With Microsoft disabling basic auth in Exchange Online, I set out to add support Modern Authentication in our application. Our app sends basic email alerts. Currently we use SMTP basic auth or open relay for this, but Modern Auth would be a nice addition.

To fully understand the process, I'd like to go through the entire email process manually. I have a development tenant at Microsoft, in which I have registered our application. I have no issues in acquiring the Oauth token with an email scope. It's the communication with the SMTP server that I can't get through.

As the communication has to be encrypted, I use openssl (instead of telnet). I connect to the server with this command:

openssl s_client -connect smtp.office365.com:587 -crlf -starttls smtp

There is some feedback around SSL negotiation and then the server responds with:

250 SMTPUTF8

At that point I believe I am supposed to use the EHLO command. However, after

EHLO

The response is just (Server changes on every attempt)

' [AM4PR0101CA0056.eurprd01.prod.exchangelabs.com] 

At this point I'm not sure what to do. I believe it may be necessary to insert some domain after the ehlo command (to identify the Microsoft online tenant to connect to?). However, whatever domain I insert, the response is always:

501 5.5.4 Invalid domain name [AM4PR0101CA0056.eurprd01.prod.exchangelabs.com]

Can somebody explain how to initiate communications with a Microsoft Exchange Online tenant via OpenSSL? What do I put after EHLO? Am I connecting to the right address at all? I'm just trying to get to a point where I can issue a AUTH XOAUTH2 command to log in on my tenant.

I've been able to do the complete process om Gmail's smtp server (smtp.gmail.com). On there, it does not matter what you add after the ehlo command, after issuing it you will be greeted and can proceed to login with various AUTH commands.