MailKit与Microsoft 365服务器不成功的SMTP OAuth [英] MailKit unsuccessful SMTP OAuth with Microsoft 365 server

问题描述

我正在使用MailKit 2.6.0.0使用OAuth连接到Microsoft 365，以对POP3，IMAP和SMTP进行身份验证. ImapClient和Pop3Client成功验证，但SmtpClient不成功.这是MailKit的协议日志:

I'm using MailKit 2.6.0.0 to connect to Microsoft 365 using OAuth for authentication with POP3, IMAP, and SMTP. The ImapClient and Pop3Client authenticate successfully but the SmtpClient does not. Here's the protocol log from MailKit:

Connected to smtp://smtp.office365.com:587/?starttls=always
S: 220 MN2PR04CA0011.outlook.office365.com Microsoft ESMTP MAIL Service ready at Sat, 30 May 2020 07:48:32 +0000
C: EHLO [192.168.1.240]
S: 250-MN2PR04CA0011.outlook.office365.com Hello [my-ip]
S: 250-SIZE 157286400
S: 250-PIPELINING
S: 250-DSN
S: 250-ENHANCEDSTATUSCODES
S: 250-STARTTLS
S: 250-8BITMIME
S: 250-BINARYMIME
S: 250-CHUNKING
S: 250 SMTPUTF8
C: STARTTLS
S: 220 2.0.0 SMTP server ready
C: EHLO [192.168.1.240]
S: 250-MN2PR04CA0011.outlook.office365.com Hello [my-ip]
S: 250-SIZE 157286400
S: 250-PIPELINING
S: 250-DSN
S: 250-ENHANCEDSTATUSCODES
S: 250-AUTH LOGIN XOAUTH2
S: 250-8BITMIME
S: 250-BINARYMIME
S: 250-CHUNKING
S: 250 SMTPUTF8
C: AUTH XOAUTH2 BASE64USERANDTOKEN
S: 535 5.7.3 Authentication unsuccessful [MN2PR04CA0011.namprd04.prod.outlook.com]
C: QUIT
S: 221 2.0.0 Service closing transmission channel

我已经破解了BASE64USERANDTOKEN值，它看起来与成功的POP3/IMAP连接中提供的值完全相同.我不知道失败的SMTP身份验证是由Microsoft 365的错误配置还是协议对话框中的问题引起的.我正在使用提供的Microsoft 365开发人员订阅作为我的MSDN订阅的一项好处.我找不到特定于SMTP的任何配置设置，并且使用了正确的范围( https://交换访问令牌的授权代码时，会出现Outlook.office365.com/SMTP.Send }.在Microsoft 365中，我也找不到任何错误日志条目，这将有助于诊断问题.

I've cracked open the BASE64USERANDTOKEN value and it looks exactly like that provided in the successful POP3/IMAP connections. I don't know whether the unsuccessful SMTP authentication is caused by a mis-configuration of Microsoft 365 or a problem in the protocol dialogue. I'm using the Microsoft 365 Developer Subscription provided as a benefit of my MSDN subscription. I can't find any configuration setting specific to SMTP and I've used the correct scope (https://outlook.office365.com/SMTP.Send} when exchanging an authorization code for the access toke. I also can't find any error log entries in Microsoft 365 which would help in diagnosing the problem.

关于协议对话，我在与Google有所不同，网址为 https://developers.google.com/gmail/imap/xoauth2-protocol ，类似于MailKit协议日志:

differs from Google's at https://developers.google.com/gmail/imap/xoauth2-protocol which is like the MailKit protocol log:

[connection begins]
S: 220 mx.google.com ESMTP 12sm2095603fks.9
C: EHLO sender.example.com
S: 250-mx.google.com at your service, [172.31.135.47]
S: 250-SIZE 35651584
S: 250-8BITMIME
S: 250-AUTH LOGIN PLAIN XOAUTH XOAUTH2
S: 250-ENHANCEDSTATUSCODES
S: 250 PIPELINING
C: AUTH XOAUTH2 dXNlcj1zb21ldXNlckBleGFtcGxlLmNvbQFhdXRoPUJlYXJlciB5YTI5LnZGOWRmdDRxbVRjMk52YjNSbGNrQmhkSFJoZG1semRHRXVZMjl0Q2cBAQ==
S: 235 2.7.0 Accepted
[connection continues...]

这可能是导致身份验证失败的原因吗?

Is this a possible cause of the authentiation failure?

推荐答案

找到了身份验证失败的实际原因.如原始帖子中所述，我正在使用Microsoft 365开发人员订阅，这使我的域看起来像schlagermeier.onmicrosoft.com(不是真实的，伙计们).我进入了该帐户的Microsoft 365管理门户，并获得了指导配置"经验或类似经验.这是一系列页面的向导ui.一页上有一个带有两个单选按钮的选择域".一个按钮标记为"Use schlagermeier.onmicrosoft.com"，另一个按钮标记为"Enter domain"，其中包含用于您已经注册并拥有的域(例如schlagermeier.com)的输入框.因此，看来您必须显式设置一个域才能使SMTP正常工作，这很有意义.我只是假设将使用onmicrosoft域.

Found the actual cause of unsuccessful authentication. As mentioned in the original post I'm using my Microsoft 365 Developer Subscription, which gives me a domain looking something like schlagermeier.onmicrosoft.com (not real, folks). I went into the Microsoft 365 admin portal for that account and was offered a "guided configuration" experience or somesuch. This was a sort of wizard ui as a series of webpages. One page had a "choose domain" with two radio buttons. One button was labelled "Use schlagermeier.onmicrosoft.com" and the other was "Enter domain" with an input box for a domain you're already registered and own (e.g. schlagermeier.com). So it appears that you have to explicitly set a domain for SMTP to work, which makes sense. I just assumed the onmicrosoft domain would be used.

这篇关于MailKit与Microsoft 365服务器不成功的SMTP OAuth的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！