SMTP test update

[BoschmanIT]

Hi support,

Would it be possible to update the SMTP test to support modern authentication so we can test SMTP authentication for Microsoft365?

Kind regards,
Jeffrey

[KS-Soft]

There is Mail Relay test method, support various authentication methods, TLS, etc
https://www.ks-soft.net/hostmon.eng/mfr ... #mailrelay

May be you are asking about OAuth? Its not supported yet and we do not like it. Its not well designed for autonomous systems like HostMonitor..
But probably will implemented it as well

Regards
Alex

[BoschmanIT]

Well yea I think Oauth is what they use these days. I tried the mail relay test as suggested, but I found its not working well. Sending the email works fine, but using IMAP to check the receiving email is not working. The test keeps saying "No answer" even tho the mail in in the inbox of the recipient.

[KS-Soft]

The test keeps saying "No answer" even tho the mail in in the inbox of the recipient.

Correct TCP port is set?
Correct TLS mode is set?
What TLS version is used on the server?
HostMonitor version?

Regards
Alex

[BoschmanIT]

Outgoing SMTP:
Host smtp.office365.com
TCP port is 587
TLS is set to Explicit

Incoming IMAP:
Host outlook.office365.com
TCP port is 993
TLS is set to Explicit

HM version is 14.54

[KS-Soft]

https://support.microsoft.com/en-us/off ... 414e2aa040

By default POP3 and IMAP disabled in Outlook.com but you can enable it

If you want to use POP or IMAP to access your email in Outlook.com, you'll first need to enable access.
Select Settings > Mail > Forwarding and IMAP.
Under POP and IMAP, toggle the slider for Let devices and apps use POP or Let devices and apps use IMAP to ON depending on the account you are enabling.
Select Save.

Looks like other login methods still work, unless this document was not updated in time

Basic auth is in the process of being deprecated from the Outlook.com service.

"Plain" login over TLS 1.2, 1.3 is very secure, we don't know why they want to move everything to OAuth (OAuth makes sense in many cases but not for automatic unattended systems like HostMonitor)

Regards
Alex

[BoschmanIT]

By default POP3 and IMAP disabled in Outlook.com but you can enable it

For us its a little different, we use Exchange Online and we enabled it there. Also we checked and the security defaults in our Entra ID environment are turned off.

https://learn.microsoft.com/en-us/excha ... nge-online

Enabling or disabling modern authentication has no effect on IMAP or POP3 clients. However, if you've enabled security defaults in your organization, POP3 and IMAP4 are already disabled in Exchange Online. For more information, see Security defaults in Microsoft Entra ID.

At this point me/my team do not understand where this goes wrong.

[KS-Soft]

In case of authentication related problems you should see Bad test status and error description in Reply field of the test.
No answer status means HostMonitor could not connect to the server, this is probably TCP or TLS problem (e.g. wrong port, expired certificate or certificate for wrong host).
You may tell HostMonitor to ignore some TLS problems, see Options dialog -> Misc -> SSL options

Regards
Alex

[BoschmanIT]

Unfortunately no luck with that as well. We did some more digging and found loads of people with the same issue only on the IMAP protocol. To I think for now we will make a powershell script that does a similar test as the email relay test in HM.

I got the impression that you guys don't like to support Oauth
You think it will ever make it into HostMonitor?

[KS-Soft]

Yes, we don't like it but we will implement it some day.

But your problem is not related to OAuth (or not only to OAuth). Can you connect to target port using TCP test? If yes, that's TSL related problem.
E.g.
- if you setup TCP test and it shows Ok status, its not connection/firewall problem
- if you setup IMAP test and it will show some "Unknown" status, check error description.

May be IMAP test cannot use TLS 1.2 or TLS 1.3 because old Windows installed on HostMonitor system?
HostMonitor v14 can use TLS 1.3 for IMAP test but not on old Windows.
What Windows do you use? IE version?

Also, may be custom hostmon.ini options used and disabled TLS 1.2, 1.3?
Do you see the following lines in hostmon.ini?
sslProtocols
sslProto_POP3
sslProto_LDAP
sslProto_IMAP

Oh, you are using Explicit TLS option, I think Implicit should be used for outlook.office365.com

Regards
Alex

[KS-Soft]

We just rechecked IMAP test with outlook.office365.com, got "Failed to verify key exchange signature" error.
It worked before, probably Microsoft changed some encryption algorithms, so we need improvements again

Regards
Alex

[BoschmanIT]

Hi Alex,

We run Windows Server 2019, so TLS1.3 is not supported. But still with TLS1.2 it should not be of any issue.

Do you see the following lines in hostmon.ini?
sslProtocols
sslProto_POP3
sslProto_LDAP
sslProto_IMAP

These are not in my hostmon.ini file.

Oh, you are using Explicit TLS option, I think Implicit should be used for outlook.office365.com

I tried both, with the Explicit option I get no answer and with the Implicit option the reply is, "276: Failed to verify key exchange signature".

[BoschmanIT]

We just rechecked IMAP test with outlook.office365.com, got "Failed to verify key exchange signature" error.
It worked before, probably Microsoft changed some encryption algorithms, so we need improvements again

Regards
Alex

Ohh you beat me to it. I'll continue the search. If I find anything usefull I'll share it here