Connection to IMAP servers fails

đź’¬ General Discussion
1

Hello!
I am not sure of this is a bug or a configuration issue, but I have problems connecting SuiteCRM (version 8.7.0) with Office 365 email accounts. OAuth configuration works, but all access to email folders show no result. The logs contain these errors:

[Wed Oct 09 14:33:36.825879 2024] [php:warn] [pid 4192254:tid 4192254] [client a.b.c.d:49345] PHP Warning:  open(): Couldn't open stream {outlook.office365.com:993/service=imap}INBOX in /var/www/html/public/legacy/modules/InboundEmail/InboundEmail.php on line 6593. Source code in /var/www/html/vendor/javanile/php-imap2/src/Connection.php on line 81, referer: https://suitecrm.example. net/legacy/index.php?return_module=Emails&return_action=DetailView&module=Emails&action=index

The error PHP Warning: open(): Couldn’t open stream appears with other IMAP servers as well (testing platforms, self-signed certificate, “regular” certificate). Debugging shows that the TCP connection works, TLS maybe, but no IMAP commands go through the stream. Does anyone else have this problem?

Best regards,
René.

2

Did you do this?

  • To enable IMAP access for an Office 365 account, you can do the following:
  1. Log in to the Exchange admin center using your Microsoft admin account
  2. Select Recipients, then Mailboxes
  3. Choose the mailbox you want to enable IMAP for
  4. Click Manage email apps settings in the General tab
  5. Enable IMAP and click Save
1 Like
3

Yes, the Office 365 part is completely configured. It’s just that the TLS connections fails. SuiteCRM doesn’t even get to the point of talking to Office 365. I double-checked TLS verification and other TLS settings. The system certifcate authorities works for verifying the trust chain, only the IMAP open call from the PHP modules does not work. Is this a know problem?

Best regards,
René.

4

I’m not sure what your specific problem is, but I’ve configured it on multiple installations and there are no bugs that I’ve run into.

1 Like
5

We are experiencing same problem here.

Any updates @rpfeiffer ?

6
7

@rsp that has do with outbound SMTP, I think the original poster and the one above are having trouble with inbound IMAP.

I have detailed step by step notes on how to set this up. (they are all from my clients so I can’t just share it here) If you tell me where you are getting stuck I might be able to shed light.

One of the key things is when setting up the inbound “Do not click on test connection” Instead click on the folders pick button. If you get folders. You are connected and are done. If you do not get folders, likely something isn’t configured right on the Azure side, or the provider connection isn’t setup properly.

8

Yes, we are having trouble with Inbound connections.

We managed to configure successfully a Google Workspace Provider/Connection/Mail Inbound. But no luck with Microsoft.

Here some screenshots:

Selection_749
Selection_7491491Ă—547 40.5 KB

Selection_750
Selection_7501436Ă—484 51.2 KB

Selection_752
Selection_7521519Ă—626 43.1 KB

Tried both Group and Personal.

In Microsoft Azure Admin portal got:

  • The APP registered.
  • Redirect URI set to the setExternalOAuthToken entrypoint.
  • Implicit grant and hybrid flows → Access tokens (used for implicit flows) checked
  • Api permissions → Microsoft Graph → IMAP.AccessAsUser.All offline_access User.Read
  • Client secret created.

And here is the decoded access_token:

Selection_754
Selection_7541149Ă—924 91.8 KB

Using PHP 8.2 and SuiteCRM 7.14.6

Any help is appreciated @pstevens .

9

Sorry, I forgot to post the error that appears in the log:

Selection_755
Selection_7551569Ă—161 54.2 KB

Fri Feb 14 15:05:16 2025 [1540597][1][FATAL] An Imap error detected: "IMAP open error: Can not authenticate to IMAP server: A0001 NO AUTHENTICATE failed."
Fri Feb 14 15:05:16 2025 [1540597][1][FATAL] An Imap error detected: "IMAP open error | debug data"
Fri Feb 14 15:05:16 2025 [1540597][1][FATAL] An Imap error detected: "ImapHandler:open: {outlook.office365.com:993\/service=imap\/ssl\/tls\/validate-cert\/secure}INBOX"
Fri Feb 14 15:05:16 2025 [1540597][1][FATAL] An Imap error detected: "ImapHandler:open: alxxxx@xxxxxxxxx.com"
Fri Feb 14 15:05:16 2025 [1540597][1][FATAL] An Imap error detected: "ImapHandler:open: password is empty: no"
Fri Feb 14 15:05:16 2025 [1540597][1][FATAL] An Imap error detected: "ImapHandler:open: 512"
Fri Feb 14 15:05:16 2025 [1540597][1][FATAL] An Imap error detected: "IMAP open error | debug data end "
Fri Feb 14 15:05:16 2025 [1540597][1][FATAL] ImapHandler trying to use a non valid resource stream.
Fri Feb 14 15:05:16 2025 [1540597][1][FATAL] An Imap error detected: "IMAP open error:Can not authenticate to IMAP server: A0001 NO AUTHENTICATE failed."

And in Apache log:

[14-Feb-2025 15:05:16 Europe/Madrid] PHP Warning:  open(): Couldn't open stream {outlook.office365.com:993/service=imap/ssl/tls/validate-cert/secure}INBOX in /usr/home/suitecrm.sinergiacrm.org/web/modules/InboundEmail/InboundEmail.php on line 6595. Source code in /usr/home/suitecrm.sinergiacrm.org/web/vendor/javanile/php-imap2/src/Connection.php on line 81

We tried same Azure APP in a GLPI installation, and it worked flawlesly. The differences we find is the Connection String, that in this case is: {outlook.office365.com/imap-oauth-1/ssl}INBOX

Selection_757
Selection_757967Ă—784 58.7 KB

Tried to set that Connection string to the Inbound Account in SuiteCRM, but still nothing… In this case an Empty host error is displayed:

Fri Feb 14 15:05:16 2025 [1540597][1][FATAL] An Imap error detected: "Can not authenticate to IMAP server: A0001 NO AUTHENTICATE failed."
Fri Feb 14 15:10:40 2025 [1557439][1][FATAL] An Imap error detected: "IMAP open error: Can not authenticate to IMAP server: Empty host"
Fri Feb 14 15:10:40 2025 [1557439][1][FATAL] An Imap error detected: "IMAP open error | debug data"
Fri Feb 14 15:10:40 2025 [1557439][1][FATAL] An Imap error detected: "ImapHandler:open: {outlook.office365.com\/imap-oauth-1\/ssl}INBOX"
Fri Feb 14 15:10:40 2025 [1557439][1][FATAL] An Imap error detected: "ImapHandler:open: axxxxxxxx@xxxxxxxxoft.com"
Fri Feb 14 15:10:40 2025 [1557439][1][FATAL] An Imap error detected: "ImapHandler:open: password is empty: no"
Fri Feb 14 15:10:40 2025 [1557439][1][FATAL] An Imap error detected: "ImapHandler:open: 512"
Fri Feb 14 15:10:40 2025 [1557439][1][FATAL] An Imap error detected: "IMAP open error | debug data end "
Fri Feb 14 15:10:40 2025 [1557439][1][FATAL] ImapHandler trying to use a non valid resource stream.
Fri Feb 14 15:10:40 2025 [1557439][1][FATAL] An Imap error detected: "IMAP open error:Can not authenticate to IMAP server: Empty host"
10

The Empty host error got solved adding the port to the string {outlook.office365.com:993/imap-oauth-1/ssl}INBOX. But still same authentication error.

11
12

What happens when you click on “Select” in monitored folders? Do you see folders? If so, then you’re good.

NEVER test connection settings. It whipes out the settings.

Also, make sure you are logged in to O365 in your browser to the account you want to connect before you start the IMAP configuration.

13

Check out this part:

14

Just solved it.

We weren’t writing the scope “IMAP.AccessAsUser.All” correctly. It should be always followed by Outlook URL. Like this: https://outlook.office.com/IMAP.AccessAsUser.All

SuiteCRM documentation is correct. We were confused by the indication in Azure Admin site:

Selection_760
Selection_760588Ă—511 33.3 KB

GLPI Oauthimap plugin does hard-code the scopes:

Maybe it isn’t a bad approach.

Thanks for the help.

2 Likes