Notification email with office 365

I´m in the same boat...
Has anybody tried Oauth2Proxy?
I´m using it for an ERP system that doesn´t support Oauth2 and it´s working.
Python must be installed for it to work.
 
  • Like
Reactions: devaux
I gave it a try today but i get an error when trying to start the proxy.
I´m not sure if it is a good idea anyway. While installing python, there was a message that the server is externally managed and that python is installed under the root user.
Here´s what i have done so far:
Code:
apt-get update && apt-get upgrade -y
apt install -y git python3-pip
rm /usr/lib/python3.11/EXTERNALLY-MANAGED
git clone https://github.com/simonrob/email-oauth2-proxy/
cd email-oauth2-proxy
apt install python3.11-venv
python3 -m venv .env
python3 -m pip install -U pip
python3 -m pip install -r requirements-core.txt
systemctl edit --force --full emailproxy.service
Add the following text and save:
[Unit]
Description=Email OAuth 2.0 Proxy

[Service]
ExecStart=/root/email-oauth2-proxy/.env/bin/python3 /root/email-oauth2-proxy/emailproxy.py --external-auth --no-gui
Restart=always

[Install]
WantedBy=multi-user.target
When i try to start the proxy, i get the following error:

Code:
root@pve:~/email-oauth2-proxy# /root/email-oauth2-proxy/.env/bin/python3 /root/email-oauth2-proxy/emailproxy.py --external-auth --no-gui
Traceback (most recent call last):
  File "/root/email-oauth2-proxy/emailproxy.py", line 55, in <module>
    from cryptography.fernet import Fernet, MultiFernet, InvalidToken
ModuleNotFoundError: No module named 'cryptography'
root@pve:~/email-oauth2-proxy#
I already tried to reinstall the cryptography module as suggested by various websites but that didn´t change a thing.
Any suggestions..?
 
I gave it a try today but i get an error when trying to start the proxy.
I´m not sure if it is a good idea anyway. While installing python, there was a message that the server is externally managed and that python is installed under the root user.
Here´s what i have done so far:
Code:
apt-get update && apt-get upgrade -y
apt install -y git python3-pip
rm /usr/lib/python3.11/EXTERNALLY-MANAGED
git clone https://github.com/simonrob/email-oauth2-proxy/
cd email-oauth2-proxy
apt install python3.11-venv
python3 -m venv .env
python3 -m pip install -U pip
python3 -m pip install -r requirements-core.txt
systemctl edit --force --full emailproxy.service
Add the following text and save:
[Unit]
Description=Email OAuth 2.0 Proxy

[Service]
ExecStart=/root/email-oauth2-proxy/.env/bin/python3 /root/email-oauth2-proxy/emailproxy.py --external-auth --no-gui
Restart=always

[Install]
WantedBy=multi-user.target
When i try to start the proxy, i get the following error:

Code:
root@pve:~/email-oauth2-proxy# /root/email-oauth2-proxy/.env/bin/python3 /root/email-oauth2-proxy/emailproxy.py --external-auth --no-gui
Traceback (most recent call last):
  File "/root/email-oauth2-proxy/emailproxy.py", line 55, in <module>
    from cryptography.fernet import Fernet, MultiFernet, InvalidToken
ModuleNotFoundError: No module named 'cryptography'
root@pve:~/email-oauth2-proxy#
I already tried to reinstall the cryptography module as suggested by various websites but that didn´t change a thing.
Any suggestions..?

Edit: that error is solved. The proxy itself is running now. I´ll continue tomorrow.
 
It works!
Here´s, how to do it. You need to register a new app in entra (azure). This will generate redirect uri, client id and client secret that is needed to setup the proxy. I haven´t documented that part yet, i may do so later. You can find the missing information via google easily (Entra register app...).

Code:
PVE notification target configuration
[ATTACH type="full"]72174[/ATTACH]

Oauth 2 proxy installation and configuration
apt-get update && apt-get upgrade -y
apt install -y git python3-pip
rm /usr/lib/python3.11/EXTERNALLY-MANAGED
git clone https://github.com/simonrob/email-oauth2-proxy/
cd email-oauth2-proxy
apt install -y python3.11-venv
python3 -m venv .env
source .env/bin/activate
python3 -m pip install -U pip
python3 -m pip install -r requirements-core.txt

Add account:
nano /root/email-oauth2-proxy/emailproxy.config

Insert und save (use your own e-mail address and data from entra instead of xxxx):
[admin@xyz.com]
permission_url = https://login.microsoftonline.com/common/oauth2/v2.0/authorize
token_url = https://login.microsoftonline.com/common/oauth2/v2.0/token
oauth2_scope = https://outlook.office365.com/IMAP.AccessAsUser.All https://outlook.office365.com/POP.AccessAsUser.All https://outlook.office365.com/SMTP.Send offline_access
redirect_uri = https://login.microsoftonline.com/common/oauth2/nativeclient
client_id = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
client_secret = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Starting the proxy manually:
/root/email-oauth2-proxy/.env/bin/python3 /root/email-oauth2-proxy/emailproxy.py --external-auth --no-gui

Send a test e-mail:
[ATTACH type="full"]72175[/ATTACH]

OAuth2 proxy authentication:
Follow the instructions shown in the terminal: Copy the URL that is shown in the terminal and paste it into the address field of your browser (private tab recommended). Log in to your O365 account. You should see a blank/white page. Copy that URL, paste it into the terminal and press enter. Wait a few seconds and stop the proxy with STRG+C.

Run proxy automatically at startup:
sudo systemctl enable --now emailproxy
systemctl edit --force --full emailproxy.service

Insert and save:
[Unit]
Description=Email OAuth 2.0 Proxy

[Service]
ExecStart=/root/email-oauth2-proxy/.env/bin/python3 /root/email-oauth2-proxy/emailproxy.py --external-auth --no-gui
Restart=always

[Install]
WantedBy=multi-user.target

Reboot your PVE Server and send a test e-mail once again.
 

Attachments

  • img1.png
    img1.png
    92.9 KB · Views: 21
  • img2.png
    img2.png
    71.1 KB · Views: 20
Last edited:
  • Like
Reactions: devaux
Thats strange...
It works when sending a test e-mail via the webui but it doesn´t work for my backup job, even though the log says the mail was sent:
INFO: notified via target `<admin@xyz.com>`

Atm, i have no clue why.
 
I´ll checkout the tool later. It can´t be releated to spam filtering. When i hit the test button, an E-Mail is sent via 0365 SMTP. The e-mail shows up in my mailbox and in the additional recipients mailbox.

It´s the first time i´m using the notification system.
This is my test backup job:
img3.png
Is there anything wrong or anything else ro configure?
 
Unfortunately, it doesn´t work.
To answer my own question: Notification are always sent when a backup job finishes - sheduled or not.
 
Just to check. Your Oauth2Proxy doesn't show any connection/log at the time you get the "email sent" message in your Proxmox-Logs?
 
Sorry for the delay, i´m doing this at work and the task had low priority.
You need to register a new app in entra (azure). This will generate redirect uri, client id and client secret that is needed to setup the proxy. You can find the missing information via google easily (Entra register app...).

I finally got it working, heres how to set it up correctly:

Configure notification target, notification matcher and backup (as an example) according to the attached screenshots.
1724145781950.png

1724145811170.png

Leave the field "send email to" empty!
1724145910779.png

Code:
Oauth 2 proxy installation and configuration:
apt-get update && apt-get upgrade -y
apt install -y git python3-pip
cd /opt
git clone https://github.com/simonrob/email-oauth2-proxy/
cd email-oauth2-proxy
apt install -y python3.11-venv
python3 -m venv .env
source .env/bin/activate
python3 -m pip install -U pip
python3 -m pip install -r requirements-core.txt

Add account:
nano /opt/email-oauth2-proxy/emailproxy.config

Insert und save (use your own e-mail address and data from entra instead of xxxx):
[admin@xyz.com]
permission_url = https://login.microsoftonline.com/common/oauth2/v2.0/authorize
token_url = https://login.microsoftonline.com/common/oauth2/v2.0/token
oauth2_scope = https://outlook.office365.com/IMAP.AccessAsUser.All https://outlook.office365.com/POP.AccessAsUser.All https://outlook.office365.com/SMTP.Send offline_access
redirect_uri = https://login.microsoftonline.com/common/oauth2/nativeclient
client_id = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
client_secret = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Starting the proxy manually:
/opt/email-oauth2-proxy/.env/bin/python3 /opt/email-oauth2-proxy/emailproxy.py --external-auth --no-gui

Send a test e-mail

OAuth2 proxy authentication:
Follow the instructions shown in the terminal: Copy the URL that is shown in the terminal and paste it into the address field of your browser (private tab recommended). Log in to your O365 account. You should see a blank/white page. Copy that URL, paste it into the terminal and press enter. Wait a few seconds and stop the proxy with STRG+C.

Run proxy automatically at startup:
nano /etc/systemd/system/emailproxy.service

Insert and save:
[Unit]
Description=Email OAuth 2.0 Proxy

[Service]
ExecStart=/opt/email-oauth2-proxy/.env/bin/python3 /opt/email-oauth2-proxy/emailproxy.py --external-auth --no-gui
Restart=always

[Install]
WantedBy=multi-user.target

systemctl enable --now emailproxy

Reboot your PVE Server and send a test e-mail once again.
Execute your backupjob. A notification should be sent.
 
Last edited:
Edit: There was a problem with the automatic startup of the service.
It´s fixed, i updated the previous post.
 
Last edited:
  • Like
Reactions: JackL

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!