MFA and emails
cyber_monkey
Newbie ✭
Best Answer
-
CORRECT ANSWERKMBIT
Newbie ✭
Cyber M;
I have read through your post and the comments a few times and I am still wondering how you have the SMTP Service setup on the firewall and has it been tested?
I have just setup a user with OTP via Email and the email gets sent out - no problem.
I believe the confusion here is the setup of the SMTP Service is separate from the configuration of the User email.
You need to go to Device/Log/Automation then the Mail Server Settings to configure the SMTP service.
you need to setup the mail server - for 365 it is smtp.office365.com
you need to define the credentials for the account that is going to send the emails, this is done under "Advanced"
you will need to set connection to STARTTLS and then manually set the port to 587
Then check Enable SMTP Authentication and enter the account that is going to be used to send the emails along with either their password or the App password that was created for this account.
Save that and then click on Test Settings and if it passes click Accept.
Then your emails will go out to uses for OTP via Email.
I hope this helps.
0
Answers
Are you using Office365?
You need to use the App password with MFA.
@JackBurton are you saying it's impossible to use MFA with email? It's an option in the sonicwall.
And yes I am using office365
No, I didn't say that at all. I've never used the email part, I always use an Authenticator.
I'm talking about if it requires the users email password to send emails (or whatever account you set up to send the mfa emails) then you need to use the app password from office365. I have never tried the email on a sonicwall so I don't know how that works
Oh. The email itself doesn't have MFA on it. Where do you get this app password from?
AFAIK App Passwords, SMTP Auth, and other features may not be available depending on your security settings.
I know it works. We use the account on our scanners and other systems for sending emails using our office 365 email server. I can't figure out why this one is any different. I've tried ports 587 and 25.
Run and analyze a packet capture that includes firewall generated packets (Gen 7: under Advanced Monitor Filter \ Monitor Firewall Generated Packets).
You can also check Entra ID logs for login failures.
Go to admin.microsoft.com - Users - click on the user account sending the emails - click the Mail tab - Under "email apps" - "manage email apps" - make sure Authenticated SMTP is checked.
You don't need the Pop before SMTP settings.
So I finally got it. I think there was a discrepancy between the from e-email address in the regular settings and the advanced settings. There was also no need to click the "authentication method" drop down.
@Razzberry you shouldnt have to use an app password, just use the 'direct send' method in the microsoft article.