Oct 08

MailBot has been updated to version 16.57.

OAuth2 logo

This article is a continuation of the previous one, about adapting MailBot to mandatory authentication via OAuth2 for Outlook mail servers.

A new setting “Generate OAuth2 refresh token” has been added to the “Email Features” tab:

New OAuth2 refresh token generation setting

This setting currently only works for the Outlook/Hotmail module. If the checkbox is checked, the Outlook creator will generate OAuth2 tokens for accessing mail protocols after successfully creating an account, and the checker will generate them after successfully logging into an existing account.

Attention! All OAuth2 tokens are generated for ClientId 9e5f94bc-e8a4-4e73-b8be-63364c29d753, which is the ClientId of the Mozilla ThunderBird IMAP client in Outlook.

After successfully receiving OAuth2 tokens, MailBot will append a refresh token string to the end of the account string, and will also additionally save all parameters received from the OAuth2 server to a JSON file in the “oauth2” folder inside the “Accounts” folder. The file name will match the account email address. Example of the contents Read more »

tavel \\ , , , , , , , , , , , , ,

Sep 30

MailBot has been updated to version 16.54.

OAuth2 logo

Since September 20, 2024, Microsoft has almost completely disabled authentication via regular password (PLAIN method) on its IMAP, SMTP and POP3 servers, leaving only the OAuth2 option (XOAUTH2 method). As of today, only a few servers remain unpatched, and it is almost impossible to authenticate with a regular password on Outlook mail servers.

If you try to authenticate with a regular password, for example, the Outlook SMTP server will respond with this error:

535 5.7.139 Authentication unsuccessful, basic authentication is disabled.

and the Outlook IMAP server will respond with this one:

001 NO AUTHENTICATE failed.

To some extent, this also affected MailBot, since the verification of recovery emails in the program is carried out via the IMAP protocol.

In connection with this, a new setting “Authentication” appeared in the recovery email source settings window in MailBot, which is a list with two values:

  • Plain password
  • OAuth2

New authentication method setting for IMAP in MailBot

When connecting Outlook accounts as recovery emails, you now need to select only OAuth2, and the format of the recovery emails in the file should look like Read more »

tavel \\ , , , , , , , , , , , , , ,

Nov 06

MailBot has been updated to version 15.68.

Outlook/Hotmail

Activation of two-factor authentication (2FA) in accounts via TOTP has been implemented. After successful activation, a secret key will be stored along with the account data, which has the following form: 3hmkerjjj6cw7kfi3

It is absolutely not necessary to use the Microsoft/Google Authenticator app to get the code from this key, on the “Email features” tab in MailBot there is a completely similar code generator, which opens by clicking on the “TOTP…” button.

Without a secret key, it will still be possible to get into the account using, for example, a recovery email, in this case you need to click on the “Sign in another way” link on this form:

Prompt for TOTP code when logging into Outlook account with two-factor authentication enabled

Despite this, it is strongly not recommended to uncheck the “OTP secret key” box on the “Export” tab, since TOTP is the fastest and most stable confirmation method.

The checker can now also bypass 2FA via TOTP if the account string has a secret key. If there is no secret key, but there is a recovery email with a password, the checker will still be able to authorize in the account by receiving an email with a confirmation code.

Attention! So far 2FA activation is implemented only after adding a recovery email to the account. Activation after phone number verification is planned in the next versions of MailBot.

Attention! After enabling 2FA in your account, it becomes possible to authorize via POP3/IMAP/SMTP only with app password, so this password is created automatically and saved along with the account data.

The application password looks like this: lbtmyfqaycrgsvxn
It is easy to confuse it with Read more »

tavel \\ , , , , , , , , , , , , , , , , , , ,

Aug 29

MailBot has been updated to version 15.33.

Instead of a patchwork of changes for all email providers, which is hard to read, let’s try to break down changelogs by email provider. Please send your opinions in which form you prefer to read the changelog.

Outlook/Hotmail

Implemented adding and verifying a recovery email in the creator, in the signup mode without phone verification. Previously, this was implemented only in the unlocker.

Verifying a phone number to enable SMTP is not necessary now, verifying the recovery email gives the same trust to the account as verifying the phone.

During the process two letters with confirmation codes are received on the recovery email, this is normal.

Creation of aliases is implemented in Outlook creator, checker and unlocker.

Attention! To create aliases in your Outlook account, it must has verified recovery email!

Attention! Outlook now allows you to create only 2 account aliases and only on the outlook.com domain!

The checker now is able to create Outlook mailboxes for Microsoft accounts created via phone number:

"Add your email" form when logging into an Outlook account via phone number

This allows you to finish creation of mailboxes for accounts in format +380983524927:V5p9axnJc, which were previously saved in “partially created” files.

When creating accounts via phone number, creator now updates Read more »

tavel \\ , , , , , , , , , , , , , , , , , , , , ,

Sep 15

MailBot has been updated to version 14.26.

Important! For successful creation of WP.pl/O2.pl accounts, it is necessary to use dictionaries of exactly Polish names and surnames. Such dictionaries are supplied with MailBot, they can be found in the “Dic” folder, filenames start with “PL_…”.

Important! WP.pl/O2.pl allow account creation only from European IP addresses.

WP.pl and O2.pl now activate paid account features for free for 7 days after account creation. For example, this makes it possible to enable forwarding:

Enabled forwarding setting in WP.pl account

You can enable forwarding activation on created/checked accounts in the “Enable forwarding” panel on the “Accounts” tab in MailBot.

WP.pl/O2.pl creators and checkers now handle notification about Read more »

tavel \\ , , , , , , , , , , ,