Hi Steffen
It seems very complicated, but I'll look into it.
Thank you very much.
Morten
On 2023-11-15 Steffen Nurpmeso wrote:
> Hello Morten.
>
> Morten Bo Johansen wrote in
> <slrnul9ipu.63hr.mbj@localhost.localdomain>:
> |Is anybody able to send mail with s-nail through the outlook.com smtp \
> |server?
>
> Just yesterday (because on some other list someone had problems)
> i logged into IMAP. (I use v14.10 development branch though.)
>
> |I have this in my ~/.mailrc:
> |
> | set v15-compat
> |
> | account hotmail {
> | localopts yes
> | set from="Morten Bo Johansen <morte...@hotmail.com>"
> | set imap-keepalive=240
> | shortcut imap imaps://outlook.office365.com
> | set tls-config-pairs=MinProtocol=TLSv1.2
> | set smtp-use-starttls
> | set mta=smtp://mortenbo%40hotmail.com:sec...@smtp-mail.outlook.com:58\
> | 7
>
> Microsoft likely enforces OAuth. I have written a Python program
> (Python because it ships all necessary modules out of the box)
> which handles the stuff:
>
> curl -b ./TMPCOOKIE -c ./TMPCOOKIE \
> -O https://git.sdaoden.eu/browse/s-toolbox.git/plain/oauth-helper.py
>
> (No longer authentication required, but sets HTTP cookie.)
> It needs a configuration file,
>
> python3 oauth-helper.py -p Microsoft -R morten.rc --action=template
>
> creates it (see --help). flow= must be auth however, i think.
> Last night i had
>
> # /home/steffen/sec.arena/mail/.sitm-ms.oauth, written 2023-11-15
> 00:29:01.875595
>
> authorize_endpoint=https://login.microsoftonline.com/common/oauth2/v2.0/authorize
>
> devicecode_endpoint=https://login.microsoftonline.com/common/oauth2/v2.0/devicecode
> token_endpoint=https://login.microsoftonline.com/common/oauth2/v2.0/token
> redirect_uri=https://login.microsoftonline.com/common/oauth2/nativeclient
> tenant=common
> scope=https://outlook.office.com/IMAP.AccessAsUser.All
> https://outlook.office.com/POP.AccessAsUser.All
> https://outlook.office.com/SMTP.Send
> flow=auth
> access_token=
> client_id=bf0f4488-089e-46ee-a48d-8f0717388be3
> login_hint=sugar.in.the.morn...@outlook.com
>
> ^ change this
>
> timeout=3600
> timestamp=
> refresh_token=
>
> Last October i posted a v14.9.* script that makes use of this (but
> do not use oauth-helper.py from that post, current is beter); i no
> longer have it nor tried it ever since, i am all forward on v14.10
> [1].
>
> [1] https://lists.sdaoden.eu/pipermail/s-mailx/2022-October/001650.html
>
> Note Microsoft uses grazy-long tokens and requires a browser visit
> each and every time the token expires (ie a normal refresh will
> not work out). The new token is also only seen in the browser
> address line.
>
> |I get various error messages, no matter what I try, e.g.:
> |
> | $ mail -s "Test" morte...@hotmail.com < /dev/null
> |
> | mail: SMTP server: 504 5.7.4 Unrecognized authentication type
> | [MM0P280CA0062.SWEP280.PROD.OUTLOOK.COM 2023-11-15T13:28:04.587Z
> | 08DBE55409C962D3]
> |
> |If I try with smtps://.. instead of smtp, I get
> |
> | $ mail -s "Test" morte...@hotmail.com < /dev/null
> | mail: could not initiate TLS connection: error:0A00010B:SSL routines::w\
> | rong
> | version number
> |
> |I have also tried to remove the "tls-config-pairs" line to no effect.
> |
> |These are my "tls-features":
> ...
> IMAP works fine. It is just smtp that doesn't work.
>
> Oh. Wait. SMTP i have not tried.
>
> $ s-nail -A sitm-ms -s 'SMTP should work' stef...@sdaoden.eu
> ! Warning: --resource mode permissions other than user read/write: 0640:
> /home/steffen/sec.arena/mail/.sitm-ms.oauth
> ! refresh_token response: HTTP Error 400: Bad Request
> ! Let us try --authorize instead (sleeping 3 seconds)
>
> ^ Always with Microsoft :( Yandex is much more relaxex. Even
> Google.
>
> * OAuth 2.0 RFC 6749, 4.1.1. Authorization Request
> . To create an authorization code, please visit the shown URL:
>
> lynx-redux 'https://login.microsoftonline.com/[.]'
>
> ^ $BROWSER that is
>
> - Shall i invoke this command? [y/else] n
>
> Please enter authorization [URI?code=]token: [.]
>
> * OAuth 2.0 RFC 6749, 4.1.3. Access Token Request
> s-nail: .. updating password to OAuth token [.]
> s-nail: Conditional expression: expected an operator: stop during: =~
> ^imaps?://: of: =~ ^imaps?://
>
> (oops, a bug)
>
> s-nail: Obsoletion warning: conditional expressions exclusively use
> shell-style notation; compatibility shims were removed!
>
> ...
> (Preliminary) Envelope contains:
> ...
> Send this message [yes/no, empty: recompose]? y
> ...
> #?0|kent:nail.git$
>
> Works!
> Now i hope this works with v14.9.24 also. Its oauthbearer
> authentication should be xoauth2 indeed, please complain if it
> does not work. (I hate OAuth.)
>
> I am undecided how to do it for this MUA indeed. I personally now
> do "call oauth-activate sitm-ms" from within my account:
>
> define oauth-activate {
> \se password imap-auth=xoauth2 [.]
> \call oauth-check-token-init
> \se oauth-helper='$HOME/src/toolbox.git/oauth-helper.py \
> --resource
> $HOME/sec.arena/mail/.'$1'.oauth' \
> oauth-helper-times=$HOME/sec.arena/mail/.$1.oauth \
> on-oauth-password-change=_oauth-on-new-token
> }
>
> define _oauth-on-new-token {
> \if -n "$1"
> \echoe ' .. updating password to OAuth token '$1
> \se password=$1
> \if $mailbox-resolved =~ ^imaps?://
> \echoe ' .. reconnecting IMAP mailbox after
> password change'
> \disco
> \conn
> \en
> \el
> \echoe ' .. deleting password'
> \uns password
> \en
> }
>
> These then get driven by the code that i posted in October last
> year (at least in its current v14.10-and-above form, but i *think*
> nothing has changed regarding that).
> Since you seem to drive it from the command line only you can as
> well simply call the python script, and then call the MUA with the
> password already resolved, no?
>
> Ring through on problems!
>
> --steffen
>|
>|Der Kragenbaer, The moon bear,
>|der holt sich munter he cheerfully and one by one
>|einen nach dem anderen runter wa.ks himself off
>|(By Robert Gernhardt)
>
