[Jos jos]

I’ve looked through the other posts on this forum but can’t seem to find a solution for our problem:

I have a Docker Otobo installation and O365 where I have multiple mailboxes. I want to grab the mails out of those mailboxes using Oauth2/POP3.  I have setup the App regristration using the explanation provided here:
https://doc.otobo.org/manual/admin/10.1/en/content/communication-notifications/postmaster-mail-accounts.html#pop3-and-imap-oauth2-authentification

I now know that there is some outdated information in here which I have figured out, incorrectID which caused a message about return URL not valid. What I am now stuck on is that after clicking save it asks me to fill in a password, and grant admin acces. I do this and get: Mail account updated!  In Communicationlogbook is see:

 1
Kernel::System::MailAccount::POP3
Open connection to 'outlook.office365.com' (e-mailadres).
07-08-2023 13:10:09
2
 
Kernel::System::MailAccount::POP3
5 messages available for fetching (e-mailadres/outlook.office365.com).
07-08-2023 13:10:10
3
 
Kernel::System::MailAccount::POP3
Fetched 0 message(s) from server (e-mailadres/outlook.office365.com).
07-08-2023 13:10:10
4
 
Kernel::System::MailAccount::POP3
Connection to 'outlook.office365.com' closed.

 

The mail however isnt grabed. I can see in the firewall it makes a succesvol pop3 connection to the o365 server.

If I run:
docker exec -t -u otobo otobo_web_1 bin/otobo.Console.pl Maint::PostMaster::MailAccountFetch --debug

I get a bunch of text with at the end:
Net::POP3::_SSL=GLOB(0x56525c2fdc78)<<< ********ERR Authentication failure: unknown user name or bad password.
Net::POP3::_SSL=GLOB(0x56525c2fdc78)>>> LIST
Net::POP3::_SSL=GLOB(0x56525c2fdc78)<<< ********ERR Command is not valid in this state.
Net::POP3::_SSL=GLOB(0x56525c2fdc78)>>> QUIT
Net::POP3::_SSL=GLOB(0x56525c2fdc78)<<< +OK Microsoft Exchange Server POP3 server signing off.
Done.


The username and password I’ve put in is correct.

Does anybody have a clue what the issue could be?

[marcel-graf]

Hello Jos,

was Pop3OAuth2 used and does the mailbox user have POP3 rights?

You can also read the Post in the Following Link: https://community.znuny.org/viewtopic.php?t=43332

Greetings,

Marcel

[Jos jos]

Hi Marcel,

Thanks for replying. Yes as far as I can see the user has the rights and I’m using the POP3Auth:

 

Perhaps I’m missing something. What I do see in the logbooks it says that it fails on:

Reden van fout
Admin consent is required for the permissions requested by this application.

Aanvullende details
Ask your tenant administrator to provide consent for this application.

Now I use an admin account to provide the concent. I even see a status Passed on that user at the time of concent.

I’ve read through the post you added, but I had already seen that. Actually retreiving e-mails from a diffrent pop3 server actually works, but as O365 doesnt support Basic Authentication I cant use that.  I’d be thankfull for any help on this as I’m pretty much stuck.

[marcel-graf]

Hello Jos,

you can check the following Post with the same problem:

https://otobo.io/en/forums/topic/exchange-online-oauth2-authentication/

And have you checked the section „Switch to API permissions and add IMAP.AccessAsUser.All and POP.AccessAsUser.All“ in the Documentation, with your Settings in Azure and also the mailbox settings in Exchange Online for yout otobo user?

Printscreen from german language

i hope this helps

Greetings,

Marcel

[Jos jos]

Hi Marcel,

That was also not the issue and already setup correctly. I have however found the issue and fixed it although not in the way I expected:

Under Enterprise application, all application, search for otobo and click on the Otobo application. Under manage and owners I only had my admin account. This is the admin account I used to concent, but didn’t work. I have added the otobo user and now there is no question for concent (user having to concent for it’s own actions wouldn’t make much sense either way) and it works.  I don’t know if this is working as intended, as I don’t see the requirement or explanation in the manual that concent can’t be given by another user. The one difference between the 2 users I can think of is that the otobo user does not have MFA requirments enabled, where the admin user has. Perhaps this is causing the problem.

For now this works and I can continue with my tests.

Thank you for helping me with this issue.

[marcel-graf]

That sounds good :)

In our setup (we use http, not https) , each otobo mailbox user is MFA enabled.

After add an mailbox in otobo, the Microsoft Auth. website opens and i set the credentials, on the following open site I need to switch from https to http, only then the account is added in otobo.

In case anyone needs it.

Marcel

[Autor]

Beiträge