Office365 SMTP: 535 5.7.139 Authentication unsuccessful, SmtpClientAuthentication is disabled for the Tenant.

This blog post is about the following error encountered when trying to send email via Chilkat.MailMan.SendEmail (using the SMTP protocol).

smtpAuthenticate:
  smtp_host: smtp.office365.com
  smtp_port: 587
  smtp_user: ****
  smtpAuthenticate:
    login_method: XOAUTH2
    auth_xoauth2:
      username: ****
      sendCmdToSmtp:
        SmtpCmdSent: {PasswordOrCredentials}
      --sendCmdToSmtp
      readSmtpResponse:
        SmtpCmdResp: 535 5.7.139 Authentication unsuccessful, SmtpClientAuthentication is disabled for the Tenant.
           Visit https://aka.ms/smtp_auth_disabled for more information. [****.PROD.OUTLOOK.COM 2023-07-03T11:15:43.462Z ****]
      --readSmtpResponse
    --auth_xoauth2
    Failed to login using XOAUTH2 method
  --smtpAuthenticate
  ConnectionType: SSL/TLS
--smtpAuthenticate

It means you need to enable SMTP Auth for specific mailboxes. See https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/authenticated-client-smtp-submission#enable-smtp-auth-for-specific-mailboxes

The web page at https://aka.ms/smtp_auth_disabled states the following:

Virtually all modern email clients that connect to Exchange Online mailboxes in Office 365 or Microsoft 365 (for example, Outlook, Outlook on the web, iOS Mail, Outlook for iOS and Android, etc.) don’t use SMTP AUTH to send email messages.

I don’t know if “Virtually all modern email clients” is accurate. An application that supports sending email would need to communicate with all mail servers, and the non-“SMTP AUTH” methods for Office 365/Exchange Server/Outlook are specific to Microsoft.

For example, if an application is to send email via Exchange Online NOT using SMTP AUTH, it would utilize other methods or protocols provided by Exchange Online, such as Exchange Web Services (EWS), Microsoft Graph API, or MAPI over HTTP, to establish a secure connection and send emails.

You can use Chilkat’s HTTP or REST clases to send email via the Microsoft Graph API. There are examples for it at https://www.example-code.com/. If you choose (and I would not recommend it), you can delve into the very complicated EWS API at https://learn.microsoft.com/en-us/exchange/client-developer/web-service-reference/ews-operations-in-exchange . Chilkat does not implement MAPI and has no plans for it.

In summary, if you wish to send email via Exchange Server, I would recommend either SMTP AUTH or Microsoft Graph. In both cases, the security of the communications channel is the same: TLS. And in both cases, the authentication method is the same: OAuth2.

Tags :