Patch #40325
openRedmine Email Notification Issue - Help Needed for Modern Authentication
0%
Description
Hi,
We've recently configured Redmine for our organization, and while everything seems to be working smoothly, we're encountering an issue with email notifications.
We have configured the email delivery method to use SMTP, as shown below:
email_delivery:
delivery_method: :smtp
smtp_settings:
address: smtp.office365.com
port: 587
domain: smtp.office365.com
authentication: :login
user_name: "noreply@myorg.com"
password: "my~p@ssw0rd"
enable_starttls_auto: true
However, when attempting to send a test email, we receive the following error:
An error occurred while sending mail (535 5.7.139 Authentication unsuccessful, basic authentication is disabled. [BM1PR01CA0164.INDPRD01.PROD.OUTLOOK.COM 2024-02-28T11:48:49.884Z 08DC38275E4F25C6])
Our research suggests that Redmine may not fully support modern authentication methods by default, and Microsoft's deprecation of basic authentication for Office 365 further complicates this situation.
We would greatly appreciate your guidance on how to address this issue and ensure successful email notifications from Redmine.
Below are the Redmine installation information.
Environment:
Redmine version 5.0.3.stable
Ruby version 2.6.10-p210 (2022-04-12) [x64-mingw32]
Rails version 6.1.7
Environment production
Database adapter Mysql2
Mailer queue ActiveJob::QueueAdapters::AsyncAdapter
Mailer delivery smtp
Redmine settings:
Redmine theme Default
SCM:
Git 2.41.0
Filesystem
Redmine plugins:
no plugin installed
Thank you for your time and assistance.
Files
Updated by Pavel Rosický 10 months ago
SMTP login authentication works fine with O365, but you have to disable MFA (in Azure)
an alternative is to use OAUTH2 authentication, but Ruby doesn't even support it until recently https://github.com/ruby/net-smtp/pull/80 , and even with it it's much harder to set up.
Updated by Darshan Faldu 10 months ago
Hi Pavel Rosický,
Thank you for your prompt response and assistance.
I'd like to confirm that Multi-Factor Authentication (MFA) is indeed disabled for the configured email account. I also ensured that I logged in to the specific mailbox using only the primary password, without any secondary password or additional actions needed.
I appreciate it if you could offer any further suggestions that might be causing this email notification issue. This will help us troubleshoot and resolve the problem effectively.
Updated by Pavel Rosický 10 months ago
Hi, your question belongs to Microsoft support rather than to Redmine's development issue tracker.
there could be multiple reasons, SMTP auth is most likely disabled on your tenant
https://www.manageengine.com/network-monitoring/how-to/fix-smtpclientauth-disabled-error.html
you may need an Office365 license (not sure, but it's necessary for IMAP integrations)
I would also recommend upgrading your Ruby version since 2.6 is EOL, but it's unlikely the cause for this particular error.
Updated by Darshan Faldu 10 months ago
Thank you for your reply. We have checked based on our knowledge, and it appears SMTP Auth is enabled for our tenant as well as the particular mailbox. We will still reach out to Microsoft to clarify the root cause of the issue.
In the meantime, could you please advise on the methodology Redmine uses for email delivery via SMTP? Specifically, is it SMTP Auth with Basic Authentication, SMTP Auth with Modern Authentication (OAuth2.0), or something else?
Updated by Pavel Rosický 10 months ago
authentication: :login stands for SMTP Auth with Basic Authentication
but unlike IMAP/POP3 it should still work without oauth
https://learn.microsoft.com/en-us/exchange/mail-flow-best-practices/how-to-set-up-a-multifunction-device-or-application-to-send-email-using-microsoft-365-or-office-365
We recommend using Modern Authentication when connecting with our service. Although SMTP AUTH now supports OAuth, most devices and clients haven't been designed to use OAuth with SMTP AUTH. As a result, there are no plans to disable Basic Authentication for SMTP AUTH clients at this time. For more information about OAuth, see Authenticate an IMAP, POP or SMTP connection using OAuth.
You must also verify that SMTP AUTH is enabled for the mailbox being used. SMTP AUTH is disabled for organizations created after January 2020 but can be enabled per-mailbox.
xoauth2 is the "modern" authentication, but you may need some extensions https://github.com/nfo/gmail_xoauth and generate a token to make it work. Note that https://github.com/ruby/net-smtp/pull/80 will make this gem obsolete, but it's not released yet, so you can't use it now (especially with Ruby 2.6).