none
POP3 OAuth Authentication gives “-ERR Protocol error. Connection is closed” RRS feed

  • Question

  • My company needs to upgrade an application to integrate two-legged OAuth 2.0 for POP3. I'm testing with an outlook online account and trying to authenticate on outlook.office365.com.

    I registered for an Exchange Online trial using my test outlook account and I have tried testing with the Exchange email address as well (gives the same error).

    I've registered my app on Azure and have enabled API Application Permissions for MS Graph (Mail.ReadWrite, Mail.Send) and Exchange (full_access_as_app). The same outlook account I used for the Exchange registration is the Global Admin of the Azure tenant.

    I'm able to request a valid OAuth token from both the Graph and Exchange endpoints. However, when I use the token and try to log into the POP server, I get the following error:

    <PopCmdResp>-ERR Protocol error. Connection is closed. 10</PopCmdResp>
    

    Followed by:

    <error>POP3 authentication failed</error>
    

    I'm not sure what this error means. Does my mail component need to be set up to use a different protocol (not sure if this is possible)? Could this be an issue with the way my application is registered/authenticated or with the Exchange security settings?

    The login works fine if I use Basic Auth instead of OAuth.

    I'm not sure how to troubleshoot this. Any info or suggestions would be much appreciated!

    EDIT

    I recently stumbled across this Microsoft article that references the same error, but it's related to Exchange Server 2007. The article says the solution is to increase the "MaxCommandSize" setting on the Exchange server from the default 40kb.

    This is literally the only other place I've seen this error referenced online:

    https://support.microsoft.com/en-ca/help/945552/error-message-when-you-try-to-connect-to-a-pop3-mailbox-on-exchange-se

    I wonder if this is relevant for Exchange Online/Outlook? I'm unable to find a similar setting on my Exchange Online trial or Outlook mail settings

    EDIT 2

    I thought I'd post the tokens I'm getting back from both endpoints in case they're useful. Apologies for the formatting, I'm having trouble figuring out how to format this cleanly and my edits keep getting flagged as spam.

    Graph Endpoint:

    {
    
    "aud": "https://graph.microsoft.com",
    
    "iss": "https://sts.windows.net/04669076-130f-49aa-b6b8-171a9e74b324/",
    
    "iat": 1585688162,
    
    "nbf": 1585688162,
    
    "exp": 1585692062,
    
    "aio": "42cAAh59R94bYs4Je0Kn290+uwUA",
    
    "app_displayname": "Remindex",
    
    "appid": "ad2ead7c-edb9-476f-8209-ecb29e1b7355",
    
    "appidacr": "1",
    
    "idp": "https://sts.windows.net/04669076-130f-49aa-b6b8-171a9e74b324/",
    
    "oid": "0f7a5174-fcce-4752-ae07-ba8e64de467f",
    
    "roles": [
    
    "Mail.ReadWrite",
    
    "Mail.Send"
    
    ],
    
    "sub": "0f7a5174-fcce-4752-ae07-ba8e64de467f",
    
    "tid": "04669076-130f-49aa-b6b8-171a9e74b324",
    
    "uti": "gpIYvaSYikuDnd6CFQAnAA",
    
    "ver": "1.0",
    
    "xms_tcdt": 1585156686
    
    }


    Exchange Endpoint:

    {
    
    "aud": "https://outlook.office365.com",
    
    "iss": "https://sts.windows.net/04669076-130f-49aa-b6b8-171a9e74b324/",
    
    "iat": 1585688002,
    
    "nbf": 1585688002,
    
    "exp": 1585691902,
    
    "aio": "42dgYNjxvn/mtBN+7zm3/vu4L0yyAgA=",
    
    "app_displayname": "Remindex",
    
    "appid": "ad2ead7c-edb9-476f-8209-ecb29e1b7355",
    
    "appidacr": "1",
    
    "idp": "https://sts.windows.net/04669076-130f-49aa-b6b8-171a9e74b324/",
    
    "oid": "0f7a5174-fcce-4752-ae07-ba8e64de467f",
    
    "roles": [
    
    "full_access_as_app",
    
    "Mail.ReadWrite",
    
    "MailboxSettings.ReadWrite",
    
    "Mail.Read",
    
    "Mail.Send",
    
    "MailboxSettings.Read"
    
    ],
    
    "sid": "f4596631-bebc-4308-8b46-8ea14b842739",
    
    "sub": "0f7a5174-fcce-4752-ae07-ba8e64de467f",
    
    "tid": "04669076-130f-49aa-b6b8-171a9e74b324",
    
    "uti": "0lyqmDTwPEqSeXwQYHUlAA",
    
    "ver": "1.0"
    
    }






    Tuesday, March 31, 2020 8:43 PM