Menu
▾
▴
Re: [Fetchmail-users] XOAUTH2 needed for hotmail.com after September 16 2024
|
From: Matthias A. <mat...@gm...> - 2024-10-16 19:43:30
|
Am 03.10.24 um 06:30 schrieb Ian! D. Allen: > On Wed, Sep 25, 2024 at 06:27:27AM -0400, Matthias Andree wrote: >> App passwords are the sidestep or workaround while they last. > Yes, app passwords are still working with gmail (October 2 2024): > -https://support.google.com/accounts/answer/185833 > > As of September 16, app passwords don't work with hotmail: > -https://support.microsoft.com/en-us/office/modern-authentication-methods-now-needed-to-continue-syncing-outlook-email-in-non-microsoft-email-apps-c5d65390-9676-4763-b41f-d7986499a90d > -https://techcommunity.microsoft.com/t5/outlook-blog/keeping-our-outlook-personal-email-users-safe-reinforcing-our/ba-p/4164184 > "App passwords or Application passwords will be deprecated as part of the Basic Auth deprecation. You will need to use Modern Auth for all cases." Hm. App-specific passwords still seem to be advertised under the condition that 2-factor authentication is enabled and it references "mail apps on some smartphones" or devices ("f.i., xbox 360") that seem unable to use "regular security codes" (this is all translated back from German from the page about 2FA for the account). I haven't tested this but unless they stop requiring application reviews for OAuth2 application tokens, if they really turned off application passwords, then we're done with Microsoft. fetchmail 7 (currently in development) has rudimentary support for OAUTH2 but has no application token so that's of limited use. > I can generate an "app password" for my Microsoft account, but using > that password in my .fetchmailrc does not work: > > fetchmail: POP3< -ERR Logon failure: unknown user name or bad password. > fetchmail: Logon failure: unknown user name or bad password. Does it have to be a specific application-specific password *for mail*? I presume these passwords would be limited to one particular service. > On Tue, Sep 24, 2024 at 03:43:06PM -0400, Lucio Chiappetti wrote: >> Can you instruct your "legacy proprietaruy service" to FORWARD all mail to >> another fetchmail-firendly provider? > Yes, but forwarding from hotmail has Spamassassin SPF problems: > > 4.0 SPF_FAIL SPF: sender does not match SPF record (fail) That's self-inflicted by how SpamAssassin is configured. It doesn't have to punish SPF forwardings like that. I know SPF is being promoted for spam defense, but it's broken by design and for many people causes more trouble than it's worth. > Also, fetching email via POP kept my hotmail account alive without me > having to access it in a browser, because POP was treated as a "login". > > I've set up hotmail forwarding and have a cron job to remind me to > use a web browser to log in to hotmail every now and then to keep the > account alive. > |
