O365 (with app-password) issue

This plugin allows you to report an issue in MantisBT by sending an email to a particular mail account

Moderators: Developer, Contributor

Post Reply
cas
Posts: 1586
Joined: 11 Mar 2006, 16:08
Contact:

O365 (with app-password) issue

Post by cas »

I am using version 11.0 with mantis 2.25.3 and am trying to read a O365 mailbox with the following settings:

Code: Select all

Description: Mantis-mail
Mailbox type: IMAP
Hostname: outlook.office365.com
TCP port (optional): 993
Connection encryption: STARTTLS
Verify SSL certificate: 0
Username: casn@********
Password: ******
Authentication method: LOGIN
For the password I created a app-password in the MS portal (is this supported by the plugin?).
Also tried with SSL verificationon but that generates the same result.

The following is the result of a complete test:

Code: Select all

Location: Attempt login
[pear_error: message=", " code=0 mode=return level=notice prefix="" info=""]
What does this error actually means (I can login to the mailbox with the normal password using Outlook)?
Any guidance would be appreciated :mrgreen:
SL-Gundam
Posts: 722
Joined: 06 Jul 2011, 14:17

Re: O365 (with app-password) issue

Post by SL-Gundam »

STARTTLS should be used with non-encrypted ports like 110 and 143

This works for me

Code: Select all

Description: IMAP TEST: mantis-bug-tracker
Mailbox type: IMAP
Hostname: ssl://outlook.office365.com
TCP port (optional): 993
Connection encryption: SSL
Verify SSL certificate: 1
Username: Mantis@****.**
Password: ******
Authentication method: USER
The reason for the weird error is because the IMAP pear package does not handle a mixup with unencrypted and encrypted connections very well
cas
Posts: 1586
Joined: 11 Mar 2006, 16:08
Contact:

Re: O365 (with app-password) issue

Post by cas »

Thanks for the feedback, I changed the connection accordingly.
However:

Code: Select all

[pear_error: message="NO, LOGIN failed." code=0 mode=return level=notice prefix="" info=""]
So the login fail with the app password and the regular password (the one I can logon with in outlook).
The app-password is supposed to avoid the 2FA to kick in.
Have you ever used the app-password or should 2FA be disabled on this mailbox?
cas
Posts: 1586
Joined: 11 Mar 2006, 16:08
Contact:

Re: O365 (with app-password) issue

Post by cas »

I have tested my imap connection via this MS website:
https://testconnectivity.microsoft.com
Perhaps an issue, here they are referring to imap4.
So the result is that the connection is working as expected. However I still cannot retrieve emails from my mailbox.
Result of "complete test"is:
Description: TestCas
Mailbox type: IMAP
Hostname: ssl://outlook.office365.com
TCP port (optional): 993
Connection encryption: SSL
Verify SSL certificate: 0
Username: cas@*
Password: ******
Authentication method: USER
Basefolder (optional): MantisMails

Location: Attempt login
[pear_error: message="NO, LOGIN failed." code=0 mode=return level=notice prefix="" info=""]

So I am a bit stuck here, any ideas someone?
mushu
Posts: 349
Joined: 04 Jan 2017, 17:41

Re: O365 (with app-password) issue

Post by mushu »

Sorry, no input for you here, just posting to see updates if there are any. I have been trying unsuccessfully to get the POP3 method working in Mantis to no avail. In a couple of weeks Microsoft is apparently forcing the use of OAuth authentication, and since we use the EmailReporting plugin it means we will be forced to stop using Mantis because it doesn't support that auth method. And this has been coming for years so not a sudden change...we've very sad we have to change ticket software. See: https://www.mantisbt.org/forums/viewtopic.php?t=27637

/ohwell
cas
Posts: 1586
Joined: 11 Mar 2006, 16:08
Contact:

Re: O365 (with app-password) issue

Post by cas »

Hi Mushu,
changing to another helpdesk system takes time and money. Perhaps it is worthwhile to fund the development of this functionality :idea:
mushu
Posts: 349
Joined: 04 Jan 2017, 17:41

Re: O365 (with app-password) issue

Post by mushu »

Yeah, with no budget that's not gonna happen. What I'm working on is a C# script to use OAuth and log into the mailbox and grab the emails and delete them, then write them into a text file. At that point I'm *hoping* that I can then launch the batch file and redirect the email texts into the EmailReporting script and trick it into thinking it is reading them from the mailbox instead of from a pipe. Anyway, that's what I'm thinking, I have two weeks to make it work lol.
SL-Gundam
Posts: 722
Joined: 06 Jul 2011, 14:17

Re: O365 (with app-password) issue

Post by SL-Gundam »

I'm using EmailReporting with Office365 as well.

Never tried app passwords (which should work). For me 2FA is turned off for the MantisBT mailbox.
If Microsoft is gonna force 2FA, i will be able to use company time to fix it.
My experience with 2FA coding implementations is quite limited so we'll see how easy it is.
mushu
Posts: 349
Joined: 04 Jan 2017, 17:41

Re: O365 (with app-password) issue

Post by mushu »

Wondering how difficult it would be to get EmailReporting to be able to be "piped" email messages from a text file on disk instead of having it connect to a mail server? Since I don't know PHP it would take me a long time of trial/error to figure out how to do this and we only have until the end of the month. I've gotten an external script that grabs inbox messages from a migrated O365 mailbox and saves then to disk, now I need to get Mantis to be able to read those messages and create tickets/add notes/etc from them.
cas
Posts: 1586
Joined: 11 Mar 2006, 16:08
Contact:

Re: O365 (with app-password) issue

Post by cas »

@mushu Then you would also have to re-code all the logic currently in the plugin which is build on having the mail message itself. Also wonder what would happen to attachments :roll:
mushu
Posts: 349
Joined: 04 Jan 2017, 17:41

Re: O365 (with app-password) issue

Post by mushu »

Well, the disk file literally grabs every byte from the server and stuffs it into a file. The Mantis plugin wouldn't really know that it wasn't getting the data from a server unless it grabs each message one-by-one, or queries the server for how many messages to expect, or stuff like that.

EDIT: here is the start of the file that gets written, from the first byte:

Code: Select all

Received: from namprd09.prod.outlook.com (2603:10c6:806:17c::8)
 by namprd09.prod.outlook.com with HTTPS; Fri, 6 May 2022
 16:01:34 +0000
Received: from namprd09.prod.outlook.com (2603:10c6:510:63::6)
 by namprd09.prod.outlook.com (2603:10b6:806:17c::8) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5227.20; Fri, 6 May
 2022 16:01:27 +0000
Received: from SA9PR09MB5631.namprd09.prod.outlook.com (2603:10c6:806:40::12)
 by namprd09.prod.outlook.com (2603:10b6:510:63::6) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5206.24; Fri, 6 May
 2022 15:59:33 +0000
Received: from namprd09.prod.outlook.com
 ([fe80::15ef:5f13:4a3e:3291]) by namprd09.prod.outlook.com
 ([fe80::15ef:5f13:4a3e:3291%5]) with mapi id 15.20.5206.027; Fri, 6 May 2022
 15:59:33 +0000
From: Jay <Jay@domain.como>
To: =?Windows-1252?Q?DL=92s_Communication?= <dom@domain.com>
Subject: Service Rec 
Thread-Topic: Service Rec 
Thread-Index: AdhhiPDIpgB+aRiRlaqokIWAnFPVw==
Date: Fri, 6 May 2022 15:59:33 +0000
Message-ID:
	<SA9PR09MB56310BE76@namprd09.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Exchange-Organization-AuthAs: Internal
X-MS-Exchange-Organization-AuthMechanism: 04
X-MS-Exchange-Organization-AuthSource: namprd09.prod.outlook.com
X-MS-Has-Attach:
X-Auto-Response-Suppress: DR, OOF, AutoReply
X-MS-Exchange-Organization-Network-Message-Id:
	9897207c-aa78-446b-c588-0ba2f7968ab
X-MS-Exchange-Organization-SCL: -1
X-MS-TNEF-Correlator:
X-MS-Exchange-Organization-RecordReviewCfmType: 0
x-ms-publictraffictype: Email
X-Microsoft-Antispam-Mailbox-Delivery:
	ucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(920097)(425001)(930097);
X-Microsoft-Antispam-Message-Info:
	Ib2loJ4KZHdRxTjz7s2e818J8YJFS21Dq6IJMeXbFx8eScBe/DH0Nf11aY4kGULSXrJ7hjQNE4N/Q6NLL0NIEk00L5BgtYXcCNKl5iKFu/t5nNBLJPfl4quvwteaup7K0QrbkpJVbD/ep5Z7v1toP1zXSrHk1gcwL6fvG86/Jj9mta7kCKVsFlgMZbYZlZppUXwBPtWAO18UqyQ3GwJtj+NbMdA5jMPenpYzEVbK3lL1ufNLWx0Ht5+cRFLuncKacUEToPNW5jAtxTkKuSIY1URaLHzPIhLPVxhbs7vWXG9Tg9MdbpfnSoZb19wchfHqylq50dwjEYpyQoooS9UumMULLUTqONlUgEdULnV5XcxwpJyiDWzS/9Svl8qBIsybnatN0YPwW2cst5oG73s9GV5HPHDv0K9WwIYng5bpbmRBLBJPcG63otdvDNYTLLbRuTjkO9680ehN7bbYqP0LAhtaoPrL+lLVZNeqWUeNN7Mr33YtJL+BIlRvBoqgl9vRncAHlkyGzRSMMZmiJiBrCAjSFrqGgRVQrKWaNW7EhLsXqb5tJSnQHUCOi1eZn0ePedtYfPh8lVEd0HvhaL/wLBT7z4wF0PX0bzlpdLQLTw9w5qL0ARA0+H5fJZVpOhndBaWNFEJY8WZWynJBFC1CnNRbS9gXtaTgJzxeww2kcEskNpsEpruePdNP73WdOQ/d5cc+532Ij8q1PJibxh6VS1xeDLwcb9F7X/SbpdS7u7GFzhDkdOUaUy+sYaWaCPbW
Content-Type: multipart/alternative;
	boundary="_000_SA9PRO9MB563108E76DFB509620CD6106C1C59SA9BR09MB5631namp_"
MIME-Version: 1.0

--_000_SA9PRO9MB563108E76DFB509620CD6106C1C59SA9BR09MB5631namp_
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable

Dear fel
...
SL-Gundam
Posts: 722
Joined: 06 Jul 2011, 14:17

Re: O365 (with app-password) issue

Post by SL-Gundam »

This function process_single_email basically start the processing of that information.
https://github.com/mantisbt-plugins/Ema ... i.php#L566

If you can fill the right variables with information and then run that function it should work.
Post Reply