SMTP submission fails with Office 365 #2427
Description
Describe the bug
Configuring email notifications in ThreatMapper with Microsoft 365 (SMTP) fails with the error:
tls: first record does not look like a TLS handshake
The exact same Microsoft 365 SMTP credentials work in other applications, so this appears specific to ThreatMapper’s SMTP/TLS handling.
To Reproduce
- Go to Settings → email configuration → Add configuration
- Select SMTP as the provider
- Fill in:
- Email/Username:
noreply-threatmapper@company.com - Password: mailbox password
- SMTP server:
smtp.office365.com - Port:
587(also tested with465)
- Email/Username:
- Click Send Test Email
- Observe the error:
tls: first record does not look like a TLS handshake
Expected behavior
ThreatMapper should successfully send the test email using Microsoft 365 SMTP when valid credentials are provided.
Screenshots
Components/Services affected
- UI/Frontend
- API/Backend
- Agent
- Deployment/YAMLs
- CI/CD Integration
- Other (specify)
Additional context
- Microsoft 365 supports:
- Port 587 with STARTTLS (preferred)
- ThreatMapper fails on 587 with the above TLS error, which suggests the client may be attempting implicit TLS on 587 instead of performing a STARTTLS upgrade.
- SMTP AUTH is enabled for the mailbox and the account is licensed.
- Reference Documentation
Environment details
- ThreatMapper version: 2.5.7
- Deployment: Kubernetes - Helm chart
deepfence-console, version: 2.5.7 - Network: outbound TCP 587/465 open from the ThreatMapper host/pod