Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ombi Email Notifications Failing Due to Deprecation of Basic Authentication #5175

Open
Tor-Brynjar opened this issue Oct 11, 2024 · 5 comments
Open

Ombi Email Notifications Failing Due to Deprecation of Basic Authentication #5175

Tor-Brynjar opened this issue Oct 11, 2024 · 5 comments

Comments

@Tor-Brynjar
Copy link

Summary

Summary of the Issue:

The error reported relates to the recent deprecation of Basic Authentication by Microsoft in Exchange Online, particularly affecting applications that use SMTP, IMAP, or POP protocols. The Ombi application is attempting to authenticate using Basic Authentication while sending an email, which is now disabled by default, leading to the error:

MailKit.Security.AuthenticationException: 535: 5.7.139 Authentication unsuccessful, basic authentication is disabled.

Microsoft deprecated Basic Authentication as it is a security risk. It does not support multi-factor authentication (MFA) and is vulnerable to attacks where credentials could be intercepted and reused. Modern Authentication, based on OAuth 2.0, offers improved security by using tokens that expire and are specific to the application, preventing misuse.

Resolution:

  1. Switch to OAuth 2.0: Ombi needs to be updated to support Modern Authentication using OAuth 2.0 for email notifications.

Ombi Version

4.41.1

What platform(s) does this occur on?

Docker

What database are you using?

MySQL

Relevant log output

fail: Ombi.Notifications.GenericEmailProvider[0]
      Exception when attempting to send an email
      MailKit.Security.AuthenticationException: 535: 5.7.139 Authentication unsuccessful, basic authentication is disabled. [CH2PR15CA0017.namprd15.prod.outlook.com 2024-10-11T15:15:00.294Z 08DCE9CE417FBB7C]
       ---> MailKit.Net.Smtp.SmtpCommandException: 5.7.139 Authentication unsuccessful, basic authentication is disabled. [CH2PR15CA0017.namprd15.prod.outlook.com 2024-10-11T15:15:00.294Z 08DCE9CE417FBB7C]
         --- End of inner exception stack trace ---
         at MailKit.Net.Smtp.SmtpClient.Authenticate(Encoding encoding, ICredentials credentials, CancellationToken cancellationToken)
         at MailKit.MailService.Authenticate(Encoding encoding, String userName, String password, CancellationToken cancellationToken)
         at MailKit.MailService.Authenticate(String userName, String password, CancellationToken cancellationToken)
         at Ombi.Notifications.GenericEmailProvider.SendAdHoc(NotificationMessage model, EmailNotificationSettings settings) in /home/runner/work/Ombi/Ombi/src/Ombi.Notifications/GenericEmailProvider.cs:line 109
warn: Ombi.Controllers.V1.External.TesterController[0]
      Exception when testing Email Notifications
      MailKit.Security.AuthenticationException: 535: 5.7.139 Authentication unsuccessful, basic authentication is disabled. [CH2PR15CA0017.namprd15.prod.outlook.com 2024-10-11T15:15:00.294Z 08DCE9CE417FBB7C]
       ---> MailKit.Net.Smtp.SmtpCommandException: 5.7.139 Authentication unsuccessful, basic authentication is disabled. [CH2PR15CA0017.namprd15.prod.outlook.com 2024-10-11T15:15:00.294Z 08DCE9CE417FBB7C]
         --- End of inner exception stack trace ---
         at MailKit.Net.Smtp.SmtpClient.Authenticate(Encoding encoding, ICredentials credentials, CancellationToken cancellationToken)
         at MailKit.MailService.Authenticate(Encoding encoding, String userName, String password, CancellationToken cancellationToken)
         at MailKit.MailService.Authenticate(String userName, String password, CancellationToken cancellationToken)
         at Ombi.Notifications.GenericEmailProvider.SendAdHoc(NotificationMessage model, EmailNotificationSettings settings) in /home/runner/work/Ombi/Ombi/src/Ombi.Notifications/GenericEmailProvider.cs:line 109
         at Ombi.Controllers.V1.External.TesterController.Email(EmailNotificationSettings settings) in /home/runner/work/Ombi/Ombi/src/Ombi/Controllers/V1/External/TesterController.cs:line 300
@blixten85
Copy link

I have this problem too with hotmail, got app password enabled

at MailKit.Net.Smtp.SmtpClient.Authenticate(Encoding encoding, ICredentials credentials, CancellationToken cancellationToken)
   at MailKit.MailService.Authenticate(Encoding encoding, String userName, String password, CancellationToken cancellationToken)
   at MailKit.MailService.Authenticate(String userName, String password, CancellationToken cancellationToken)
   at Ombi.Notifications.GenericEmailProvider.SendAdHoc(NotificationMessage model, EmailNotificationSettings settings) in /home/runner/work/Ombi/Ombi/src/Ombi.Notifications/GenericEmailProvider.cs:line 109
   at Ombi.Controllers.V1.External.TesterController.Email(EmailNotificationSettings settings) in /home/runner/work/Ombi/Ombi/src/Ombi/Controllers/V1/External/TesterController.cs:line 300
2024-10-23 12:52:54.451 +02:00 [ERR] Exception when attempting to send an email
MailKit.Security.AuthenticationException: 535: 5.7.139 Authentication unsuccessful, basic authentication is disabled. [AM8P189CA0005.EURP189.PROD.OUTLOOK.COM 2024-10-23T10:52:54.445Z 08DCF2E5E59C7A1A]
 ---> MailKit.Net.Smtp.SmtpCommandException: 5.7.139 Authentication unsuccessful, basic authentication is disabled. [AM8P189CA0005.EURP189.PROD.OUTLOOK.COM 2024-10-23T10:52:54.445Z 08DCF2E5E59C7A1A]
   --- End of inner exception stack trace ---

@chesh1r3k
Copy link

+1

@Dan-613
Copy link

Dan-613 commented Nov 9, 2024
edited
Loading

How would you suggest resolving this without requiring every admin to create an Azure App Registration to support OAuth 2.0 for their installation ?

@Tor-Brynjar

@Tor-Brynjar
Copy link
Author

Tor-Brynjar commented Nov 9, 2024
edited
Loading

How would you suggest resolving this without requiring every admin to create an Azure App Registration to support OAuth 2.0 for their installation ?

@Tor-Brynjar

You could avoid that by implementing a built-in option for OAuth 2.0, where admins configure their email credentials directly in the application, and Ombi handles the token generation and renewal process internally.

Ultimately, the easier solution for Ombi would be to explicitly not support Microsoft email addresses and advocate for users to instead use a different email provider that still accepts basic auth.

@Dan-613
Copy link

Dan-613 commented Nov 9, 2024

You could avoid that by implementing a built-in option for OAuth 2.0, where admins configure their email credentials directly in the application, and Ombi handles the token generation and renewal process internally.

As far as I'm aware (correct me if I'm wrong), OAuth 2.0 still requires details such as ClientID etc which can only be created by performing an App Registration on Azure, Google Cloud etc.

Ultimately, the easier solution for Ombi would be to explicitly not support Microsoft email addresses and advocate for users to instead use a different email provider that still accepts basic auth.

As time progresses, more and more providers will stop offering basic auth. I wonder how other Open Source projects similar to Ombi are handling this issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@chesh1r3k @blixten85 @Tor-Brynjar @Dan-613