We're calling on all EU-based Mozillians with iOS or iPadOS devices to help us monitor Apple’s new browser choice screens. Join the effort to hold Big Tech to account!

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Thunderbird is not allowed to send mail for 2FA with Office365

  • 4 replies
  • 1 has this problem
  • 1 view
  • Last reply by Owl

more options

Hi, My institution has stopped allowing mail to be sent via Thunderbird using OAuth2 because of security concerns. They write:

"While Thunderbird uses Oauth2, it doesn't use/support it fully for sending mail. As such you can authenticate with oauth2 and download/receive mail on Thunderbird, but you can't send mail. Despite saying Outgoing mail uses oAuth2, Thunderbird still requires SMTP to be turned on to use it. This negates the security benefit from the decision to end legacy authentication, and is the change we are not able to do from the new policy. If Thunderbird were to fully support/use oauth2 for sending and receiving it should work. However, while thunderbird - or other mail clients - require SMTP in order to send mail, they will not be able to properly send mail."

Does / will Thunderbird address this and update? Is there an existing solution or explanation?

Hi, My institution has stopped allowing mail to be sent via Thunderbird using OAuth2 because of security concerns. They write: "While Thunderbird uses Oauth2, it doesn't use/support it fully for sending mail. As such you can authenticate with oauth2 and download/receive mail on Thunderbird, but you can't send mail. Despite saying Outgoing mail uses oAuth2, Thunderbird still requires SMTP to be turned on to use it. This negates the security benefit from the decision to end legacy authentication, and is the change we are not able to do from the new policy. If Thunderbird were to fully support/use oauth2 for sending and receiving it should work. However, while thunderbird - or other mail clients - require SMTP in order to send mail, they will not be able to properly send mail." Does / will Thunderbird address this and update? Is there an existing solution or explanation?

Chosen solution

Hi epoehler, Owl supports the official Thunderbird releases, but not Thunderbird betas. We make an effort to make Owl compatible shortly before the TB release comes out. Once the next official Thunderbird release comes out, Owl should be compatible with it by then.

Read this answer in context 👍 0

All Replies (4)

more options

Sorry, but your institution id conflating protocols with authentication. It does not help you any that they apparently are not able to define a difference. SMTP, IMAP, POP and activesync are all access protocols. Oauth is an authentication method that is used to authenticate to those services.

I think it would be a slightly more accurate to say we demand you use activesync (Microsoft Exchange Proprietary) protocol. If you don't we are not playing. The rest is just so much dross and excuses.

I have dropped a note to the developer of the owl addon for exchange. Perhaps he can tell me if the addon might be a solution for you.



.

more options

Hi epoehler,

I'm the owner of Beonex and Owl. First, to answer Matt's question, Owl does not use SMTP, but implements the native Exchange protocols for sending and receiving mail. It can use both password-based auth and "Modern Authentication" / OAuth2. Owl is made specifically to receive and send mail via Exchange and Office365.

I have difficulty to understand what "your institution" wrote. SMTP can use either OAuth2, or password based authentication, or IP-address-based authentication. While it's true that Thunderbird without Owl can send mail only via SMTP, Thunderbird can use SMTP with OAuth2.

Ben Bucksch Beonex, Owl addon

more options

Thanks, Matt for helping me understand that distinction. Thanks, also, to Ben for creating Owl. I was able to install owl and am now sending mail. To do so, however, I needed to roll back to Thunderbird 91.5. Will Owl be compatible with later versions of Thunderbird eventually?

more options

Chosen Solution

Hi epoehler, Owl supports the official Thunderbird releases, but not Thunderbird betas. We make an effort to make Owl compatible shortly before the TB release comes out. Once the next official Thunderbird release comes out, Owl should be compatible with it by then.

Modified by Owl