locked
Is it possible to restrict 3rd Party POP3 access to OAuth 2.0 Authentication RRS feed

  • Question

  • I am testing OAuth 2.0 integration for SMTP and POP3 in a desktop application. The app has a service component that sends and receives emails from a single account in the background.

    I set up a @outlook.com online account to test with. The POP3 login and receiving is working, but for some reason the mail component I'm using doesn't allow you to specify the POP authentication method. So I suspect it's defaulting to Basic Auth and giving me a false positive.

    Is there any way to make it so 3rd party applications can only authenticate the outlook account with OAuth? I believe gmail has a setting like this where you can "disallow less secure apps".

    I registered for an Office 365 trial using the outlook account - not sure if that gives me more options for this type of thing.

    Any info or suggestions would be much appreciated!

    Tuesday, March 24, 2020 5:58 PM

All replies

  • I am testing OAuth 2.0 integration for SMTP and POP3 in a desktop application. The app has a service component that sends and receives emails from a single account in the background.

    I set up a @outlook.com online account to test with. I started a trial of Azure and Office 365 using this account.

    I registered my application in Azure and gave it "Mail.ReadWrite" and "Mail.Send" permissions for the Graph API.

    In my application, I send an HTTP request to the token endpoint for my Azure tenant and receive a token in response. If I decode the token, I can see that it includes "Mail.ReadWrite" and "Mail.Send" in the "roles" list.

    When I pass the token to the mail component and try to send a test email, I get the following error:

    530 5.7.57 SMTP; Client was not authenticated to send anonymous mail during MAIL FROM

    I'm using the smtp.office365.com server to send over port 587 and it is TLS encrypted. This works fine when I use Basic Auth instead of OAuth. But as soon as I use "XOAUTH2" for the authentication method and pass the auth token, the test send fails.

    When I research the error online, I get a lot of hits suggesting using the MX endpoint for the smtp server. I'm unfamiliar with MX endpoints, and it seems like this involves registering a domain on Azure, which I don't think is necessary in this case. Or am I wrong about that?

    Does anyone know what could be the cause of this error in my case, or how to troubleshoot this further?

    Tuesday, March 24, 2020 5:10 PM
  • Hi,

    Welcome to our forum. Here we mainly focus on general issues about Outlook desktop client.

    According to your desciption, you issue may be related to your Outlook.com account. Just as you said, Gmail has a setting like this where you can "disallow less secure apps". So it is suggested to post a new thread to the dedicated Answers community for outlook.com: 

    https://answers.microsoft.com/en-us/outlook_com

    The reason why we recommend posting appropriately is you will get the most qualified pool of respondents, and other partners who read the forums regularly can either share their knowledge or learn from your interaction with us. Thanks for your understanding and hope your question will be resolved soon.

    Regards,

    Aidan Wang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Wednesday, March 25, 2020 2:44 AM
  • Hi ,

    Welcome to our forum. Then here we mainly focus on general issues about Outlook desktop client, so I am afraid little we can help regarding your problem which involves a different application.

    >> 530 5.7.57 SMTP; Client was not authenticated to send anonymous mail during MAIL FROM. 
    >> This works fine when I use Basic Auth instead of OAuth.
    According to my research, the error prompt you mentioned is mostly related to the connection between your client and Mail server. I found this thread which may be useful to you, for your reference.

    Besides, if you can use your email account normally on your client without OAuth as you mentioned, it seems that the problem may be mostly related to your OAuth and Azure settings. If the issue continues, it is suggested for you to focus on the thread you have posted in the Azure forum and try to consult the support of OAuth for better help.

    Hope this can be helpful.

    Regards,

    Jeff Yang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Wednesday, March 25, 2020 7:39 AM
  • Sorry about that! Thanks for pointing me in the right direction

    I'm not able to remove the thread - is that something you can do?

    Wednesday, March 25, 2020 8:13 PM
  • Sorry about that! Thanks for pointing me in the right direction.

    I'm not able to remove the thread - is that something you can do?

    Wednesday, March 25, 2020 8:17 PM
  • Hi,

    Thanks for your reply:)

    In order to close this thread, please kindly mark helpful replies or your own reply as answers. By doing so, it will benefit all community members who are having this similar issue.  (They can get the right direction from your thread.)

    Your contribution is highly appreciated.

    Regards,

    Aidan Wang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Thursday, March 26, 2020 1:27 AM