How to get SMTP E-mail working for Outlook/Office 365/Exchange

I believe that I have found the issue with why Office 365 and associated Microsoft email services wont work easily with SuiteCRM 8 (or probably any other versions).

Since around 2021, implementing O365 or Outlook or anything that uses Exchange server does not have basic authentication enabled by default. It is this type of authentication that SuiteCRM requires in order to authenticate with the normal password. In addition, the Modern Authentication used by Microsoft also disables App Passwords, so these wont work either.

The solution for this is to enable Basic Authentication for the protocol used by your application. I believe that this is IMAP for SuiteCRM 8, which in turn also enables SMTP authentication.

I won’t recommend how anyone does this in their organisation. It is entirely up to you, but is fairly straightforward to do, as long as you accept that there is an added security risk. To understand all about this, I would recommend that you read the Microsoft support pages in the link below and decide for yourself or speak with a system administrator.

Microsoft Authentication Policies

It is likely that in many enterprise organisations, any such request would be refused.

I hope this helps.

Supposedly the latest SuiteCRMs, both v7 and v8, had this improved support for the latest Microsoft changes.

I’m not sure which version, but you can check the release notes, for v7 I think it’s 7.13.0 or 7.13.1.

Thanks. You are right, the latest versions do have support for the Modern Authentication, using the OAuth modules added. I found these to be very complicated and beyond my capability in regards to setting them up. However, if these can be made to work, they are the best route.

Thank you.

Have you seen the new documentation page that came with those new versions?

Thanks - I went through this and it is very comprehensive. I am just configuring the OAuth settings in Azure and SuiteCRM today. Once done, this will allow me to set up incoming mail. I will post an update once completed to see if it works OK.

One of the key things for us is Outgoing mail, as this effectively also drives campaigns, which is a major feature the we are keen to use. Otherwise, we have to run targeted reports to export the contact group that we want to market and then do a mail merge outside of SuiteCRM via another app. I can’t see any documentation other than the standard one for setting up outgoing mail, which wont work with normal SMTP as far as I can see. Using the normal Office365 user name and password wont work, nor will app passwords as these rely on MS Basic Authentication, which has now been disabled in all Azure MS 0365 tenants I believe.

As virtually all of our customers and prospects are strategically Microsoft for email and are used to email from our outlook domain etc… we must have the ability to send from Outlook.

If anyone has any info on how to do this, it would be excellent. It would be a big plus for us and I suspect anyone who wants to use the system for emailing campaigns via Outlook. If anyone is doing this already, we would love to hear how.

Just to conclude this, I tried to set up an OAuth connection to MS Azure in order to connect Outlook.

Following the instructions all worked fine until setting up the OAuth connectors in SuiteCRM 8.

There is a bug which makes the Redirect URI wrong, and when I authenticate, I just get a blank screen from what seems to be the correct redirect address, which I had to change in the code as it is hardcoded.

I have raised this as a new topic in general discussions and have had a response from Clemente. I have also raised this as an issue on Github, as requested by him.

Still not able to complete this so any suggestions welcome but other than that, this issue is now open in the General forum.

Many thanks for help so far.

G

@ggraynoth Wondering if you have any new updates? I find myself in the same boat. With all the people in the world using MS 365, how could there not be any documentation on this? My main issue is also smtp.

I advise to stay on top of the latest 7.13.x or 8.2.x versions. This Microsoft Oath stuff has been under active development/bug fixing.

Hi Jang430

This has been a bit of a journey but I will give you the short version, which in itself is quite long.

We have O365 working to send email either individually within the app to specific contacts or via Campaigns. Both work fine.

To get this working was a bit of messing around because MS uses Modern Authentication, which blocks SMTP and IMAP by default. I worked around this by using an app password for the mailbox.

Firstly, we disabled Modern Authentication in the MS Admin (click the Admin option, show all options on the drop down on the left and then click settings and Org settings.) Modern authentication is one of the listed elements in the main panel. When this is disabled, you can follow the guidelines to enable IMAP, SMTP Auth and so on, which are check boxes. These can be found in Admin, all users and then select an active user, and select Mail and then manage Email Apps. Check IMAP and SMTP Auth - I did all of them and saved the changes.

I then turned Modern authentication back on, as we wouldn’t allow the organisation to run just using Basic Authentication everywhere.

Then create an app password for SuiteCRM in Admin by selecting your account (Top right, with your picture or initial in a circle), and going into Security Info. This will allow you to set up an access method and be sure to copy and store the password somewhere before you click Done

Next is back to SuiteCRM, Admin and Outgoing Mail - use the smtp.office365.com SMTP server, port 587, TLS with your O365 email address and the copied app password from Microsoft. Then test and fingers crossed, you should get a test email sent to the test address you input. Then save.

We did the same for the email settings for the system outgoing mailbox and it also worked. With these both saved, outgoing email works fine.

We have tried setting up the incoming mailbox via the IMAP option and OAuth option and cant get either to work. I have tried everything that I know without success, so, in the production environment, I have been very unscientific and removed (hidden) the email facility for incoming email and all users must use Outlook for inbox services, which is actually fine for us. Selected users can create and action campaigns and all users can send individual emails.

For sending mail, we have created a default email template, which is formatted but with indicated areas for typing etc… so all emails should look right and the user just needs to overtype the subject and the placeholders where text should go. It does the Hi ‘Contact First name’ etc… and includes a standard footer with generic contact details and company statement and details. Each user can add their own mobile etc… if they want. It also includes a standard opt-out facility to meet GDPR compliance etc…

I hope this helps. PGR advice to upgrade is something we will try and see if we can overcome the OAuth/IMAP issue for incoming mailboxes but this is not major for us.

Just wondering if you got it up and running.

Tried the option mentioned by ggraynoth, didn’t work for me.

Point of clarification on this one (because I just spent a couple of hours doing it). After you create the app password in O365. In SuiteCRM for “username” … DO NOT USE APP USERNAME, use your email address. Then the app password for the password!!!

SuiteCRM version 7.13
Have this Erro
3: Connection: opening to smtp.office365.com:587, timeout=300, options=array()
3: Connection: opened
2: SERVER → CLIENT: 220 SI2PR04CA0005.outlook.office365.com Microsoft ESMTP MAIL Service ready at Thu, 28 Sep 2023 12:41:33 +0000

1: CLIENT → SERVER: EHLO demmo.live.aurocrm.com

2: SERVER → CLIENT: 250-SI2PR04CA0005.outlook.office365.com Hello [52.187.172.152]
250-SIZE 157286400
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-STARTTLS
250-8BITMIME
250-BINARYMIME
250-CHUNKING
250 SMTPUTF8

1: CLIENT → SERVER: STARTTLS

2: SERVER → CLIENT: 220 2.0.0 SMTP server ready

1: CLIENT → SERVER: EHLO demmo.live.aurocrm.com

2: SERVER → CLIENT: 250-SI2PR04CA0005.outlook.office365.com Hello [52.187.172.152]
250-SIZE 157286400
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-AUTH LOGIN XOAUTH2
250-8BITMIME
250-BINARYMIME
250-CHUNKING
250 SMTPUTF8

1: CLIENT → SERVER: AUTH LOGIN

2: SERVER → CLIENT: 334 VXNlcm5hbWU6

1: CLIENT → SERVER: —obfuscated—
2: SERVER → CLIENT: 334 UGFzc3dvcmQ6

1: CLIENT → SERVER: —obfuscated—
2: SERVER → CLIENT: 535 5.7.139 Authentication unsuccessful, SmtpClientAuthentication is disabled for the Tenant. Visit Enable or disable SMTP AUTH in Exchange Online | Microsoft Learn for more information. [SI2PR04CA0005.apcprd04.prod.outlook.com 2023-09-28T12:41:40.597Z 08DBBE99E97BC6B7]

1: SMTP ERROR: Password command failed: 535 5.7.139 Authentication unsuccessful, SmtpClientAuthentication is disabled for the Tenant. Visit Enable or disable SMTP AUTH in Exchange Online | Microsoft Learn for more information. [SI2PR04CA0005.apcprd04.prod.outlook.com 2023-09-28T12:41:40.597Z 08DBBE99E97BC6B7]

3: SMTP Error: Could not authenticate.
1: CLIENT → SERVER: QUIT

2: SERVER → CLIENT: 221 2.0.0 Service closing transmission channel

3: Connection: closed
3: SMTP Error: Could not authenticate.
When try to configure outbound email for office365
Using
Server : smtp.office365.com
TLS
587
Use SMTP Authentication?: yes
But not working
Anyone please help

This is a old thread but my response might help someone.
When I got the blank screen you mentione, I looked into my PHP logs. I had to install cacert.pem under my PHP’s \extra\ssl folder and write the path into my php.ini.
The blank screen disappeared and I could create OAuth connection successfully.