Reputation: 127
Office 365 IMAP Authentication fail for PLAIN access with OPENSSL
I'm trying to test and Office 365 (with Outlook) account for remote access via IMAP. Despite the large amount of posts regarding this issue, i was not able to find something that make my test work, so i'm asking again. This is the scenario : I have an outlook/office365 account, with IMAP enabled by the admin.
From a local server i'm using the next command from openssl to connect to the IMAP server:
openssl s_client -crlf -connect outlook.office365.com:993 -quiet
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
verify return:1
depth=1 C = US, O = DigiCert Inc, CN = DigiCert Cloud Services CA-1
verify return:1
depth=0 C = US, ST = Washington, L = Redmond, O = Microsoft Corporation, CN = outlook.com
verify return:1
* OK The Microsoft Exchange IMAP4 service is ready. [UwBDADEAUABSADgAMABDAEEAMAAwADUAOAAuAGwAYQBtAHAAcgBkADgAMAAuAHAAcgBvAGQALgBvAHUAdABsAG8AbwBrAC4AYwBvAG0A]
Apparently i'm connected to the IMAP server, so now i try to authenticate. First i get the list of AUTH methods that the server accepts.
02 CAPABILITY
* CAPABILITY IMAP4 IMAP4rev1 AUTH=PLAIN AUTH=XOAUTH2 SASL-IR UIDPLUS MOVE ID UNSELECT CHILDREN IDLE NAMESPACE LITERAL+
02 OK CAPABILITY completed
So, i try to authenticate using PLAIN. As far as i understand i need to put the credentials in base64 format, so i use the command "base64" from my linux server in order to get. So, if my username is "[email protected]" and my password is "mysecretpassword" i use this:
echo -en "\[email protected]\0mysecretpassword" | openssl base64
I get
AHVzZXJAbXlkb21haW4uY29tAG15c2VjcmV0cGFzc3dvcmQ=
Then in the connection i use :
01 AUTHENTICATE PLAIN
+
AHVzZXJAbXlkb21haW4uY29tAG15c2VjcmV0cGFzc3dvcmQ=
01 NO AUTHENTICATE failed.
No matter what i try i always get "AUTHENTICATE failed". Maybe i'm not doing something wrong?. Do i need to set up something else in the office365 server? Is correct to asume if the server answer with AUTH=PLAIN as capability i can use this method to authenticate?. On other hand I'm 100% sure about my user and password, i can connec to to the SMTP (smpt.office365.com) server with this credentials without any problem. I have tried without luck this credentials:
"\[email protected]\0mysecretpassword"
"\[email protected]\000mysecretpassword"
"\[email protected]\[email protected]\0mysecretpassword"
Any ideas? Thanks!
Upvotes: 3
Views: 13009
Answers (1)
Reputation: 127
I have finally made some tests and thanks to @Max who pointed my in the right direction i was able to make this thing work. I have contacted MS support and I was able to first check the IMAP status of my Office365 account.
I followed the steps here (https://www.kraftkennedy.com/how-to-temporarily-re-enable-basic-authentication-in-exchange-online/) in order to check the status of my IMAP service, and it was with Basic Auth disabled..., so with the admin account i was able to enable it using a little box.
Then i was succesfully able to login using "Basic Auth"..with
01 AUTHETICATE PLAIN Ahfu4sdjkdsu9d9d9wee4
01 OK AUTHENTICATE completed.
And with 01 LOGIN user pass 01 OK LOGIN completed.
So, as @Max mention, Microsoft is disabling "Basic Auth" for good, but you can enable it again. Hope this could be useful for all.
Regards,
Upvotes: 5
Related Questions
- Office 365 IMAP authentication via OAuth2 and python MSAL library
- Connect to outlook Office 365 IMAP using OAUTH2
- Office 365 XOAUTH2 for IMAP and SMTP Authentication fails
- Office 365 Exchange Online - Client credentials - IMAP No Authentication
- Azure AD Service Principal client credentials grant AUTHENTICATE failed accessing outlook.office365.com mailbox via IMAP
- Office365 IMAP suddenly returns "Authenticate Failed"
- Retrieving Emails from Office365 using OAuth2.0
- Can't connect to Office 365 using php imap_open
- S22 imap fetch mails from office365
- MailKit C# ImapClient.Connect() to Office 365 generating exception: "The remote certificate is invalid according to the validation procedure"