Authentication for SMTP does not work with Office 365

johnny.graber · 7 October 2022 10:49

We run the Octopus Deploy server locally in version 2022.3 (Build 10594). Due to changes by Microsoft, we must change our e-mail configuration for Office 365 to use SSL and use a username and password. If we enter the credentials and click on save & test, we get this error message:

The SMTP server does not support authentication. System.NotSupportedException at MailKit.Net.Smtp.SmtpClient.AuthenticateAsync(Encoding encoding, ICredentials credentials, Boolean doAsync, CancellationToken cancellationToken) at Octopus.Core.Util.SmtpClient.SmtpClientWrapper.CreateSmtpClient(SmtpConfiguration configuration, CancellationToken cancellationToken) in SmtpClientWrapper.cs:line 85 at Octopus.Core.Util.SmtpClient.SmtpClientWrapper.Send(SmtpConfiguration configuration, MailMessage message, CancellationToken cancellationToken) in SmtpClientWrapper.cs:line 33 at Octopus.Server.Orchestration.ServerTasks.TestEmail.TestEmailTaskController.Execute(CancellationToken cancellationToken) in TestEmailTaskController.cs:line 53 at Octopus.Server.Orchestration.ServerTasks.RunningTask.<>c__DisplayClass31_0.<WorkerTask in RunningTask.cs:line 173 at Octopus.Core.Infrastructure.UnitsOfWork.UnitOfWorkExtensionMethods.Do(IUnitOfWork unitOfWork, Func1 action, CancellationToken cancellationToken, String name) in UnitOfWorkExtensionMethods.cs:line 93 at Octopus.Core.Infrastructure.UnitsOfWork.UnitOfWorkExtensionMethods.Do(IUnitOfWork unitOfWork, Func1 action, CancellationToken cancellationToken, String name) in UnitOfWorkExtensionMethods.cs:line 93 at Octopus.Server.Orchestration.ServerTasks.RunningTask.WorkerTask(CancellationToken cancellationToken) in RunningTask.cs:line 164

In the logs I find this additional info:

Connection attempt to SMTP host failed MailKit.Security.SslHandshakeException: An error occurred while attempting to establish an SSL or TLS connection.

This usually means that the SSL certificate presented by the server is not trusted by the system for one or more of
the following reasons:

The server is using a self-signed certificate which cannot be verified.

The local system is missing a Root or Intermediate certificate needed to verify the server’s certificate.

A Certificate Authority CRL server for one or more of the certificates in the chain is temporarily unavailable.

The certificate presented by the server is expired or invalid.

The set of SSL/TLS protocols supported by the client and server do not match.

See MailKit/FAQ.md at master · jstedfast/MailKit · GitHub for possible solutions.

—> System.Security.Authentication.AuthenticationException: The remote certificate was rejected by the provided RemoteCertificateValidationCallback.
at System.Net.Security.SslStream.SendAuthResetSignal(ProtocolToken message, ExceptionDispatchInfo exception)
at System.Net.Security.SslStream.CompleteHandshake(SslAuthenticationOptions sslAuthenticationOptions)
at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter adapter, Boolean receiveFirst, Byte reAuthenticationData, Boolean isApm)
at MailKit.Net.Smtp.SmtpClient.ConnectAsync(String host, Int32 port, SecureSocketOptions options, Boolean doAsync, CancellationToken cancellationToken)
— End of inner exception stack trace —
at MailKit.Net.Smtp.SmtpClient.ConnectAsync(String host, Int32 port, SecureSocketOptions options, Boolean doAsync, CancellationToken cancellationToken)
at Octopus.Core.Util.SmtpClient.SmtpClientWrapper.TryConnectToSmtpHost(SmtpConfiguration configuration, SmtpClient client, CancellationToken cancellationToken) in ./source/Octopus.Core/Util/SmtpClient/SmtpClientWrapper.cs:line 105
October 7th 2022 11:50:10Warning
Server certificate is not valid

The same combination of username and password works in our .Net 4.8 applications. However, there we need to specify that it should use TLS version 1.2. I expect that is the option that is missing to get the configuration working for Office 365.

The MailKit documentation hits in the same direction with the usage of STARTTLS at the beginning of the connection (as described here: MailKit/FAQ.md at master · jstedfast/MailKit · GitHub ).

Do you have any idea how we can use Office 365 with authentication and TLS 1.2 (or above) to send e-mails from Octopus Deploy?

dane.falvo · 7 October 2022 12:59

Hi @johnny.graber,

I’m sorry you are running into this issue. The SMTP server does not support authentication is very unusual. I will likely need to confirm that I can connect via Office365 in order to get this working, however, can I confirm your SMTP configuration?
i.e your SMTP port and SMTP Host.

I will test on my end and hopefully we can come up with a solution.

Regards,

johnny.graber · 12 October 2022 12:56

Hi Dane,
Sorry for the delay. Changing the port did result in timeouts and we had to figure out if the problem was with our firewall or somewhere else. We are now using the main Office365 mail server smtp.office365.com and no longer our company specific one.

Thanks for your help.

donny.bell · 12 October 2022 14:10

Hi @johnny.graber,

Thank you for getting back to us.

Let us know if you run into any more issues.

Best Regards,
Donny

system · 12 November 2022 14:11

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.