Share via

We can't successfully authenticate SMTP user from webcode, to send confirmation email to end user.

David Siegfried 20 Reputation points
2025-03-31T18:12:02.33+00:00

We have a web form running in a web app on Azure, that sends a confirmation email to the public user who submits information using the form. It's been working fine for years, then started returning this:

The SMTP server requires a secure connection or the client was not authenticated. The server response was: 5.7.57 Client not authenticated to send mail. Error: 535 5.7.139 Authentication unsuccessful, user is locked by your organization's security defaults policy. Contact your administrator.

The first thing we tried was turning off MFA for all users in Entra then setting up a conditional security policy requiring MFA for all users except this one, but that didn't change the error message. At all times in this process, sending mail from that user on office365 has worked fine.

Here's the old code:

(the sender Password has been stored in the database, but we also manually tried a new explicit password recently created as well.) 

'code that used to work fine

Dim mailMessage As New MailMessage()

mailMessage.[To].Add(New MailAddress(Request.Form("Email").ToString()))

mailMessage.[Bcc].Add("******@gmail.com")

mailMessage.From = New MailAddress("******@ibp.org")

mailMessage.Subject = "Funding and Research Opportunities"

mailMessage.Body = "body"

Dim smtp As New SmtpClient

smtp.UseDefaultCredentials = False

smtp.Credentials = New Net.NetworkCredential("******@ibparticipation.org", pswd)

smtp.Host = "smtp.office365.com"

smtp.Port = 587

smtp.EnableSsl = True

smtp.Send(mailMessage)

Then I found a solution on the web that required setting up a Communications Service Resource in Azure and a custom role to which we assigned the web mail user, as per these instructions:

https://learn.microsoft.com/en-us/azure/communication-services/quickstarts/email/send-email-smtp/smtp-authentication

NEW CODE

'new code

Dim smtp As New SmtpClient

smtp.UseDefaultCredentials = False

smtp.Credentials = New Net.NetworkCredential("<Our ACS Resource name>|<Our Microsoft Entra Application ID>|<Our Microsoft Entra Tenant ID>","<PW (from Microsoft Entra application's client secret)>")

smtp.Host = "smtp.azurecomm.net"

smtp.Port = 587

smtp.EnableSsl = True

smtp.Send(mailMessage)

This returns a new error

Syntax error in parameters or arguments. The server response was: 5.1.7 The specified sender domain has not been linked.

I see additional info online about (1) creating an "Email Communication Resource" in Azure linked to <Our ACS Resource name>, and (2) about linking an existing or a custom domain to <Our ACS Resource name>. My apologies, but I'm a little out of my depth with all these new concepts (accessing the SMTP process on the web server was very straight-forward!).

My organization uses Office365.com for our mail services. Does this count as a custom domain, and do I really need to do items 1 and 2 above to get this working, or is there a simpler way to send a confirmation email from our webform?

 

Azure Communication Services
Azure Communication Services
An Azure communication platform for deploying applications across devices and platforms.
1,242 questions
Accepted answer
  1. Bhargavi Naragani 6,130 Reputation points Microsoft External Staff Moderator
    2025-03-31T19:56:33.88+00:00

    Hi @David Siegfried,

    The error messages you're encountering suggest that there are issues with authentication and domain linking for sending emails via SMTP.

    1. The error message "535 5.7.139 Authentication unsuccessful, user is locked by your organization's security defaults policy" indicates that the user account you are using to send emails may be affected by security policies. You mentioned trying to disable MFA and setting up conditional access policies, but if the user is still locked, you may need to check the security defaults settings in Azure and ensure that the user is not being blocked by any policies. Even with MFA enabled, you can allow SMTP authentication for specific accounts: Navigate to the Microsoft 365 Admin Center, select Users => Active users and choose the relevant user account.​ Under the "Mail" tab, click on Manage email apps, make sure that Authenticated SMTP is enabled.
    2. The new error "5.1.7 The specified sender domain has not been linked" suggests that the domain you are trying to send from (e.g., ******@ibparticipation.org) is not properly linked to the Azure Communication Services (ACS) resource. To resolve this, you will need to: Create an "Email Communication Resource" in Azure and then link your existing domain (the one you use for Office 365) to this ACS resource. This is necessary for the ACS to send emails on behalf of your domain.

    Given that your organization uses Office 365, you will indeed need to perform these steps to ensure that your domine is recognized and authorized to send emails through the ACS.

    If you prefer a simpler way to send confirmation emails without setting up the ACS, you might consider reverting to using the Office 365 SMTP server (smtp.office365.com) and ensuring that the SMTP client authentication is enabled for the mailbox you are using. You can check this using PowerShell commands to verify that SMTP client authentication is enabled for the user account.

    Kindly refer to the below links for better understanding:
    Fix issues with SMTP AUTH client submission
    Quickstart: How to create authentication credentials for sending emails using SMTP
    https://learn.microsoft.com/en-us/answers/questions/512954/535-5-7-139-authentication-unsuccessful

    If the answer is helpful, please click Accept Answer so that other people who faces similar issue may get benefitted from it.

    Let me know if you have any further Queries.

    1 person found this answer helpful.
    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.