Znuny Oauth2 pop office 365

Moderator: crythias

Post Reply
paullef
Znuny newbie
Posts: 12
Joined: 17 Jun 2022, 19:03
Znuny Version: 6.3.2
Real Name: paul leferink
Company: teleknowledge

Znuny Oauth2 pop office 365

Post by paullef »

Hello

I was able to create an oauth2 token, connected this to my email account (type: pop3s/ server: outlook.officd365.com with the oauth2 token) but it gives me the following error:

Message: CommunicationLog(ID:1709562,AccountType:-,AccountID:-,Direction:Incoming,Transport:Email,ObjectLogType:Connection,ObjectLogID:3198589)::Kernel::System::MailAccount::POP3S => POP3S: Auth for user xxx@xxx.xx/outlook.office365.com failed!

Can anybody give me a clue where to look and how to resolve this message.

Thanks
Paul
root
Administrator
Posts: 3934
Joined: 18 Dec 2007, 12:23
Znuny Version: Znuny and Znuny LTS
Real Name: Roy Kaldung
Company: Znuny
Contact:

Re: Znuny Oauth2 pop office 365

Post by root »

Hi,

Please check if POP3 is enabled for this mailbox. This could lead to the error you showed.

- Roy
Znuny and Znuny LTS running on CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO

Use a test system - always.

Do you need professional services? Check out https://www.znuny.com/

Do you want to contribute or want to know where it goes ?
paullef
Znuny newbie
Posts: 12
Joined: 17 Jun 2022, 19:03
Znuny Version: 6.3.2
Real Name: paul leferink
Company: teleknowledge

Re: Znuny Oauth2 pop office 365

Post by paullef »

Yes, the pop3 is (and was) enabled for this mailbox. Still no luck!

Thanks
Paul
root
Administrator
Posts: 3934
Joined: 18 Dec 2007, 12:23
Znuny Version: Znuny and Znuny LTS
Real Name: Roy Kaldung
Company: Znuny
Contact:

Re: Znuny Oauth2 pop office 365

Post by root »

paullef wrote: 17 Jun 2022, 22:27 Yes, the pop3 is (and was) enabled for this mailbox. Still no luck!
Hi,

Is this a shared mailbox? When accessing shared mailboxes, there are different ways how the username looks. And you should give it a try to access the mailbox via command line with this command:

bin/otrs.Console.pl Maint::PostMaster::MailAccountFetch --debug

Maybe there's more to see.

- Roy
Znuny and Znuny LTS running on CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO

Use a test system - always.

Do you need professional services? Check out https://www.znuny.com/

Do you want to contribute or want to know where it goes ?
paullef
Znuny newbie
Posts: 12
Joined: 17 Jun 2022, 19:03
Znuny Version: 6.3.2
Real Name: paul leferink
Company: teleknowledge

Re: Znuny Oauth2 pop office 365

Post by paullef »

Thanks,

No it's not a shared mailbox. I am getting the following output:

root@otrs:/opt/otrs# su -c "bin/otrs.Console.pl Maint::PostMaster::MailAccountFetch --debug" -s /bin/bash otrs

Spawning child process to fetch incoming messages from mail accounts...

outlook.office365.com:995 (POP3S)...
Net::POP3::_SSL>>> Net::POP3::_SSL
Net::POP3::_SSL>>> IO::Socket::SSL(2.060)
Net::POP3::_SSL>>> IO::Socket::IP(0.38)
Net::POP3::_SSL>>> IO::Socket(1.38)
Net::POP3::_SSL>>> IO::Handle(1.36)
Net::POP3::_SSL>>> Exporter(5.72)
Net::POP3::_SSL>>> Net::POP3(3.10)
Net::POP3::_SSL>>> Net::Cmd(3.10)
Net::POP3::_SSL=GLOB(0x55cb94731a90)<<< +OK The Microsoft Exchange POP3 service is ready. [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx]
Net::POP3::_SSL=GLOB(0x55cb94731a90)>>> AUTH XOAUTH2 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Net::POP3::_SSL=GLOB(0x55cb94731a90)<<< -ERR Protocol error. Connection is closed. 10
Net::POP3::_SSL=GLOB(0x55cb94731a90)>>> QUIT
[Mon Jun 20 09:21:20 2022] otrs.Console.pl: Use of uninitialized value in numeric eq (==) at /usr/share/perl/5.26/Net/POP3.pm line 369.
ERROR: OTRS-otrs.Console.pl-Maint::PostMaster::MailAccountFetch-10 Perl: 5.26.1 OS: linux Time: Mon Jun 20 09:21:20 2022

Message: CommunicationLog(ID:1714935,AccountType:-,AccountID:-,Direction:Incoming,Transport:Email,ObjectLogType:Connection,ObjectLogID:3208235)::Kernel::System::MailAccount::POP3S => POP3S: Auth for user otrs@xxxx.xx/outlook.office365.com:995 failed!

Traceback (6250):
Module: Kernel::System::CommunicationLog::_LogError Line: 535
Module: Kernel::System::CommunicationLog::ObjectLog Line: 303
Module: Kernel::System::MailAccount::POP3::Fetch Line: 264
Module: Kernel::System::MailAccount::MailAccountFetch Line: 649
Module: (eval) Line: 173
Module: Kernel::System::Console::Command::Maint::PostMaster::MailAccountFetch::Run Line: 165
Module: (eval) Line: 460
Module: Kernel::System::Console::BaseCommand::Execute Line: 454
Module: Kernel::System::Console::InterfaceConsole::Run Line: 81
Module: bin/otrs.Console.pl Line: 37

It says Protocol error. But no idea how to fix it.

Thanks
Paul
root
Administrator
Posts: 3934
Joined: 18 Dec 2007, 12:23
Znuny Version: Znuny and Znuny LTS
Real Name: Roy Kaldung
Company: Znuny
Contact:

Re: Znuny Oauth2 pop office 365

Post by root »

Hi,

Since the OAuth token is properly send:

Code: Select all

Net::POP3::_SSL=GLOB(0x55cb94731a90)>>> AUTH XOAUTH2 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
I would try the different possibilities for the username: UPN, Domain\User, etc. Maybe the server side log files tell more.

- Roy
Znuny and Znuny LTS running on CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO

Use a test system - always.

Do you need professional services? Check out https://www.znuny.com/

Do you want to contribute or want to know where it goes ?
paullef
Znuny newbie
Posts: 12
Joined: 17 Jun 2022, 19:03
Znuny Version: 6.3.2
Real Name: paul leferink
Company: teleknowledge

Re: Znuny Oauth2 pop office 365

Post by paullef »

I tried connecting through openssl, and that worked:

tkadmin@otrs:~$ openssl s_client -showcerts -connect outlook.office365.com:995 -servername outlook.office365.com -crlf
CONNECTED(00000005)
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
verify return:1
depth=1 C = US, O = DigiCert Inc, CN = DigiCert Cloud Services CA-1
verify return:1
depth=0 C = US, ST = Washington, L = Redmond, O = Microsoft Corporation, CN = outlook.com
verify return:1
---
Certificate chain
0 s:C = US, ST = Washington, L = Redmond, O = Microsoft Corporation, CN = outlook.com
i:C = US, O = DigiCert Inc, CN = DigiCert Cloud Services CA-1
-----BEGIN CERTIFICATE-----
XXXXX
-----END CERTIFICATE-----
1 s:C = US, O = DigiCert Inc, CN = DigiCert Cloud Services CA-1
i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
-----BEGIN CERTIFICATE-----
XXXXX
-----END CERTIFICATE-----
---
Server certificate
subject=C = US, ST = Washington, L = Redmond, O = Microsoft Corporation, CN = outlook.com

issuer=C = US, O = DigiCert Inc, CN = DigiCert Cloud Services CA-1

---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: ECDH, P-384, 384 bits
---
SSL handshake has read 3999 bytes and written 481 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 69160000E340C3C84FE3A867CC966CD5A2654CD5D7CA5625FF0E55FB8DDFA178
Session-ID-ctx:
Master-Key: EC164C1FE4FBAF8623F68361C3D23A8291BA50977569DEA02354A071F1573915BD3EDF7F9FB68A0B966469F23DB9DEA0
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1655721373
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: yes
---
+OK The Microsoft Exchange POP3 service is ready. [XXXX]
AUTH XOAUTH2
+
XXXXX
+OK User successfully authenticated.
LIST
+OK 1 29803
1 29803
.

I saw the OK on the logon, and could see I have 1 message in my inbox.

It seems to be working correctly, Is it possible znuny is not using the correct tlsv1.2/cipher, due to an old / wrong version of a library or something like that?

Thanks
Paul
root
Administrator
Posts: 3934
Joined: 18 Dec 2007, 12:23
Znuny Version: Znuny and Znuny LTS
Real Name: Roy Kaldung
Company: Znuny
Contact:

Re: Znuny Oauth2 pop office 365

Post by root »

Hi,

Please send me the output of /opt/otrs/bin/otrs.CheckModules.pl

- Roy
Znuny and Znuny LTS running on CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO

Use a test system - always.

Do you need professional services? Check out https://www.znuny.com/

Do you want to contribute or want to know where it goes ?
paullef
Znuny newbie
Posts: 12
Joined: 17 Jun 2022, 19:03
Znuny Version: 6.3.2
Real Name: paul leferink
Company: teleknowledge

Re: Znuny Oauth2 pop office 365

Post by paullef »

Roy,

Here the output:

root@otrs:/opt/otrs# /opt/otrs/bin/otrs.CheckModules.pl
o Apache::DBI......................ok (v1.12)
o Apache2::Reload..................ok (v0.13)
o Archive::Tar.....................ok (v2.24)
o Archive::Zip.....................ok (v1.60)
o Authen::SASL.....................ok (v2.16)
o Crypt::Eksblowfish::Bcrypt.......ok (v0.009)
o CSS::Minifier::XS................ok (v0.09)
o Data::UUID.......................ok (v1.0602)
o Date::Format.....................ok (v2.24)
o DateTime.........................ok (v1.46)
o DateTime::TimeZone.............ok (v2.18)
Please consider updating to version 2.20 or higher: This version includes recent time zone changes for Chile.
o DBI..............................ok (v1.640)
o DBD::mysql.......................ok (v4.046)
o DBD::ODBC........................ok (v1.56)
o DBD::Oracle......................Not installed! (optional - Required to connect to a Oracle database.)
o DBD::Pg..........................ok (v3.7.0)
o Digest::SHA......................ok (v5.96)
o Encode::HanExtra.................ok (v0.23)
o Excel::Writer::XLSX..............ok (v0.95)
o Hash::Merge......................Not installed! To install, you can use: 'apt-get install -y libhash-merge-perl'. (optional - Required for the creation of Excel statistical reports.)
o IO::Socket::SSL..................ok (v2.060)
Please consider updating to version 2.066 or higher: This version fixes email sending (bug#14357).
o JavaScript::Minifier::XS.........ok (v0.11)
o Jq...............................Not installed! (optional - Support for extended condition checking via Jq for the generic interface.)
o JSON::XS.........................ok (v3.04)
o List::Util::XS...................ok (v1.46_02)
o LWP::UserAgent...................ok (v6.53)
o Mail::IMAPClient.................ok (v3.39)
o IO::Socket::SSL................ok (v2.060)
Please consider updating to version 2.066 or higher: This version fixes email sending (bug#14357).
o Authen::NTLM...................ok (v1.09)
o ModPerl::Util....................ok (v2.000010)
o Moo..............................ok (v2.003004)
o Net::DNS.........................ok (v1.10)
o Net::LDAP........................ok (v0.65)
o Net::SMTP........................ok (v3.10)
Please consider updating to version 3.11 or higher: This version fixes email sending (bug#14357).
o Spreadsheet::XLSX................ok (v0.15)
o Template.........................ok (v2.27)
o Template::Stash::XS..............ok (undef)
o Text::Diff::FormattedHTML........ok (v0.08)
o Text::CSV_XS.....................ok (v1.34)
o Time::HiRes......................ok (v1.9741)
o XML::LibXML......................ok (v2.0128)
o XML::LibXSLT.....................ok (v1.95)
o XML::Parser......................ok (v2.44)
o YAML::XS.........................ok (v0.69)

Thanks,
Paul
root
Administrator
Posts: 3934
Joined: 18 Dec 2007, 12:23
Znuny Version: Znuny and Znuny LTS
Real Name: Roy Kaldung
Company: Znuny
Contact:

Re: Znuny Oauth2 pop office 365

Post by root »

Hi,

Please update IO::Socket::SSL, the mentioned bug is related to Office365

- Roy
Znuny and Znuny LTS running on CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO

Use a test system - always.

Do you need professional services? Check out https://www.znuny.com/

Do you want to contribute or want to know where it goes ?
paullef
Znuny newbie
Posts: 12
Joined: 17 Jun 2022, 19:03
Znuny Version: 6.3.2
Real Name: paul leferink
Company: teleknowledge

Re: Znuny Oauth2 pop office 365

Post by paullef »

Roy,

How can I do this, which library is this?

I am using ubuntu 18, giving me the following notice:

root@otrs:/opt/otrs# apt-get install libio-socket-ssl-perl
Reading package lists... Done
Building dependency tree
Reading state information... Done
libio-socket-ssl-perl is already the newest version (2.060-3~ubuntu18.04.1).
The following package was automatically installed and is no longer required:
libclone-choose-perl
Use 'sudo apt autoremove' to remove it.
0 upgraded, 0 newly installed, 0 to remove and 6 not upgraded.


Thanks
Paul
root
Administrator
Posts: 3934
Joined: 18 Dec 2007, 12:23
Znuny Version: Znuny and Znuny LTS
Real Name: Roy Kaldung
Company: Znuny
Contact:

Re: Znuny Oauth2 pop office 365

Post by root »

Hi,

You need to install the CPAN modules from the source.

Code: Select all

$ apt install cpanminus make gcc
$ cpanm IO::Socket:SSL
After installing the hint to the version with the mentioned bug should be gone.
- Roy
Znuny and Znuny LTS running on CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO

Use a test system - always.

Do you need professional services? Check out https://www.znuny.com/

Do you want to contribute or want to know where it goes ?
paullef
Znuny newbie
Posts: 12
Joined: 17 Jun 2022, 19:03
Znuny Version: 6.3.2
Real Name: paul leferink
Company: teleknowledge

Re: Znuny Oauth2 pop office 365

Post by paullef »

Roy,

I did install this, unfortunately it did not make any difference. The checkmodules says:

o Mail::IMAPClient.................ok (v3.39)
o IO::Socket::SSL................ok (v2.074)
o Authen::NTLM...................ok (v1.09)

But still the same error:

Net::POP3::_SSL>>> Net::POP3::_SSL
Net::POP3::_SSL>>> IO::Socket::SSL(2.074)
Net::POP3::_SSL>>> IO::Socket::IP(0.38)
Net::POP3::_SSL>>> IO::Socket(1.38)
Net::POP3::_SSL>>> IO::Handle(1.36)
Net::POP3::_SSL>>> Exporter(5.72)
Net::POP3::_SSL>>> Net::POP3(3.10)
Net::POP3::_SSL>>> Net::Cmd(3.10)
....
Net::POP3::_SSL=GLOB(0x5580f6e565d8)<<< -ERR Protocol error. Connection is closed. 10
Net::POP3::_SSL=GLOB(0x5580f6e565d8)>>> QUIT
[Mon Jun 20 20:36:38 2022] otrs.Console.pl: Use of uninitialized value in numeric eq (==) at /usr/share/perl/5.26/Net/POP3.pm line 369.
ERROR: OTRS-otrs.Console.pl-Maint::PostMaster::MailAccountFetch-10 Perl: 5.26.1 OS: linux Time: Mon Jun 20 20:36:38 2022

Message: CommunicationLog(ID:1715450,AccountType:-,AccountID:-,Direction:Incoming,Transport:Email,ObjectLogType:Connection,ObjectLogID:3209272)::Kernel::System::MailAccount::POP3S => POP3S: Auth for user otrs@xxx.xx/outlook.office365.com:995 failed!

What might be going wrong?

Thanks
Paul
root
Administrator
Posts: 3934
Joined: 18 Dec 2007, 12:23
Znuny Version: Znuny and Znuny LTS
Real Name: Roy Kaldung
Company: Znuny
Contact:

Re: Znuny Oauth2 pop office 365

Post by root »

Hi Paul,

I can confirm this is a bug and will be fixed soon. Do you have the possibility of switching to IMAP in the meantime? Fetch e-mails will work with the same token without any issues.

Just as a reference: https://github.com/znuny/Znuny/issues/259

- Roy
Znuny and Znuny LTS running on CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO

Use a test system - always.

Do you need professional services? Check out https://www.znuny.com/

Do you want to contribute or want to know where it goes ?
paullef
Znuny newbie
Posts: 12
Joined: 17 Jun 2022, 19:03
Znuny Version: 6.3.2
Real Name: paul leferink
Company: teleknowledge

Re: Znuny Oauth2 pop office 365

Post by paullef »

Roy

Thanks for the support. I will use the basic authentication in the meantime. Can you give me an idea when this will be fixed? And if fixed how I can patch it?

Thanks
Paul
root
Administrator
Posts: 3934
Joined: 18 Dec 2007, 12:23
Znuny Version: Znuny and Znuny LTS
Real Name: Roy Kaldung
Company: Znuny
Contact:

Re: Znuny Oauth2 pop office 365

Post by root »

paullef wrote: 21 Jun 2022, 12:14 Roy

Thanks for the support. I will use the basic authentication in the meantime. Can you give me an idea when this will be fixed? And if fixed how I can patch it?
Hi,

Just update to the next release, this will be 6.4.1

- Roy
Znuny and Znuny LTS running on CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO

Use a test system - always.

Do you need professional services? Check out https://www.znuny.com/

Do you want to contribute or want to know where it goes ?
Post Reply