Sending emails from devices and applications without OAuth 2.0

Sending emails from devices and application servers has recently become challenging because many SMTP servers require you to use OAuth 2.0, but legacy devices and applications cannot use this mechanism. You can use Xeams to bridge this gap. This page discusses configuring your devices/application servers to send emails to Xeams and deliver those messages through your Google Workspace account.

Use Case

Consider the following scenario:

  • You have an application server or a device, such as a printer, that generates emails. Assume the sender of this email is accounting@yourcompany.com, and the recipient is client@yahoo.com.
  • You're using Google Workspace or Microsoft Exchange Online to handle emails for your organization.
  • This app runs on a network behind a dynamic IP address; therefore, you cannot add your public IP to the configuration for Microsoft or Google.

The Problem

Microsoft and Google publish documents on achieving this goal, but do not provide a solution if your devices/app server are running behind a dynamic IP. Let's discuss these documents and their shortcomings.

Microsoft

Refer to this document, which talks about how to send emails from multifunction devices. The document offers the following three solutions:

  • Option 1 - Authenticate with OAuth 2.0. This option is not viable for many devices and applications that cannot talk OAuth.
  • Option 2 - This option cannot be used behind a dynamic IP address. Most ISPs block outbound port 25.
  • Option 3 - This option also expects you to run behind a dynamic IP, which you add as a connector in Microsoft's configuration.

Google

Similar to Microsoft, Google publishes its recommendations on this page. Let's discuss the options they offer and their shortcomings.

  • Option 1 - This option requires authentication and a static IP address.
  • Option 2 - Although this option does not explicitly mention OAuth, Google's SMTP server will reject user IDs/passwords sent using regular SMTP protocols. This method can only be used if you're using OAuth 2.0.
  • Option 3 - This requires sending email on port 25, which is usually blocked your ISPs. Even if it is open, your messages will end up in the Junk folder.

The bottom line is that sending emails from an office with a dynamic IP address remains challenging.

Solution

Use the following solution to route such emails:

  • Install Xeams inside the same LAN where your application server/device is located.
  • Configure your application server/devices to send outbound emails to Xeams. This can be done without authentication since Xeams and the application server are inside a trusted network.
  • Xeams can authenticate with Google/Microsoft's servers using OAuth 2.0 to deliver emails.

The following diagram shows the flow.

Configuration Instructions

  • Microsoft Exchange Online - Click here for details.
  • Google Workspace - Setting up Google has a few extra steps. Click here for details.

Benefits of Using Xeams

Consider the following benefits when using Xeams in such an environment:

  • No programming change in your legacy application servers. All you need to do is change the configuration of your SMTP server.
  • Access to Xeams will only be available inside your LAN. Therefore, authentication may not be necessary, which makes configuration easier. You can always enable SMTP auth in Xeams for specific scenarios if needed.
  • Built-in troubleshooting tools and logs help you resolve email-related problems quickly.
  • No limits on the number of messages sent out.