Project

General

Profile

Actions

Patch #40325

open

Redmine Email Notification Issue - Help Needed for Modern Authentication

Added by Darshan Faldu 10 months ago. Updated 9 months ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Email notifications
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:

Description

Hi,

We've recently configured Redmine for our organization, and while everything seems to be working smoothly, we're encountering an issue with email notifications.

We have configured the email delivery method to use SMTP, as shown below:

email_delivery:
  delivery_method: :smtp
    smtp_settings:
      address: smtp.office365.com
      port: 587
      domain: smtp.office365.com
      authentication: :login
      user_name: "noreply@myorg.com" 
      password: "my~p@ssw0rd" 
      enable_starttls_auto: true

However, when attempting to send a test email, we receive the following error:

An error occurred while sending mail (535 5.7.139 Authentication unsuccessful, basic authentication is disabled. [BM1PR01CA0164.INDPRD01.PROD.OUTLOOK.COM 2024-02-28T11:48:49.884Z 08DC38275E4F25C6])

Our research suggests that Redmine may not fully support modern authentication methods by default, and Microsoft's deprecation of basic authentication for Office 365 further complicates this situation.

We would greatly appreciate your guidance on how to address this issue and ensure successful email notifications from Redmine.

Below are the Redmine installation information.

Environment:
  Redmine version                5.0.3.stable
  Ruby version                   2.6.10-p210 (2022-04-12) [x64-mingw32]
  Rails version                  6.1.7
  Environment                    production
  Database adapter               Mysql2
  Mailer queue                   ActiveJob::QueueAdapters::AsyncAdapter
  Mailer delivery                smtp
Redmine settings:
  Redmine theme                  Default
SCM:
  Git                            2.41.0
  Filesystem                     
Redmine plugins:
  no plugin installed

Thank you for your time and assistance.


Files

Screenshot_1.png (21.1 KB) Screenshot_1.png Darshan Faldu, 2024-02-28 12:59
Actions #1

Updated by Pavel Rosický 10 months ago

SMTP login authentication works fine with O365, but you have to disable MFA (in Azure)

an alternative is to use OAUTH2 authentication, but Ruby doesn't even support it until recently https://github.com/ruby/net-smtp/pull/80 , and even with it it's much harder to set up.

Actions #2

Updated by Darshan Faldu 10 months ago

Hi Pavel Rosický,

Thank you for your prompt response and assistance.

I'd like to confirm that Multi-Factor Authentication (MFA) is indeed disabled for the configured email account. I also ensured that I logged in to the specific mailbox using only the primary password, without any secondary password or additional actions needed.

I appreciate it if you could offer any further suggestions that might be causing this email notification issue. This will help us troubleshoot and resolve the problem effectively.

Actions #3

Updated by Pavel Rosický 10 months ago

Hi, your question belongs to Microsoft support rather than to Redmine's development issue tracker.

there could be multiple reasons, SMTP auth is most likely disabled on your tenant
https://www.manageengine.com/network-monitoring/how-to/fix-smtpclientauth-disabled-error.html
you may need an Office365 license (not sure, but it's necessary for IMAP integrations)

I would also recommend upgrading your Ruby version since 2.6 is EOL, but it's unlikely the cause for this particular error.

Actions #4

Updated by Darshan Faldu 10 months ago

Thank you for your reply. We have checked based on our knowledge, and it appears SMTP Auth is enabled for our tenant as well as the particular mailbox. We will still reach out to Microsoft to clarify the root cause of the issue.

In the meantime, could you please advise on the methodology Redmine uses for email delivery via SMTP? Specifically, is it SMTP Auth with Basic Authentication, SMTP Auth with Modern Authentication (OAuth2.0), or something else?

Actions #5

Updated by Pavel Rosický 10 months ago

authentication: :login stands for SMTP Auth with Basic Authentication

but unlike IMAP/POP3 it should still work without oauth
https://learn.microsoft.com/en-us/exchange/mail-flow-best-practices/how-to-set-up-a-multifunction-device-or-application-to-send-email-using-microsoft-365-or-office-365

We recommend using Modern Authentication when connecting with our service. Although SMTP AUTH now supports OAuth, most devices and clients haven't been designed to use OAuth with SMTP AUTH. As a result, there are no plans to disable Basic Authentication for SMTP AUTH clients at this time. For more information about OAuth, see Authenticate an IMAP, POP or SMTP connection using OAuth.

You must also verify that SMTP AUTH is enabled for the mailbox being used. SMTP AUTH is disabled for organizations created after January 2020 but can be enabled per-mailbox.

xoauth2 is the "modern" authentication, but you may need some extensions https://github.com/nfo/gmail_xoauth and generate a token to make it work. Note that https://github.com/ruby/net-smtp/pull/80 will make this gem obsolete, but it's not released yet, so you can't use it now (especially with Ruby 2.6).

Actions

Also available in: Atom PDF