MozillaZine


Missing "Oauth2" from Outgoing SMTP setting

User Help for Mozilla Thunderbird
DaedalusKnight
 
Posts: 10
Joined: February 13th, 2021, 7:55 pm

Post Posted February 13th, 2021, 8:19 pm

My issue: the short version

I’m using the current version of Thunderbird (78.7.1 - 32-bit). I’m trying to enable “Oauth2” authentication on several of my mail accounts. I’m following these instructions:
• Bottom right: click on 'Edit SMTP server'
• Set outgoing server (SMTP) 'Authentication Method' to 'Oauth2'

However, when I do this, I see that “Oauth2” is not one of the choices. The ones that are listed are:
- No authentication
- Normal password
- Encrypted password
- Kerberos / GSSAPI
- NTLM

Screenshots here:

https://imgur.com/a/aTRT9z0

https://imgur.com/a/K7AeTSC



Can anyone tell me what I need to do in order to get the correct authentication method?


------

And now the longer version, with more specifics, if that would be helpful:

I’ve got a bunch of e-mail accounts that are technically Verizon ones (@verizon.net), but Verizon offloaded those accounts to AOL / Yahoo, who is now changing things. I got e-mails from AOL about those accounts which said:

“We noticed you've accessed your AOL email, calendar or contacts using a mobile app or computer program that isn't the AOL app, mail.aol.com or AOL Desktop Gold. We're emailing you because the security settings this app or program uses to connect to AOL may be out of date. You need to take action to continue using your AOL email without interruption.”


They presented three options to me:
Option 1: Use webmail or AOL’s app (neither of which are convenient for me).
Option 2: “Remove your AOL account from your third-party app or program, then add it again. This will update the app or program's connection to your AOL account to meet our security requirements.” I tried this, but it didn’t seem to do anything. It also seemed to delete all my e-mail folders (luckily I used Mozbackup beforehand and restored things).
Option 3: Generate a unique app password that gives your third-party app or program permission to log in to your AOL account, then update your app or program settings to use this password.

I don’t want to use this third method because I want to have to type my passwords into Thunderbird each time I access my e-mail, rather than have the passwords saved in the system. I also don’t want to have to memorize a half dozen long strings of numbers as my alternate password.

I tried to research this issue, and I found the following page:

https://support.mozilla.org/en-US/kb/th ... -and-yahoo

About halfway down this page, it mentions similar text to what was in the e-mail I got, though the page says “Yahoo” instead of “AOL” (I’m pretty sure they’re all the same system now) and the deadline is different:

"We’ve noticed that you’re using non-Yahoo applications (such as third-party email,calendar, or contact applications) that may use a less secure sign-in method. To protect you and your data, Yahoo will no longer support the current sign-in functionality in your application starting on 20 October 2020. "

Following the instructions on that page, I ran into the problem of the missing Oauth2 option I described above in “the short version.”


Can anyone out there tell me what setting I’ve got wrong that’s preventing Oauth2 from appearing, or tell me how to make “Option 2” function correctly?
Thanks in advance for your assistance.

tanstaafl
Moderator

User avatar
 
Posts: 47403
Joined: July 30th, 2003, 5:06 pm

Post Posted February 13th, 2021, 9:43 pm

I'm using Thunderbird 78.7.1 with a yahoo IMAP account under windows 10. Its smtp server entry uses smtp.mail.yahoo.com , port 465, ssl/tls as the connection security and Oauth2 as the authentication.

The yahoo account is a free one I signed up for, not one associated with Verizon, AOL etc. See viewtopic.php?p=14875909#p14875909 for posts by somebody who got it to work with AOL. That thread discusses the three official suggestions and I recommended just editing existing accounts to use OAuth2 instead, which several people followed,

Check that cookies are enabled for both yahoo.com and aol.com. I seem to remember that the popup window to create the token wouldn't appear without the necessary cookie support but perhaps now the Oauth2 option is hidden if the necessary cookies are disabled.

sfhowes
 
Posts: 586
Joined: April 1st, 2012, 10:21 am

Post Posted February 13th, 2021, 10:43 pm

If OAuth2 doesn't appear in the menu, but the server supports it and TB supports it for the specified server (Yahoo, AOL, gmail, Yandex etc.), open Options/General/Config. editor and change the preference mail.smtpserver.smtpN.authMethod to 10, where N = 1,2,3... depending on the account.

DaedalusKnight
 
Posts: 10
Joined: February 13th, 2021, 7:55 pm

Post Posted February 14th, 2021, 11:27 am

tanstaafl wrote:I'm using Thunderbird 78.7.1 with a yahoo IMAP account under windows 10. Its smtp server entry uses smtp.mail.yahoo.com , port 465, ssl/tls as the connection security and Oauth2 as the authentication.


This seems to match what I've got, except:
- I've got POP3 instead of IMAP
- It's smtp.verizon.net (should it somehow be smtp.mail.yahoo.com instead? I tried adding in the "mail" but it didn't seem to change things.)
- I can't choose Oauth2.

tanstaafl wrote:The yahoo account is a free one I signed up for, not one associated with Verizon, AOL etc. See viewtopic.php?p=14875909#p14875909 for posts by somebody who got it to work with AOL. That thread discusses the three official suggestions and I recommended just editing existing accounts to use OAuth2 instead, which several people followed,


Yes... I'd like to edit existing accounts to use Oauth2, as you recommend. I can't seem to get it to appear, though. I'll browse through the link you posted and see if I can find a solution there.

tanstaafl wrote:Check that cookies are enabled for both yahoo.com and aol.com. I seem to remember that the popup window to create the token wouldn't appear without the necessary cookie support but perhaps now the Oauth2 option is hidden if the necessary cookies are disabled.


Yes, I turned on cookies but did not see OAuth2 get added. Thanks for the suggestions, though.

DaedalusKnight
 
Posts: 10
Joined: February 13th, 2021, 7:55 pm

Post Posted February 14th, 2021, 11:49 am

sfhowes wrote:If OAuth2 doesn't appear in the menu, but the server supports it and TB supports it for the specified server (Yahoo, AOL, gmail, Yandex etc.), open Options/General/Config. editor and change the preference mail.smtpserver.smtpN.authMethod to 10, where N = 1,2,3... depending on the account.


Okay, I've followed your instructions. I opened the Config editor and changed that variable for one of my accounts from 3 to 10. Restarting the client resulted in partial success: OAuth2 now appears as the selected option for the account's outgoing/SMTP setting. Thanks for the advice.

Now I've got a further problem, though. The next step in the directions say I should:

- Select 'Server Settings' for mail account
- Set incoming server 'Authentication Method' to 'Oauth2'

When I change this other setting to Oauth2 and restart, I get the following message (as it tries to check for incoming mail):

"The server does not support the selected authentication method. Please change the 'Authentication method' in the 'Account Settings | Server settings'."

Do I maybe have the wrong server/port for the incoming server?
Server type: POP mail server
Sever name: pop.verizon.net
Port: 995

DaedalusKnight
 
Posts: 10
Joined: February 13th, 2021, 7:55 pm

Post Posted February 14th, 2021, 11:54 am

Oops... spoke too soon. Even though changing things in the config editor made the Oauth2 option appear, I can't send an e-mail using that setting. I get this pop-up when I try:

Sending of the message failed.
The Outgoing server (SMTP) smtp.verizon.net does not support the selected authentication method. Please change the 'Authentication method' in 'Account Settings | Outgoing Server (SMTP)'.

So... both incoming and outgoing servers do not support Oauth2?

sfhowes
 
Posts: 586
Joined: April 1st, 2012, 10:21 am

Post Posted February 14th, 2021, 12:22 pm

OAuth2 for verizon.net servers isn't supported in TB. It does work for pop.aol.com, imap.aol.com and smtp.aol.com, but I don't know if you can use those with a verizon.net address. You try adding the verizon account with AOL servers and OAuth2 and see if it works.

https://help.aol.com/articles/verizon-m ... ation-pop3

IMAP accounts apparently use imap.aol.com and smtp.verizon.net.

https://help.aol.com/articles/verizon-m ... evice-imap

tanstaafl
Moderator

User avatar
 
Posts: 47403
Joined: July 30th, 2003, 5:06 pm

Post Posted February 14th, 2021, 12:50 pm

Did you originally switch from Verizon to Yahoo or AOL (while keeping your Verizon email address)?

DaedalusKnight
 
Posts: 10
Joined: February 13th, 2021, 7:55 pm

Post Posted February 14th, 2021, 12:57 pm

sfhowes wrote:OAuth2 for verizon.net servers isn't supported in TB. It does work for pop.aol.com, imap.aol.com and smtp.aol.com, but I don't know if you can use those with a verizon.net address. You try adding the verizon account with AOL servers and OAuth2 and see if it works.


Okay. I just tried to manually change my outgoing server to smtp.aol.com for one account. When I tried to send an e-mail, it wouldn't work.

sfhowes wrote:https://help.aol.com/articles/verizon-move-to-aol-mail-updating-your-third-party-email-program-or-mobile-device-with-your-new-account-information-pop3


The instructions here confirm the servers I've been using and the port numbers I currently have.
The changes they ask me to make in the Thunderbird section don't seem at all related to my current issue? I don't want to add my password to the password manager or leave my mail on the server.

sfhowes wrote:IMAP accounts apparently use imap.aol.com and smtp.verizon.net.


I don't think I want to use IMAP (I tried it a long time ago and it let to various mail issues). Thanks for the further information, though.

So the issue now, as I understand it, is that AOL wants me to switch to Oauth2 authentication, but the verizon.net pop servers don't allow Oauth2 authentication on Thunderbird? Or am I misunderstanding things?

DaedalusKnight
 
Posts: 10
Joined: February 13th, 2021, 7:55 pm

Post Posted February 14th, 2021, 1:00 pm

tanstaafl wrote:Did you originally switch from Verizon to Yahoo or AOL (while keeping your Verizon email address)?


My accounts were at Verizon originally. Verizon dumped their e-mail service into the hands of AOL(which now has merged with Yahoo?), and they kept my e-mail address the same (@verizon.net). They've made other changes in the background, though, that have caused me headaches (such as this issue here and several others in the past).

tanstaafl
Moderator

User avatar
 
Posts: 47403
Joined: July 30th, 2003, 5:06 pm

Post Posted February 14th, 2021, 1:56 pm

Frequently when a email provider decides to require OAuth they require that only for IMAP accounts and SMTP servers. Your original post implied the POP account worked, you just had a problem sending. Is that correct? i.e. can you download new mail, you just can't send anything?

Your original post said you tried replacing the account but it didn't do seem to do anything. Please elaborate. Was the problem the new account defaulted to a IMAP account, it failed to login or ......?

DaedalusKnight
 
Posts: 10
Joined: February 13th, 2021, 7:55 pm

Post Posted February 14th, 2021, 4:00 pm

tanstaafl wrote:Frequently when a email provider decides to require OAuth they require that only for IMAP accounts and SMTP servers. Your original post implied the POP account worked, you just had a problem sending. Is that correct? i.e. can you download new mail, you just can't send anything?

Your original post said you tried replacing the account but it didn't do seem to do anything. Please elaborate. Was the problem the new account defaulted to a IMAP account, it failed to login or ......?


My apologies... I seemed to have left out part of the story. I got an email from AOL stating the following:

"We noticed you've accessed your AOL email, calendar or contacts using a mobile app or computer program that isn't the AOL app, mail.aol.com or AOL Desktop Gold. We're emailing you because the security settings this app or program uses to connect to AOL may be out of date. You need to take action to continue using your AOL email without interruption.

If you've already taken action, there's nothing else you need to do. If you haven't yet made changes, your action is required by June 1, 2021 to avoid interruption with your AOL Mail service.

What's changing?

To help protect the security of your account, starting on June 1, 2021, AOL will stop allowing connections from some third-party apps and programs unless you take action. Examples of third-party desktop programs include Thunderbird, Outlook, Apple Mail and Windows Mail, and third-party mobile apps include the iOS Mail app, Gmail app and Samsung Mail app, among others."



My e-mail is currently still working, but I'm worried that it will stop working starting in June.
The replacing I talked about was the "option 2" from their instructions:

"Option 2. Remove your AOL account from your third-party app or program, then add it again. This will update the app or program's connection to your AOL account to meet our security requirements."

From my research, it seemed to me that the change they're making is requiring OAuth2 from June onward. However, this was not spelled out in their e-mail, and Oauth2 didn't enable when I removed my account and added it back in. Perhaps I jumped to the wrong conclusion about Oauth2 being required from now on? I wish they'd be more clear about what they're doing behind the scenes.

sfhowes
 
Posts: 586
Joined: April 1st, 2012, 10:21 am

Post Posted February 14th, 2021, 4:13 pm

They probably aren't aware that TB, and maybe other mail apps, don't automatically support OAuth2 for any service that offers it. The support has to be 'hard-coded' into TB, which is true for AOL, Yahoo, gmail etc. If the Verizon servers aren't added to TB by June, you might be able to get around the restriction by generating an app password on the Verizon site, and use that in TB with 'normal password' authentication. That is, if Verizon has app passwords; AOL does, and I used one for the mail app on my phone.

DaedalusKnight
 
Posts: 10
Joined: February 13th, 2021, 7:55 pm

Post Posted February 14th, 2021, 6:21 pm

sfhowes wrote:They probably aren't aware that TB, and maybe other mail apps, don't automatically support OAuth2 for any service that offers it. The support has to be 'hard-coded' into TB, which is true for AOL, Yahoo, gmail etc.


Well that's unfortunate, if that is the case. I don't suppose there's a method to submit feedback to the TB devs to suggest they add in support?


sfhowes wrote:If the Verizon servers aren't added to TB by June, you might be able to get around the restriction by generating an app password on the Verizon site, and use that in TB with 'normal password' authentication. That is, if Verizon has app passwords; AOL does, and I used one for the mail app on my phone.


Yeah... that's "Option 3" from the original e-mail. I was hoping to avoid that, as it means replacing my regular passwords with auto-generated strings of numbers (and other inconveniences). If that's the only functioning choice come June, though, I guess I'm stuck with it.

tanstaafl
Moderator

User avatar
 
Posts: 47403
Joined: July 30th, 2003, 5:06 pm

Post Posted February 14th, 2021, 7:07 pm

https://bugzilla.mozilla.org/show_bug.cgi?id=1310389 is a meta-bug to track OAuth support. Using that I found https://bugzilla.mozilla.org/show_bug.cgi?id=1310384 (Add OAuth2 support for AOL mail accounts) which is closed, stating it was implemented in version 63 (which is not a production release).

The 68.0 release notes mention "OAuth2 authentication for Yandex" but nothing about AOL. The 68.5.0 release notes mention adding "Support for OAuth 2.0 authentication for POP3 accounts". The 78.4.0 release notes has "Yahoo and AOL mail users using password authentication will be migrated to OAuth2".

I suspect there is no AOL POP support in Thunderbird due to AOL not implementing it on the server. Sometimes its not worth fighting City Hall. I suggest you consider switching to a IMAP account. You can disable some of its optional features to make it act more like a POP account. Just remember that you can't count on the mbox files like you can with a POP account, they can be modified/deleted when Thunderbird synchs the local and remote folders. That doesn't mean you can't use them to make a backup, it means you can only rely upon a copy of those mbox files.

Return to Thunderbird Support


Who is online

Users browsing this forum: No registered users and 7 guests