Sunday 29 November 2020

Exchange 365 stupidity

My current email host is shutting down my account shortly, they did give me plenty of notice, I just haven't had any time to do anything about it. I don't really have any time to do anything about it now, but the issue is forced since I can't carry on working with no email.

Previously I had investigated possible solutions, the ideal would be my own email server with someone like DigitalOcean, but I don't have the time to set that up. So instead I decided to go with Exchange 365 as this is very cheap at only £3.60 a month for unlimited shared mailboxes. I have multiple mailboxes over multiple domains, and I am the only 'user', so this works out far cheaper than other providers that charge per mailbox.

But of course, with it being an MS product, getting it set up wasn't simple. I do have to give them credit for their Email migration tool though, this was simple to set up and worked well (as far as I can tell). The limit of 35MB per message does seem rather stingy, and wouldn't suit some people, but max message size with my current email provider is far stingier than 35MB, so it was no problem for me.

The first problem I had was setting up my account in Thunderbird (the email client I use). Info I had read said I needed to use the ExQuilla (paid) add-on. Thankfully you can install this without paying, as I couldn't find any way to get this working with my shared mailboxes.

After reading more info, it seemed to be the consensus was that you should setup the accounts in Thunderbird using IMAP rather than using Exchange. So I got my first mailbox set up using the guidelines here: Office 365 Exchange Online - How to access a Shared Mailbox using Thunderbird or other IMAP client, but I couldn't send and was getting something like unknown error sending of the message failed due to unexpected error 80004005 when sending a test email.

Searching the web about this brought up various things. One was about setting up an 'app password', but Microsoft's own articles about how to do this give instructions that are not possible to follow or contain links that go to dead ends. I would guess either MS have moved the location of where an app password can be set up and not updated their documentation, or it is something for personal MS accounts only, or its been removed.

I managed to turn off 2FA for my account via the Azure AD web admin: https://portal.azure.com/ > Azure AD > Users > Multi Factor Authentication (link along the top) > check the user > disable (under quick steps). BTW if you click the 'service settings' tab, here is where you can check that 'app passwords' is enabled, which it was for me already, but as I mentioned, there doesn't appear to be anywhere you can create an app password.

In any event, this had no effect. I tried using the domain.mail.protection.outlook.com address as the SMTP server, but still got nowhere.

So I tried sending an email via powershell, first with the domain.mail.protection.outlook.com address (and port 25), then with the smtp.office365.com server and my main 365 account:

$Cred = Get-Credential
Send-MailMessage -From 'me@myaccount.onmicrosoft.com' -To 'adifferentemail@somewebsite.com' -Subject 'Test mail' -Credential $Cred -Port 587 -SmtpServer 'smtp.office365.com' -UseSsl $TRUE

When the Get-Credential prompts for your user details, you just enter the user and password for your main O365 a/c. This was actually very helpful as it gave me a much more useful error message:

Send-MailMessage : Mailbox unavailable. The server response was: 5.7.606 Access denied, banned sending IP
[my.ip]. To request removal from this list please visit https://sender.office.com/ and follow the directions.
For more information please go to  http://go.microsoft.com/fwlink/?LinkID=526655 AS(1430)

After doing this, you are told it will take 30 minutes to get your IP removed from MS' blocklist. However, after 30 minutes I was still getting the same message. So I tried again, but this time from my shared mailbox address, requested the unblock again (using my shared mailbox email address), and after another 30 minutes I was a bit further. I was now getting:

Send-MailMessage : The SMTP server requires a secure connection or the client was not authenticated. The server
response was: 5.7.57 SMTP; Client was not authenticated to send anonymous mail during MAIL FROM

This didn't make any sense, as I wasn't sending anonymous email, I was providing the credentials. After much more searching I found a solution that fixed it - the advice was to go to Office 365 > Users > Active Users > Click on the user name > Mail tab > Manage Email apps > Ensure Authenticated SMTP is checked. Now in my case it was ticked, but after saving the settings (despite making no changes) I could now magically send the email. I have since turned back on 'Enable Security defaults' in Azure AD (one piece of advice was to turn this off) and re-enabled 2FA, and it is still working.

So it seems the final setup is:

  • Create shared mailbox, add an alias to it and ensure your main account has full access to it (which it should be default).
  • Go to your user in Office 365 admin, and save the 'Manage email apps' setting (ensuring that Authenticated SMTP is checked).
  • Settings for IMAP Configuration:
    EMAIL ADDRESS:
    shared@anotherdomain.com (shared mailbox)
    IMAP SERVER:
    outlook.office365.com 993 SSL
    USERNAME:
    user@maindomain.com\shared-mailbox (user\shared mailbox alias)
    PASSWORD:
    main user's password
  • Settings for SMTP:
    SMTP SERVER:
    smtp.office365.com 587 TLS
    USERNAME:
    user@maindomain.com (main username)
    PASSWORD:
    main user's password

Additionally, it seems that you actually get users created for each shared mailbox, and you can use these accounts to directly login and send email. But I'm a bit confused on this if the account is just having a trial period, and after that only the main user account will be able to access the shared account. It would be weird if for £3 a month you actually got unlimited users and mailboxes (up to 50GB total storage), just that all mailboxes must be set as shared.

Oh yes, another annoyance was when setting up the account on my phone (Gmail app), I added the account as an Exchange a/c (not IMAP) and used the email of the shared mailbox but credentials of the main user. But the actual mailbox it added was that of the main user (it showed the email address of the shared mailbox though). Adding it again using the credentials of the (unlicensed) user for the shared mailbox did work.

When signing up for Exchange 365, I also found it rather disingenuous that they described it as being reliable - they are almost constantly having problems with Exchange 365 services. Thankfully most of the time the problems aren't with actual email delivery, but sometimes that does go down as well (usually they have it back up after a few hours).

So far I've only migrated one account, so I've now got the rest of my accounts to migrate. Hopefully I've now got things sorted so the rest will be smoother.

I also almost forgot to mention that many of the answers.microsoft.com forum threads that came up in the search results would just load with We are sorry, the thread is not available at this time. Basically everything MS is broken.

Posted by Rusty at 21:31 0 comments
Subscribe to: Posts (Atom)