Hello. Thank you very much for this great app! I am trying to use oauth for client authorization with google. Does emailrelay request the token, or do I have to generate it myself?
You will need to fetch the token yourself and add it to the emailrelay secrets file using a line like "client oauth <name> <token>". The name field must have any of space, #, =, or + encoded as "+20", etc as per RFC-3461, and similarly for any character value of 127 or more. The token will be base64 encoded. The secrets file is re-read if its timestamp changes, but using a timestamp resolution of one second, so avoid rapid updates.</token></name>
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hello.
I'm also trying to config emailrelay using oauth authentication and Google G Suite, but I can't config my secret file properly.
Could you help me, please?
The 'currentpassword' in the auth file must be the OAUTH token. You must obtain that from the SMTP service provider and it should look like it is base64-encoded, so something like
"c2VjcmV0Cg==", but longer.
The username field will also depend on the SMTP service provider, but your 'googleaccount@domain.com' looks plausible. Be careful of space, + and # characters.
I have never tried it, but the documentation here https://developers.google.com/identity/protocols/OAuth2 says there are several ways of obtaining the token once you are properly set up. I'm afraid I can't help you will any of those details.
My 'timestamp resolution' comment is not very important, but in principle if you updated the file twice and then authenticated, all within the same second, then the emailrelay server would not see the second update and it might therefore use a stale token.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I got the token which includes client credentials encoded, but Emailrelay service does not start with only "client oauth base64token " in the secrets file , without the <name> field.
Instead, adding the mailbox name as in the attached picture, I get the error:
X-MailRelay-Reason: smtp error: unexpected response: 5.7.57 SMTP; Client was not authenticated to send anonymous mail during MAIL FROM [MR2P264CA0026.FRAP264.PROD.OUTLOOK.COM] </name>
You're right on the first point. But in the screenshot you have bogus html tags at the end of the line in the secrets file. These are an artifact from this wiki (as you will have seen from your own post) so please make sure they are not included.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Perhaps you are not writing the secrets file atomically; you should prepare a brand new file with the latest token and then rename it so that it replaces the live file instantaneously. Otherwise you could have written only the first 'trusted' line into the secrets file when the connection is triggered and there will be no client secret for emailrelay to use. Check the log file timestamps for clues.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Got it working yesterday, the problem was in the token generated in Azure, thank you very much!
Btw I've deployed this software in servers for a company in 5 continents. Kudos to you!
PS. Are you going to release 2.2 version any time in the near future?
Last edit: Leona 2021-02-01
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Just for the record, to get atomic file updates you should write the new file with a unique filename (typically including the process-id) in the same directory as the target file, make sure the file is closed properly (to avoid locking) and then use a utility that does a simple file-system rename with no attempt to delete the old file. E-MailRelay uses the timestamp on the file to determine whether to re-read it, so for best results avoid high-frequency updates and make sure your system clock never goes backwards.
The 2.2 release is ready to go -- watch this space.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Sorry, I meant authentication. Can you also tell me what fields are needed for the oauth password type?
You will need to fetch the token yourself and add it to the emailrelay secrets file using a line like "client oauth <name> <token>". The name field must have any of space, #, =, or + encoded as "+20", etc as per RFC-3461, and similarly for any character value of 127 or more. The token will be base64 encoded. The secrets file is re-read if its timestamp changes, but using a timestamp resolution of one second, so avoid rapid updates.</token></name>
Thank you so much Graeme. Have a great holiday, and a happy new year!
Hello.
I'm also trying to config emailrelay using oauth authentication and Google G Suite, but I can't config my secret file properly.
Could you help me, please?
I've put this en my emailrelay.auth:
"client oauth <name> <token>"
client oauth googleaccount@domain.com currentpassword</token></name>
How can I generate the token?
Must I change field name?
What do you mean with "using timestamp resolution of one second"?
Thanks in advance for tour help.
Best regards,
Pedro
The 'currentpassword' in the auth file must be the OAUTH token. You must obtain that from the SMTP service provider and it should look like it is base64-encoded, so something like
"c2VjcmV0Cg==", but longer.
The username field will also depend on the SMTP service provider, but your 'googleaccount@domain.com' looks plausible. Be careful of space, + and # characters.
I have never tried it, but the documentation here https://developers.google.com/identity/protocols/OAuth2 says there are several ways of obtaining the token once you are properly set up. I'm afraid I can't help you will any of those details.
My 'timestamp resolution' comment is not very important, but in principle if you updated the file twice and then authenticated, all within the same second, then the emailrelay server would not see the second update and it might therefore use a stale token.
Hello there, can we connect to Exchange Online mailbox using SASL XOAUTH2 format for encoding and transmitting the access token?
https://docs.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth
Thanks in advance
Yes, it should work okay. As discussed above, you need to get the token yourself and write it into the emailrelay secrets file.
I got the token which includes client credentials encoded, but Emailrelay service does not start with only "client oauth base64token " in the secrets file , without the <name> field.
Instead, adding the mailbox name as in the attached picture, I get the error:
X-MailRelay-Reason: smtp error: unexpected response: 5.7.57 SMTP; Client was not authenticated to send anonymous mail during MAIL FROM [MR2P264CA0026.FRAP264.PROD.OUTLOOK.COM] </name>
You're right on the first point. But in the screenshot you have bogus html tags at the end of the line in the secrets file. These are an artifact from this wiki (as you will have seen from your own post) so please make sure they are not included.
Hello there,
I have issues on authenticating against Exchange online using Oauth.
See attached logs and secrets config.
another log pic
Secrets file
Thanks a lot!!
Perhaps you are not writing the secrets file atomically; you should prepare a brand new file with the latest token and then rename it so that it replaces the live file instantaneously. Otherwise you could have written only the first 'trusted' line into the secrets file when the connection is triggered and there will be no client secret for emailrelay to use. Check the log file timestamps for clues.
Okay just tried that, no luck yet
Got it working yesterday, the problem was in the token generated in Azure, thank you very much!
Btw I've deployed this software in servers for a company in 5 continents. Kudos to you!
PS. Are you going to release 2.2 version any time in the near future?
Last edit: Leona 2021-02-01
Hi. I've stucked in the same step. Could you please tell me how did you changed or converted JWT (token) received from Azure to correct base64 string?
I'm glad it's working for you.
Just for the record, to get atomic file updates you should write the new file with a unique filename (typically including the process-id) in the same directory as the target file, make sure the file is closed properly (to avoid locking) and then use a utility that does a simple file-system rename with no attempt to delete the old file. E-MailRelay uses the timestamp on the file to determine whether to re-read it, so for best results avoid high-frequency updates and make sure your system clock never goes backwards.
The 2.2 release is ready to go -- watch this space.