The error I receive:
Error: Notification has email recipients and is triggered, but sending emails failed. Sending the email to the following server failed : smtp. office365. com:587

My config:

Email transport

transport_email_enabled = true
transport_email_hostname = smtp.office365.com
transport_email_port = 587
transport_email_use_auth = true
transport_email_auth_username = logs@domain.edu
transport_email_auth_password = MyPassword
transport_email_subject_prefix = [graylog]
transport_email_from_email = logs@domain.edu

# Encryption settings
#
# ATTENTION:
#    Using SMTP with STARTTLS *and* SMTPS at the same time is *not* possible.

# Use SMTP with STARTTLS, see https://en.wikipedia.org/wiki/Opportunistic_TLS
transport_email_use_tls = true

# Use SMTP over SSL (SMTPS), see en.wikipedia.org/wiki/SMTPS
# This is deprecated on most SMTP services!
#transport_email_use_ssl = false

What I have tried:

• Setting transport_email_use_auth to FALSE
• Setting transport_email_use_tls to FALSE and transport_email_use_ssl to TRUE
• I have verified that the username and password are correct by (a) browsing in a web browser to Office.com, (b) pasting the email address, and © pasting the password. The email account works with this username and password.
• Read this forum page and verified that the “Sender” field on the Graylog alarms page is the same as the email address as in the server.conf file: How to configure email notifications Office365
• My server.log file has entries like this (I’m not sure if this is relevant/helpful):
  2020-10-12T08:47:57.283-04:00 WARN [AuditEventModelProcessor] REST endpoint not included in audit trail: POST /plugins/org.graylog.enterprise.integrations/office365/inputs
  2020-10-12T08:47:57.283-04:00 WARN [AuditEventModelProcessor] REST endpoint not included in audit trail: POST /plugins/org.graylog.enterprise.integrations/office365/checkSubscriptions
  2020-10-12T08:47:57.284-04:00 WARN [AuditEventModelProcessor] REST endpoint not included in audit trail: POST /plugins/org.graylog.enterprise.integrations/office365/startSubscription

I have looked at other posts on the forum and tried various suggestions, but I’m running out of ideas. It’s probably something embarrassingly simple that I need to change, but I’ve given up.

I just tried this:
echo ‘QUIT’|nc smtp.office365.com 587
220 BL0PR01CA0023.outlook.office365.com Microsoft ESMTP MAIL Service ready at Mon, 12 Oct 2020 21:50:39 +0000

So it appears that port 587 is open and available.

I have now verified that SMTP is enabled for this account:

Name            ActiveSyncEnabled OWAEnabled PopEnabled ImapEnabled MapiEnabled SmtpClientAuthenticationDisabled
----            ----------------- ---------- ---------- ----------- ----------- --------------------------------
logs            True              True       False      False       True        False

Notice that “SmtpClientAuthenticationDisabled” is set to FALSE.

I also went to the notifications area of Graylog, and it had this notification:

" An error occurred while trying to send an email! (triggered 9 minutes ago). The Graylog server encountered an error while trying to send an email. This is the detailed error message: org.apache.commons.mail.EmailException: Sending the email to the following server failed : smtp.office365.com:587 (javax.mail.AuthenticationFailedException: 535 5.7.3 Authentication unsuccessful [MN2PR05CA0048.namprd05.prod.outlook.com] )"

I am guessing “Authentication unsuccessful” can mean more than the username and password being wrong because I just, again, copied and pasted the username and password into Office, and it worked.

I have also setup other apps to use Office 365 as their SMTP server, so I don’t know why I’m having such a hard time with doing it in Graylog.

For future people, I figured it out: in Office 365, new accounts now have Basic Authentication off by default (which is good). To individually enable Basic Authentication for a single account:

Connect to Exchange Online via PowerShell, and run this command:

Set-User -Identity UserIdentity -AuthenticationPolicy PolicyIdentity

The UserIdentity is the email address, and PolicyIdentity is the name of the policy that you want to assign to this email account. This policy needs to enable Basic Authentication for SMTP, so you’ll need to also create this policy. More info here: