Description

Whenever trying to connect using Mailspring, an institutional office365 account doesn’t authenticate. So far I’ve tried as many options as there are online (including multiple different DavMail configs).

The same problem occurs for accounts with two-factor authentication enabled and an app password is generated for authentication.

To Reproduce…

Steps to reproduce the behavior:

1. Add account → Office 365
2. Add name, mail and password
3. Login not succeded

Expected Behavior

Account to be authenticated

Log

----------IMAP----------
connect mailcore::IMAPSession:0x7fffc7838df0

OK The Microsoft Exchange IMAP4 service is ready. [QwBIADIAUABSADEANABDAEEAMAAwADAANwAuAG4AYQBtAHAAcgBkADEANAAuAHAAcgBvAGQALgBvAHUAdABsAG8AbwBrAC4AYwBvAG0A]
ssl connect outlook.office365.com 993 2
OpenSSL version: OpenSSL 1.1.0f 25 May 2017
1 CAPABILITY
CAPABILITY IMAP4 IMAP4rev1 AUTH=PLAIN AUTH=XOAUTH2 SASL-IR UIDPLUS ID UNSELECT CHILDREN IDLE NAMESPACE LITERAL+
1 OK CAPABILITY completed.
connect ok
login
2 LOGIN "username@domain.edu" "####"
2 NO LOGIN failed.

Setup

• OS and Version: Ubuntu Linux 20.04
• Mailspring Version: 1.7.8

Additional Context

The behavior is the same wether there is normal password authentication (no two-factor) and when using app-password (account has two-factor).

Migrated from Github

Issue #2245

#1912 may be a duplicate of this issue.

It appears that some organizational Office365 accounts actually require OAuth. Mailspring will need to add OAuth support to resolve this.

On GitHub, bhachech pointed out that OAuth2 is supported now, hopefully negating the need for EWS.

• Announcing OAuth 2.0 support for IMAP, SMTP client protocols in Exchange Online - Microsoft 365 Developer Blog
• Authenticate an IMAP, POP or SMTP connection using OAuth | Microsoft Docs

Kamiware on GitHub suggests out that rate limits may be involved.

By the way, this is already underway in Switch to OAuth for Office 365 accounts now that MSFT support is live… · Foundry376/Mailspring@052f6dd · GitHub, and will probably make it into the forthcoming release.

@CodeMouse92, could you point me to the roadmap for Mailspring? I am having similar issues: my organization requires OAuth and I am therefore unable to use Mailspring currently. I would like to follow the development on this but am unsure of where I can find it…

We are just getting the ball rolling, but from the looks of it, OAuth should be forthcoming in the next week or so.

I hope we will have a roadmap very soon.

Update: I’m still getting oriented to the timeline of the past year. The prior Office365 fixes were in 1.7.8 (May 2020). See CHANGELOG.

However, we’re hoping to have another release in the next couple of weeks, and this is a top priority.

Hi again

I just upgraded to the 1.8.0 version. Now it seems like there is some support for OAuth. At least I got directed to the login page for my office365 account. But still no luck in getting authenticated.

bilde1826×598 91.8 KB

Here is the terminal output:

{ Error: Authentication Error - Check your username and password. (SMTP)
    at ChildProcess._proc.on.code (file:///tmp/nylas-build/electron-packager/linux-x64/mailspring-linux-x64/resources/app/src/mailsync-process.ts:222:27)
    at ChildProcess.emit (events.js:182:13)
    at ChildProcess.EventEmitter.emit (domain.js:442:20)
    at maybeClose (internal/child_process.js:962:16)
    at Socket.stream.socket.on (internal/child_process.js:381:11)
    at Socket.emit (events.js:182:13)
    at Socket.EventEmitter.emit (domain.js:442:20)
    at Pipe._handle.close (net.js:606:12)
  message:
   'Authentication Error - Check your username and password. (SMTP)',
  rawLog:
   '----------IMAP----------
connect <mailcore::IMAPSession:0x7ffeefdc61e0>
* OK The Microsoft Exchange IMAP4 service is ready. [===REMOVED===]
ssl connect outlook.office365.com 993 2
OpenSSL version: OpenSSL 1.1.0f  25 May 2017
1 CAPABILITY
* CAPABILITY IMAP4 IMAP4rev1 AUTH=PLAIN AUTH=XOAUTH2 SASL-IR UIDPLUS ID UNSELECT CHILDREN IDLE NAMESPACE LITERAL+
1 OK CAPABILITY completed.
connect ok
login
2 AUTHENTICATE XOAUTH2 ===REMOVED===
2 OK AUTHENTICATE completed.
3 CAPABILITY
* CAPABILITY IMAP4 IMAP4rev1 AUTH=PLAIN AUTH=XOAUTH2 SASL-IR UIDPLUS MOVE ID UNSELECT CLIENTACCESSRULES CLIENTNETWORKPRESENCELOCATION BACKENDAUTHENTICATE CHILDREN IDLE NAMESPACE LITERAL+
3 OK CAPABILITY completed.
4 NAMESPACE
* NAMESPACE (("" "/")) NIL NIL
4 OK NAMESPACE completed.
login ok
5 LIST "" "*"
* LIST (\\HasNoChildren) ===Removed===
* LIST ........
* LIST ........
* LIST ........
5 OK LIST completed.


----------SMTP----------
connect smtp.office365.com 587
220 OL1P279CA0035.outlook.office365.com Microsoft ESMTP MAIL Service ready at Thu, 21 Jan 2021 07:51:07 +0000
init
EHLO hkorsvoll-Latitude-E7450
250-OL1P279CA0035.outlook.office365.com Hello [2a02:1660:6186:e00:f83b:79fa:d2c2:e17b]
250-SIZE 157286400
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-STARTTLS
250-8BITMIME
250-BINARYMIME
250-CHUNKING
250 SMTPUTF8
start TLS
STARTTLS
220 2.0.0 SMTP server ready
done
OpenSSL version: OpenSSL 1.1.0f  25 May 2017
init after starttls
EHLO hkorsvoll-Latitude-E7450
250-OL1P279CA0035.outlook.office365.com Hello [2a02:1660:6186:e00:f83b:79fa:d2c2:e17b]
250-SIZE 157286400
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-AUTH LOGIN XOAUTH2
250-8BITMIME
250-BINARYMIME
250-CHUNKING
250 SMTPUTF8
AUTH XOAUTH2 ===REMOVED===
451 4.7.0 Temporary server error. Please try again later. PRX4  [OL1P279CA0035.NORP279.PROD.OUTLOOK.COM]


SASL_PATH: /snap/mailspring/498/usr/share/mailspring/resources/app.asar.unpacked

SMTP Last Response Code: 451
SMTP Last Response: 4.7.0 Temporary server error. Please try again later. PRX4  [OL1P279CA0035.NORP279.PROD.OUTLOOK.COM]


mailsmtp Last Error Code: 1
mailsmtp Last Error Explanation: MAILSMTP_ERROR_UNEXPECTED_CODE
mailsmtp Last Error Location: 10
mailsmtp Last Auth Type: 256' } { pluginIds: [] }
Raven: 429 - undefined

It looks like the IMAP login is OK, but it fails on SMTP login. I can confirm that both IMAP and SMTP is working in my Thunderbird setup.

Since last update I have to reconnect everyday, because office365 is giving short lifetime tokens?

29612 [2021-02-04 15:11:13.495] [background] [info] Fetching XOAuth2 access token (office365) for d4f3745c
29612 [2021-02-04 15:11:13.495] [metadata] [info] Metadata delta stream starting...
29612 [2021-02-04 15:11:14.112] [background] [critical] 
***
*** Mailspring Sync 
*** An exception occurred during program execution: 
*** {"debuginfo":"https://login.microsoftonline.com/common/oauth2/v2.0/token RETURNED {\"error\":\"invalid_grant\",\"error_description\":\"AADSTS700081: The refresh token has expired due to maximum lifetime. The token was issued on 2021-02-03T13:56:36.8761451Z and the maximum allowed lifetime for this application is 1.00:00:00.\\r\\nTrace ID: c3669801-93e3-4b7b-9d76-c92b58b86900\\r\\nCorrelation ID: db8faa5a-70e6-4dac-b839-4e7a70dcaa54\\r\\nTimestamp: 2021-02-04 14:11:14Z\",\"error_codes\":[700081],\"timestamp\":\"2021-02-04 14:11:14Z\",\"trace_id\":\"c3669801-93e3-4b7b-9d76-c92b58b86900\",\"correlation_id\":\"db8faa5a-70e6-4dac-b839-4e7a70dcaa54\",\"error_uri\":\"https://login.microsoftonline.com/error?code=700081\"}","key":"Invalid Response Code: 400","retryable":false,"what":"std::exception"}

OAUTH succeeds yet

    ----------IMAP----------
    connect <mailcore::IMAPSession>
    * OK IMAP4 ready
    ssl connect mailservices.xxxx 993 2
    OpenSSL version: OpenSSL 1.1.0f  25 May 2017
    1 CAPABILITY
    * CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE STARTTLS SASL-IR AUTH=PLAIN AUTH=LOGIN
    1 OK completed
    connect ok
    login
    2 AUTHENTICATE XOAUTH2 xxxx
    2 BAD invalid command

I have created a new topic (link) on this since I’m having the exact same problem as @anat0lius.

If you have found a way to fix this or have any updates please let me know

I am new to Mailspring as of this morning. I’ve set up my accounts, one of which is Office 365. I have successfully sent and received email with both accounts.

However, with my o365 account, it continually encounters a “connection issue” with that account. When I click “Try now,” it tries to sync again and then fails, says it encountered an error while syncing, and finally forces me to re-authenticate with o365. I’ve had to do this multiple times. After I re-auth, it works for a bit until it encounters the errors again.

I have a basic account as I am just getting familiar with the program.

I will include screenshots below. Please note: I am a mere mortal and not a developer. I appreciate any help!

Issue #1 — clicked Try now177×819 33 KB

Final break843×315 37.1 KB

Hi @erinanacker, I’ve migrated your post to the open issue about this. We’re hoping to fix this soon! Please vote for this issue — select Vote at the top — to help raise its priority.

Thank you Jason! Glad to hear I’m not just going crazy

This is a pretty significant issue given that it completely disables use of one of the largest email provider in the world…!

I am experiencing the same exact issue. Mailspring on Arch.

Hey @CodeMouse92 — Just a quick update. The problem seems to either have gone away or reduced significantly after Mailspring completed it’s initial scan of my email and folders for o365. Thank you for your help and continued efforts on this.

Hello, I was wondering if there is any intention to integrate with Duo 2FA? My college account uses it and it gives me error as of now to log in.

{"error":null}
Manual update check (updates.getmailspring.com/check/linux/x64/1.8.0-8983dca2/545e9ea3
{ Error: Authentication Error - Check your username and password. (IMAP)
    at ChildProcess._proc.on.code (file:///tmp/nylas-build/electron-packager/linux-x64
    at ChildProcess.emit (events.js:182:13)
    at ChildProcess.EventEmitter.emit (domain.js:442:20)
    at maybeClose (internal/child_process.js:962:16)
    at Socket.stream.socket.on (internal/child_process.js:381:11)
    at Socket.emit (events.js:182:13)
    at Socket.EventEmitter.emit (domain.js:442:20)
    at Pipe._handle.close (net.js:606:12)
  message:
   'Authentication Error - Check your username and password. (IMAP)',
  rawLog:
   '----------IMAP----------\nconnect <mailcore::IMAPSession:0x7ffdebf367f0>\r\n* OK TBvAHUAdABsAG8AbwBrAC4AYwBvAG0A]\r\nssl connect outlook.office365.com 993 2\r\nOpenSSL LUS MOVE ID UNSELECT CHILDREN IDLE NAMESPACE LITERAL+\r\n1 OK CAPABILITY completed.\r\...\r\n2 NO AUTHENTICATE failed.\r\n' } { 
Raven: 429 - undefined

The system is Debian 10 with KDE Plasma V5.14.

We actually don’t plan to support any form of 2FA. Most email clients don’t. You should use app passwords in those situations.

Is there an update on this, I am currently trying to connect my school office 365 account and it takes me to the page to verify and then shows this message. There is no 2FA setup.

I did look for logs but couldn’t find where they were.

image735×444 26.2 KB

If there was an update on this, it would have been posted here already.

Mailspring is developed entirely in free time, and there’s a lot to do in that extremely limited time. As a result, it’s not possible to provide timelines. Any development help fixing this would be appreciated.