Office365, Indy and SMTP

[kinu]

The error when I do

Code: Pascal  [Select][+][-]

1.  SMTP.Authenticate

is

Code: Pascal  [Select][+][-]

1. Error connecting with SSL.
2. EOF was observed that violates the protocol.

My settings in SMTP component:

Authtype - satDefault
Host - 'smtp.office365.com'
Port - 587
Username and Password set too.
UseTLS - utUseExplicitTLS

and in SSLHandler

SSLOptions.Method - sslvTLSv1
so in SSLVersion is the same.

What am I doing wrong?

[rvk]

sslvTLSv1 ??????? for smtp.office365.com ?
That seems really old.

We have already disabled TLS 1.0 and 1.1 for most Microsoft 365 services in the world wide environment. For Microsoft 365 operated by 21 Vianet, TLS1.0 and TLS1.1 will be disabled on June 30, 2023.

https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/opt-in-exchange-online-endpoint-for-legacy-tls-using-smtp-auth

[Remy Lebeau]

Code: Pascal  [Select][+][-]

1. Error connecting with SSL.
2. EOF was observed that violates the protocol.

That means the server is closing the TCP connection during the TLS handshake without sending a TLS alert first to explain why.

We have already disabled TLS 1.0 and 1.1 for most Microsoft 365 services in the world wide environment. For Microsoft 365 operated by 21 Vianet, TLS1.0 and TLS1.1 will be disabled on June 30, 2023.

IOW, change SSLOptions.Method to sslvTLSv1_2 instead.

[kinu]

Thank you. Set it to TLS 1_2. Then I got an error about user permissions:

Code: Pascal  [Select][+][-]

1.  
2. ERROR: Authentication unsuccessful, user is locked by your organization's security defaults policy. Contact your administrator. [longstringwithmydomainandsomethingmore]

So I made and check the changes in Exchange console:

Code: Pascal  [Select][+][-]

1. PS C:\Users\miguel> Get-TransportConfig | Format-List SmtpClientAuthenticationDisabled
2. SmtpClientAuthenticationDisabled : True
3.  
4. PS C:\Users\miguel> Set-TransportConfig -SmtpClientAuthenticationDisabled $false
5.  
6. PS C:\Users\miguel> Get-TransportConfig | Format-List SmtpClientAuthenticationDisabled
7. SmtpClientAuthenticationDisabled : False
8.  

And then the user, that is ok:

Code: Pascal  [Select][+][-]

1. GET-CASMailbox -Identity user@domain.com | Format-list SmtpClientAuthenticationDisabled
2. SmtpClientAuthenticationDisabled : False

But I keep having same user locked error. I think this is an Office365 error now, not Indy nor Lazarus related, but could you help?

[Remy Lebeau]

But I keep having same user locked error. I think this is an Office365 error now, not Indy nor Lazarus related, but could you help?

Sorry, I don't know anything about how to address that issue.  You will probably have to ask Microsoft.

[rvk]

Lots to find if you type this in Google.
But you probably could ask your system administrator.

https://www.google.com/search?q=ERROR%3A+Authentication+unsuccessful%2C+user+is+locked+by+your+organization%27s+security+defaults+policy.+Contact+your+administrator

[kinu]

Hello again. After a lot of struggle, seems that change things in O365 to allow external SMTP use makes it insecure. Yo have to allow SMTP for the "transport", for the user, and disable "default security options" for your organization. My solution: use a personal google account to send mails from my apps. It just works.

Thank you all for your help and comments.