Status of support for hotmail/outlook.com/live.com email addresses?

[pjbingham]

I'm trying to use DavMail as a workaround to connect a hotmail/outlook.com/live.com email account to a Linux email client that doesn't, in itself, support OAuth, 2FA, etc.

Is it even appropriate for this use case? If it is, even if only experimentally, what settings are recommended that should theoretically work? Asking to try to separate whether there's something about my environment that's getting in the way, from not having it configured correctly in the first place.

Environment:

• Fedora 43 Workstation, default GNOME running an extension so I can see system tray icons if I want to (but see below)
• DavMail 6.6.0-4012, flatpak, from flathub
• Email address that started life as a hotmail address but now has an outlook.com address as its primary. 2FA enabled - I wouldn't have it any other way...

I'm aware of:

• Unable to sign in with Microsoft account. Wrong API version. #430 &
• Graph: Implement Graph backend to eventually replace EWS and support outlook.com access #404.

...which I imagined was the most up-to-date 'right way', but counterintuitively, I seemed to get further working around the OAuth version issues by modifying the redirect URL along these lines:

• https://sourceforge.net/p/davmail/discussion/644057/thread/67030a19f4/
• Is this project dead? Need Graph API backend and token username is also broken. #368

... but I didn't succeed, per se, in either case, so the latter could just be a red herring. At the end of the day, I don't know enough about this stuff to rule out this being a noob question.

Config: see attached properties file for config as of now, but, as per above, I've tried a number of other permutations previously.

davmail.properties.txt - .txt added for github's benefit.

Note, ports changed to 1144/1026 to deconflict it from an also-running protonmail bridge that's listening on the default ports, but I think that's neither here nor there.

Part of the issue is I don't understand the finer distinctions between the protocols. My instinct was O365Modern was the best match to what I was trying to do, but several articles pointed me to Interactive instead. On another occasion, I got as far as getting a code to enter into the dialog, but the client didn't seem to recognise I'd successfully logged in, and so on...

Putting all that aside and returning to the graph approach - davmail.enableGraph=true &
davmail.enableOidc=true & O365Modern (and using the account's normal password in the client) - here's what happened when I tried to set up the email account in the client:

• started DavMail with a no-tray override so I could see what was happening: flatpak run org.davmail.DavMail -notray
• hit 'create' on adding the outlook.com account to the client with email address and normal password
• no window of any kind appeared, but I was prompted to approve a sign-in (with a five-letter code) in MS Authenticator - fine, but nothing showed me the code to compare it to.
• approved sign-in anyway, passed biometrics, and everything seemed to proceed correctly on that side, however
• while I was doing that, both DavMail gateway and the email client more-or-less instantly (i.e. before I acted on the authenticaor notification) reported the login as failed (i.e. can't create the account).

Hopefully, that blow-by-blow is useful. Here's the log file (sans redacted personal info - hopefully I caught all):

davmail.log

Let me know if you need any other info. Happy to act as a 'crash test dummy' and try things out if this is a work in progress, and that would be helpful, but otherwise probably going to give up for now.

Appreciate the effort put into such tools, however. Thankless work, I imagine.

[esabol]

Are you using the recently released DavMail 6.6.0, @pjbingham ?

I would think you need davmail.outlookUrl=https://outlook.live.com/ or something like that, and I don't see it in your davmail.propoerties file. But take that with a grain of salt because I don't use live.com or hotmail.com email. I'm just an interested observer.

[pjbingham]

@esabol , yes - as per above.

And, good thought - it hadn't occurred to me that hotmail/outlook.com/live.com might be considered a non-standard tenant, but in hindsight I imagine it probably is in this case.

It didn't help that I missed this bit on the server setup page (probably because I hadn't made the connection before now)*:

# optional: non-standard tenants
#davmail.tld=us
# login url, default https://login.microsoftonline.com, China https://login.chinacloudapi.cn
#davmail.loginUrl=https://login.microsoftonline.com
# Outlook O365 url, default https://outlook.office365.com, China https://partner.outlook.cn
#davmail.outlookUrl=https://outlook.office365.com

I made that last line explicit and tried it with your suggested URL, and indeed the default, just to see, and...

It still didn't work, but I got a different message this time:

2026-04-22 20:43:32,145 DEBUG [davmail.imap.ImapServer] davmail - Connection from /127.0.0.1 on port 1144
2026-04-22 20:43:32,355 INFO [davmail.imap.ImapServer] davmail.connection - CONNECT - 127.0.0.1:45176
2026-04-22 20:43:33,231 DEBUG [ImapConnection-45176] davmail.http.DavGatewaySSLSocketFactory - createSocket outlook.office365.com 443
2026-04-22 20:43:33,750 DEBUG [ImapConnection-45176] davmail.exchange.ExchangeSession - Test configuration status: 401
2026-04-22 20:43:33,765 DEBUG [ImapConnection-45176] davmail - > * OK [CAPABILITY IMAP4REV1 AUTH=LOGIN MOVE SPECIAL-USE UIDPLUS] IMAP4rev1 DavMail 6.6.0-4012 server ready
2026-04-22 20:43:33,767 DEBUG [ImapConnection-45176] davmail - <
H�7&鈉��+�j���UOnα�� Y�Tǩ� l(��HWp��J��f��R�� q���H��ōG�:�0̨��/��,��̩� 2026-04-22 20:43:33,860 DEBUG [ImapConnection-45176] davmail - > H�7&鈉��+�j���UOnα�� Y�Tǩ� BAD command authentication required
2026-04-22 20:43:33,862 WARN [ImapConnection-45176] davmail.imap.ImapConnection - Client closed connection
2026-04-22 20:43:33,864 INFO [ImapConnection-45176] davmail.connection - DISCONNECT - 127.0.0.1:45176

No 2FA prompts this time either - so arguably that made it worse... although I have no idea why.

'* Note that while I took that excerpt above - and several other things I tried - from the server setup page, I'm not trying to run it as a server, per se, for avoidance of doubt. System tray is good enough for me once I get that far (for now, I'm running it in the foreground so I can see its messages).

[mguessan]

First you need to disable SSL in your IMAP client, or setup an SSL certificate in DavMail, this will fix the initial BAD command authentication required error.

Then try this configuration in DavMail:

davmail.mode=O365Interactive
davmail.enableGraph=true
davmail.enableOidc=true
davmail.oauth.clientId=facd6cff-a294-4415-b59f-c5b01937d7bd
davmail.oauth.redirectUri=https://login.microsoftonline.com/common/oauth2/nativeclient
davmail.oauth.scope=openid profile offline_access Mail.ReadWrite

A bit more details:

• accessing EWS endpoint with a live.com account never worked, so we need to switch to graph backend first.
• OIDC v2.0 endpoint is mandatory for live.com authentication
• Need interactive authentication to let Microsoft redirect to live.com, handle MFA and get back to O365
• For some reason the classic nativeclient url is mandatory
• Use exactly the provided scope, anything else fails, and the token will have all the actual scopes we need

[pjbingham]

Fantastic! Thanks for getting back to me.

I had about half of those locked in, but I would never have come up with the last lines. Don't know enough about the intricacies of Microsoft's technologies in this space, nor have any inclination to...

Outcome: Progress! With those settings, the client now passes authentication and adds the account.

It doesn't seem to download any email, though. There are a lot of subfolders in the account in question. The messages that appeared in the DavMail window (and thus in the log) seemed to imply it was iterating through them all, but after it did, none of the subfolders, nor even the inbox, appeared in the client. Not sure if it's a client problem or still something to sort in DavMail.

Because DavMail and the microsoft account were talking to each other, there's a lot in the log files this time. Slightly reluctant to send them in full as I'm not confident of redacting all secrets or PII, but scanning through them I don't see anything that looks like an error. It's many repeats of entries of this form:

2026-04-24 16:11:57,489 DEBUG [ImapConnection-44716] davmail.exchange.graph.GraphRequestBuilder - GET https://graph.microsoft.com/beta/me/mailFolders/msgfolderroot?%24expand=singleValueExtendedProperties%28%24filter%3Did+eq+%27Integer+0x6751%27+or+id+eq+%27SystemTime+0x3008%27+or+id+eq+%27String+0x3613%27+or+id+eq+%27SystemTime+0x670a%27%29

(no error messages after any of these - they all seem to have gone through fine)

followed by entries like this (these are the ones I saw tick by in the DavMail window after creating the account in the client):

2026-04-24 16:11:58,472 DEBUG [ImapConnection-44716] davmail - > * STATUS "Private Eye" (MESSAGES 2 RECENT 0 UIDNEXT 5 UIDVALIDITY 1 UNSEEN 0)
2026-04-24 16:11:58,473 DEBUG [ImapConnection-44716] davmail - > a087 OK STATUS completed

("Private Eye" is one the subfolders in the account)

followed by many entries of this form (which I assume to be individual emails):

2026-04-24 16:12:03,660 DEBUG [ImapConnection-44716] davmail.exchange.ExchangeSession - Message IMAP uid: 6362 uid: ...

The last few rows of the log file after closing the client (I've removed the long strings after "uid" in those rows - I presume that's not throwing away anything informational):

2026-04-24 16:14:01,164 DEBUG [ImapConnection-44716] davmail.exchange.ExchangeSession - Message IMAP uid: 59 uid: 2026-04-24 16:14:01,164 DEBUG [ImapConnection-44716] davmail.exchange.ExchangeSession - Message IMAP uid: 494 uid:
2026-04-24 16:14:01,164 DEBUG [ImapConnection-44716] davmail.exchange.ExchangeSession - Message IMAP uid: 518 uid:
2026-04-24 16:14:01,170 DEBUG [ImapConnection-44716] davmail - > * STATUS "Trike" (MESSAGES 2408 RECENT 0 UIDNEXT 3581 UIDVALIDITY 1 UNSEEN 0)
2026-04-24 16:14:01,172 DEBUG [ImapConnection-44716] davmail - > a112 OK STATUS completed
2026-04-24 16:14:01,173 WARN [ImapConnection-44716] davmail.imap.ImapConnection - Client closed connection
2026-04-24 16:14:01,174 INFO [ImapConnection-44716] davmail.connection - DISCONNECT - 127.0.0.1:44716

("Trike" is another subfolder in the account)

@mguessan is there anything further I could send you, or you could direct me to look for, that will help us confirm DavMail is behaving correctly and the issue is something to do with the client?

Thanks again, in advance, for your help.

By the way, the SSL issues you saw in the previous output were a bit of a red herring. The client insists on trying (and failing) to connect with TLS before surfacing any controls that allow that to be changed. Once it does, I set it to "no encryption" on the basis that's probably fine, as the traffic in question is just between the client and DavMail, both running on the same machine.

---

The bit that did work, in more detail, for the benefit of anyone else following behind and looking this up:

• the process of adding the account to the client triggers the authorisation in DavMail.
• with the settings above, I was prompted for the 2nd factor on my account (properly this time), so presumably my decision to create the account with its normal password (as opposed to an app password - no longer possible - or a dummy) was the correct one. DavMail passes it through to the authentication process, I presume? 2nd factor = notification and prompt in Microsoft's authenticator app, in this case. I haven't tested passkeys or Time-based One-Time Passwords (TOTP).
• after approving the 2nd factor, I was prompted for and able to grant DavMail various permissions in the following microsoft page.
• OKing that resulted in an AES token being added to the bottom of the davmail.properties file.
• the client failed to create/add the account setup because it doesn't know the status of the process I just described, and so fails without waiting for it to complete, but this isn't an issue because it goes through fine on the second try (2nd time around, all the necessary permissions are in place, so it's happy).

[esabol]

Try the most recent trunk build. @mguessan has made some changes there recently that might help. https://github.com/mguessan/davmail#trunk-builds

If it doesn't, I recommend changing all the "wire" settings in your davmail.properties file to "DEBUG". Restart DavMail and then have your IMAP client try to fetch mail. That will give you a much more detailed log that will be useful for @mguessan to use to debug the issue. Just be sure to sanitize the log of anything related to your credentials before posting the log file here.

[esabol]

Also, if you need TOTP, support for that was recently merged and is in the trunk builds. See #445 for the davmail.properties settings needed for that.

[mguessan]

@pjbingham the logs you describe look correct.

It seems your email client is trying a full sync, you may want to reduce which folders it tries to fully sync.

In addition there is a folderSizeLimit in davmail settings to force it to ignore messages above a certain threshold.

Please note that the new Graph backend is still experimental at this point, not much experience on it with large mailboxes yet

[pjbingham]

@mguessan , yes, a full sync was the goal. Looking ahead to a more modest goal, I'm not sure if I can control which folders it tries to sync - it never managed to enumerate them in the first place. Are there any limits in DavMail on the number of folders? There are quite a few in that account.

While I don't think many, if any, of the folders contain a particularly large number of emails, I'll try setting the client to only pull down a recent history (say, 1 month), in case that helps. Will report back.

Yes, aware of the Graph backend's status - hence appropriately adjusted expectations (!) and standing offer to test anything new you try (while I can't otherwise give this a lot of focus, always happy to "wake up" again and take a look at anything you'd like me to, if that would be helpful?).

[mguessan]

I never hit limit on folder tree before, you must have lot if you manage to hit it!

Anyway I tried to improve folder search by fetching id only on most requests, this should help.

On your side you should have a place to select IMAP synced folders.

And specificalle for thunderbird it's a good idea to disable global search.

[pjbingham]

@mguessan I'm not sure I did hit a folder tree limit. Was just wondering if there was one (e.g. that you'd configured in DavMail). Sounds like no, though, so the fact the client isn't retrieving any folders, which means I can't pick and choose which I want to sync and not, isn't down to a deliberatly imposed limit. The client I'm testing - geary - is pretty basic, however. It may be some kind of limitation at its end. When I get a spare moment, I'll try another client with DavMail. If I get the same result on that one too, I'll report back.