Waqti dheer lagu dhawaaqay - hadda xaqiiqo : Microsoft waxay damisay xaqiijinta erayga sirta ah ee borotokoollada qaarkood ee Exchange Online laga bilaabo Sebtembar 2022 iyada oo door bideysa oAuth2. Arrimaha GitHub ee maktabado badan iyo qoraalo kayd ah ayaa caddaynaya in isbeddelku uu la yaabay maamulayaal badan. Hoos waxaan ku tusineynaa hab aad ku sii wadi karto gelitaanka macluumaadka ku jira sanduuqaaga beddelka adoo kaashanaya oAuth2 adoo adeegsanaya PHP adoo isticmaalaya IMAP.
Marka la eego dhinaca amniga, tallaabada Microsoft waa mid aad u sax ah, laakiin kakanaanta barnaamijka gelitaanka e-mailkeeda ayaa xoogaa kor u kacay. Tusaale ahaan, haddii aad isticmaasho maktabadda barbushin/php-map- ka oo si weyn loo isticmaalo, gelitaanku wuxuu ahaan jiray sidan soo socota:
734a82898010e2fcb02c72c3cd9702c2
Kaliya ma shaqaynayso. Si loo sameeyo xiriir iyada oo loo marayo oAuth2, dhibka ugu horreeya waa in la helo calaamadda gelitaanka. Taasna waa inaad ku qaadaa laba caqabadood.
Tusaha Firfircoon ee Azure
Tallaabooyinka soo socda waxay iska diwaangelinayaan abka cusub ee Azure Active Directory:
PowerShell
Hadda waxaan u rogeynaa app-ka gudaha Microsoft PowerShell (Qaabka maamulka) oo u qoondee ogolaanshaha sanduuqyada boostada ee gaarka ah (<TENANTID>, <CLIENTID>, <OBJECTID>, <EMAIL> waa in la bedelaa xaalad kasta):
Install-Module -Name ExchangeOnlineManagement
Import-Module ExchangeOnlineManagement
Connect-ExchangeOnline -Organization <TENANTID>
New-ServicePrincipal -AppId <CLIENTID> -ServiceId <OBJECTID>
Add-MailboxPermission -Identity "<EMAIL>" -User <OBJECTID> -AccessRights FullAccess
...Markaad taas sameyso, inta soo hartay maaha cilmiga gantaalaha. Maadaama barbushin/php-imap- ka uusan taageerin oAuth2, waxaad ku xiri kartaa maktabadda kale ee Webklex/php-map (taas oo sidoo kale faa'iido u leh inaysan u baahnayn moduleka PHP IMAP ).:
734a82898010e2fcb02c72c3cd9702c2
Si kastaba ha ahaatee, maktabadaha aan si rasmi ah u taageerin oAuth2 sidoo kale waxaa loo isticmaali karaa wakiil sida simonrob/email-oauth2-wakiil ka dhig mid shaqayn kara. Intaa ka dib Download iyo rakibidda via python -m pip install -r requirements-no-gui.txt (Python ≥3.6 ayaa loo baahan yahay) waxaad tafatirtay faylka emailproxy.config tusaale sida soo socota (oo bedelaya wakhtigan <TENANTID>, <CLIENTID>, <CLIENTSECRET> iyo <EMAIL>):
[Server setup]
[IMAP-1993]
local_address = localhost
server_address = outlook.office365.com
server_port = 993
[Account setup]
[<EMAIL>]
token_url = https://login.microsoftonline.com/<TENANTID>/oauth2/v2.0/token
oauth2_scope = https://outlook.office365.com/.default
redirect_uri = http://localhost:8080
client_id = <CLIENTID>
client_secret = <CLIENTSECRET>Markaa waxaad ku bilaabaysaa wakiilka python emailproxy.py --no-gui oo hadda aadi kartaa IP-ga oo aan qarsoodi ahayn localhost dekedda 1993 ku xidho aqoonsiga aasaasiga ah ee caadiga ah (iyo furaha sirta ah ee la dhigo). Haddii aad rabto in aad bilawdo wakiil ahaan adeeg ahaan xagga dambe marka aad bilowdo nidaamka, waxaad isticmaali kartaa, tusaale ahaan habaysan:
sudo systemctl edit --force --full emailproxy.service
[Unit]
Description=Email OAuth 2.0 Proxy
[Service]
ExecStart=/usr/bin/python /path/to/emailproxy.py --no-gui
Restart=always
[Install]
WantedBy=multi-user.target
sudo systemctl enable emailproxy.service --now
sudo systemctl status emailproxy.service
sudo systemctl start emailproxy.serviceHaddii loo baahdo xiriir qarsoodi ah, tani sidoo kale waa suurtagal - tan waxaad marka hore abuurtaa fure gaar ah iyo shahaado iskiis u saxiixday.:
openssl genrsa -out key.pem 3072
openssl req -new -x509 -key key.pem -out cert.pem -days 360
Kadibna tixraac ayaa lagu sameeyaa gudaha emailproxy.config labadan fayl:
local_key_path = /path/to/key.pem
local_certificate_path = /path/to/cert.pemDirista emaylka
Qof kasta oo doonaya inuu emaillo barnaamij ahaan ugu diro Microsoft Exchange Online ayaa sidoo kale wajahaya isbeddel aasaasi ah: Microsoft waxay joojisay aqoonsiga magaca isticmaalaha iyo erayga sirta ah ee caadiga ah ee SMTP ee Exchange Online. Waxa lagu gaaray dhowr sadar oo kood ah sannado hadda waxay u baahan tahay in loo weeciyo OAuth2 - oo ay ku jiraan diiwaangelinta abka ee Azure Active Directory, shahaadooyinka, iyo maaraynta calaamadaha. Waxaan hirgelin karnaa isla habka loo diro emayllada, marka lagu daro helitaanka.
Dirista SMTP iyada oo loo marayo Microsoft Exchange 365 waxay raacdaa isla mabda'a marin u helidda IMAP: Tan iyo markii la joojiyay Xaqiijinta Aasaasiga ah, ma jirto beddel kale oo loo heli karo OAuth2. Ka dib marka lagu daro ogolaanshaha "SMTP.SendAsApp" diiwaangelinta abka Azure iyo bixinta oggolaanshaha maamulaha, dirista waxaa la samayn karaa, tusaale ahaan, iyadoo... PHPMailer Tan waa la hirgeliyay. Halkii si fudud loogu gudbin lahaa magaca isticmaalaha iyo erayga sirta ah sidii hore, xaqiijinta ka dhanka ah server-ka SMTP hadda waxay isticmaashaa calaamad marin u helid ah. smtp.office365.com:
734a82898010e2fcb02c72c3cd9702c2
Dadaalka dejinta dheeraadka ah ayaa marka hore u ekaan kara mid adag, laakiin waxay faa'iido u yeelan kartaa mustaqbalka fog: Xaqiijinta ku salaysan OAuth2 ayaa si weyn uga ammaan badan, maadaama aan loo baahnayn in lagu kaydiyo ereyada sirta ah ee qoraalka cad faylasha qaabeynta ama qoraallada - calaamadda gelitaanka sidoo kale waxay noqon kartaa mid waqti xaddidan leh oo oggolaanshaheeda lagu xakameeyo saxnaan weyn. Sidoo kale waa mudan in halkan lagu xuso maktabadda mailhelper , oo bixisa API ku habboon helitaanka iyo dirista emayllada.