Support Questions

PriyankaMondal · ‎01-08-2025

Hi Team,

I am getting Authentication Error in ConsumeIMAP 1.23.2and ConsumePOP3 1.23.2 processor. Details are descrideb as below:
Hostname : outlook.office365.com

Port : 995( For POP3)/993 (For IMAP)

Autherization Mode : OAUTH2 (Also Manually verified using the details of autherization serverURL and clientID/Secret, it has all relevant access to generate token)

Error Details:

ConsumePOP3[id=x3603x64-5f1c-1219-xxxx-xxxx34ffc1] Processing failed: org.apache.nifi.processor.exception.ProcessException: Failed to receive messages from Email server: [javax.mail.AuthenticationFailedException - Read timed out - Caused by: javax.mail.AuthenticationFailedException: Read timed out

Shelton · ‎03-21-2025

@PriyankaMondal
Looking at your error message log, I can see you're experiencing authentication timeouts with ConsumeIMAP and ConsumePOP3 processors when connecting to Microsoft Office 365 services.
Possible Blockers
Timeout Issue
The primary error is "Read timed out" during authentication, which suggests the connection to Office 365 is being established but then timing out during the OAUTH2 handshake.
Microsoft 365 Specific Considerations
Microsoft has specific requirements for modern authentication with mail services and has been deprecating basic authentication methods.
Processor Configuration
Using OAUTH2 authentication mode, is correct for Office 365, but there may be issues with the token acquisition or timeout settings.

Possible solutions
1. Check timeout settings

Spoiler

# Add these properties to your processor configuration
mail.imap.connectiontimeout=60000
mail.imap.timeout=60000
mail.pop3.connectiontimeout=60000
.pop3.timeout=60000

# Add these properties to your processor configurationmail.imap.connectiontimeout=60000mail.imap.timeout=60000mail.pop3.connectiontimeout=60000 .pop3.timeout=60000

2. Verify Modern Authentication settings
Ensure the account has Modern Authentication enabled in Microsoft 365 Admin Center
Verify the application registration in Azure AD has the correct permissions

IMAP.AccessAsUser.All for IMAP
POP.AccessAsUser.All for POP3
offline_access scope for refresh tokens

3. Update NiFi Mail Libraries
NiFi's default JavaMail implementation might have compatibility issues with Office 365. Try:

Updating to the latest version of NiFi (if possible)
Or add Microsoft's MSAL (Microsoft Authentication Library) JAR to NiFi's lib directory

4. Use a Custom SSL Context Service

Microsoft servers might require specific TLS settings

Spoiler

# Create a Standard SSL Context Service with:
Protocol: TLS
# Add to Advanced Client settings for the processor

# Create a Standard SSL Context Service with:Protocol: TLS# Add to Advanced Client settings for the processor

5. Alternative Approach: Use Microsoft Graph API

Since Microsoft is moving away from direct IMAP/POP3 access, consider:

Using InvokeHTTP processor to authenticate against Microsoft Graph API
Use the Graph API endpoints to retrieve email content

6. Check Proxy Settings

If your environment uses proxies

Spoiler

# Add these properties
mail.imap.proxy.host=your-proxy-host
mail.imap.proxy.port=your-proxy-port
mail.pop3.proxy.host=your-proxy-host
mail.pop3.proxy.port=your-proxy-port

# Add these propertiesmail.imap.proxy.host=your-proxy-hostmail.imap.proxy.port=your-proxy-portmail.pop3.proxy.host=your-proxy-hostmail.pop3.proxy.port=your-proxy-port

7. Implementation Steps

Update the processor configuration with extended timeout values
Verify OAuth2 settings in the processor match exactly with your Azure application registration
Check Microsoft 365 account settings to ensure IMAP/POP3 is enabled with Modern Authentication

Consider implementing a token debugging flow using InvokeHTTP to validate token acquisition separately

Happy hadooping

Cloudera Community

Support Questions

Apache Nifi IMAP/POP3 authentocation Error