Basic Auth Disabled in Office 365

Now that Basic Auth is essentially dead in o365* (and dead for me since this week as I have just discovered our IT department have disabled for all accounts) I wonder whether there is any plan to support other auth methods for email sending?

I know it’s possible to set up with AWS/SES/Sendgrid etc, but in my experience on other projects this is a real headache and often leads to messages being classified as spam, which is a shame given this is essentially all internal traffic anyway.

Is there a recommended way of doing this for mostly-MS-based orgs previously or currently using o365 SMTP accounts?

1 Like

ActionMailer doesn’t support XOAUTH2, which Microsoft requires.

The only thing I can think of would be running an internal SMTP server and forwarding those emails to O365 for final delivery.

Edit: I misread the section about SMTP AUTH

Looks like there’s no need to switch to OAuth2.

SMTP AUTH will still be available when Basic authentication is permanently disabled on October 1, 2022.

So, you should be able to change to SMTP Auth by adding an additional env variable to app.yml.

DISCOURSE_SMTP_AUTHENTICATION: cram_md5

In addition to that I think you will need to use the MD5 hash of the SMTP password as value of the DISCOURSE_SMTP_PASSWORD setting. Rebuild the Docker container after those changes and give it a try.

4 Likes

It’s available in theory but disabled for tenants “who don’t use it” which in practice means an IT department needs to manually specify a new policy to allow it. I think that’s likely to be a non-starter for us, but will make some requests. For info, this is the default response from smtp server now:

EHLO
250-XXX.outlook.office365.com Hello [178.XXX.XXX.XXX]
250-SIZE 157286400
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-STARTTLS
250-8BITMIME
250-BINARYMIME
250-CHUNKING
250 SMTPUTF8
1 Like

Just for reference… this definitely doesn’t work with what I think are the MS-recommended tenant settings for 0365 implemented at my institution.

It’s a real pain for us that Discourse doesn’t/can’t support OATH for mail sending. We have set up sending through AWS but are having lots of mail delivery issues and really just wish we could keep things simple by using existing mail provider. Ditto for accessing an inbox.

Running an smtp server and forwarding will create lots of mail deliverability issues for most people, without a lot of extra configuration.

This gem seems to provide what’s needed and is fairly well support (MIT license):