Can't send smtp with outlook

[sbe-arg]

on docker been playing with plain and bearer but cannot figure this out

compose file:

  falcosidekick:
    image: falcosecurity/falcosidekick:latest
    ports:
      - 2801:2801
    environment:
      - SMTP_AUTHMECHANISM=oauthbearer
      - [email protected]
      - SMTP_HOSTPORT=smtp-mail.outlook.com:587
      - [email protected]
      - SMTP_PASSWORD=mylegacypass
      - [email protected]
      - [email protected]
      - SMTP_TLS=true

[ERROR] : SMTP - Send Mail failure : Client not authenticated to send mail.

[Issif]

Have you tried with SMTP_AUTHMECHANISM=plain ?

PS: I transferred this issue into falcosidekick repo

[sbe-arg]

Yes I tried both plain and authbearer
I get exactly the same error.

I'm using the same set of credentials in other services.
I'd like to udnerstand what the SMTP_IDENTITY should be. I wonder if passing the email there is not the right thing to do. But I have tried many combinations always getting the same error

[ERROR] : SMTP - Send Mail failure : Client not authenticated to send mail. [id.ausprd01.prod.outlook.com 2023-10-10T19:12:56.980Z]

[Issif]

For the identity:

// A client implementation of the PLAIN authentication mechanism, as described
// in RFC 4616. Authorization identity may be left blank to indicate that it is
// the same as the username.
func NewPlainClient(identity, username, password string) Client {
	return &plainClient{identity, username, password}
}

So it can be left empty. It's hard to help you cause I can't replicate.

[poiana]

Issues go stale after 90d of inactivity.

Mark the issue as fresh with /remove-lifecycle stale.

Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Provide feedback via https://github.com/falcosecurity/community.

/lifecycle stale

[Issif]

@sbe-arg is your issue still there?

[sbe-arg]

Yes still does no work for hotmail smtp

[Issif]

Yes still does no work for hotmail smtp

Ok, I'll see to create an hotmail account and use their SMTP servers to test.

[poiana]

Stale issues rot after 30d of inactivity.

Mark the issue as fresh with /remove-lifecycle rotten.

Rotten issues close after an additional 30d of inactivity.

If this issue is safe to close now please do so with /close.

Provide feedback via https://github.com/falcosecurity/community.

/lifecycle rotten

[Issif]

/remove-lifecycle rotten

[Issif]

Hi,

I dug to fix this issue and I come with bad news. Office365 (outlook, hotmail, ...) requires to use a specific module to get a valid Token for the oauth https://github.com/AzureAD/microsoft-authentication-library-for-go. As the smtp output of Falco is not really used and outlook even less, I'll not spend time on integrating this specific case. I hope you'll understand my decision.
Once I got your answer, I'll close this issue, feel free to do it yourself either.

[sbe-arg]

Its fine I suggest we just update the documentation for now for future readers.

[Issif]

The documentation has been updated with a warning. Thanks for your help and sorry for the disturbance with O365 systems, if more people face the same issue in the future, I'll see to integrate the auth mechanism anyway.