER” > AUTHENTICATION METHODS and then click on “Switch to the new user authentication methods experience! Click here to use it now.”

This will give 2FA security back while allowing you to send emails via Passbolt

3 Likes