davmail icon indicating copy to clipboard operation
davmail copied to clipboard

Published 20 hours ago verified publisher icon mguessan

SMTP and shared mailboxes results in AADSTS50059 return code.

Open shymega opened this issue 1 year ago • 5 comments

Hi,

I'm setting up Davmail for a Microsoft 365 Business account. The setup is that there are two shared mailboxes, to which my user has access. However, even with the syntax described in #91, and on the latest version of Davmail (not trunk, will try that shortly), I'm finding Davmail chokes on the following error from Microsoft:

AADSTS50059: No tenant-identifying information found in either the request or implied by any provided credentials.

I've checked AAD, and the Davmail application has been granted access to the whole M365 organisation, so I believe permissions are correct.

The tenant ID is not set in the props, and I'm using the default OAuth 2.0 settings.

I can share some more information once I sanitize and anonymize it.

Is this a known bug? IMAP works just fine - it's only SMTP that fails.

shymega avatar Sep 04 '23 23:09 shymega

Hi. I'm just an interested bystander, fwiw. Looking at the change made for a shared mailbox in PR #91, it only changed code in ImapConnection.java. I would think there would need to be some similar change to SmtpConnection.java, and I don't see one in PR #91. Just guessing, but that might be why it works for IMAP but not SMTP.

esabol avatar Sep 05 '23 06:09 esabol

splitusername wouldn't help over SMTP, the CreateItem call to send message doesn't support impersonation.

I don't even know if it's possible over EWS

mguessan avatar Sep 21 '23 07:09 mguessan

I don't think it's possible over EWS either. I am sort of experimenting with a proxy that runs as an extension to Apache James, and using both EWS (2nd-tier, given Microsoft's position) and Microsoft Graph (1st-tier).

It's a shame EWS doesn't support shared mailboxes - seems like a huge oversight. Might be worth asking Microsoft directly, I can't see it documented. But it could be an undocumented method.

shymega avatar Sep 24 '23 22:09 shymega

I checked again the code, the send message is implemented by creating an item in the sent folder with send message flag. I am wondering if doing this on the shared mailbox sent folder would work.

That's what we do for Caldav shared mailbox access: http://localhost:1080/users/[email protected]/calendar

Steps would be:

  • provide a way to pass shared mailbox inside SMTP username
  • pass it to getFolderId, path would be /users/[email protected]/Sent
  • create item in this folder with SendAndSaveCopy or SendOnly flag

mguessan avatar Sep 29 '23 08:09 mguessan

That sounds like a sane approach. I did have a look at the sources, but quickly found I was jumping between classes, just to get to the actual sendMessage logic.

If the shared mailbox was to be passed via the SMTP username - my vote would be a similar syntax to IMAP shared mailboxes.

shymega avatar Oct 04 '23 23:10 shymega