Using Thunderbird (SMTP/IMAP) with Microsoft Exchange 365 and Modern Authentication at UMass Amherst

Update 2022-08-04: I’m told that UMass changed its Azure authentication policy in late June, and Thunderbird now once again works out-of-the-box with UMass’s Office 365 mail service.

UMass recently upgraded many of its systems to use OAuth2 and two-factor authentication aka “modern authentication” (without allowing fallback to username/password only, aka “legacy authentication”). As a security nerd, I applaud this move! But it does mean that Thunderbird die-hards in units who use Microsoft Exchange 365 as their mail server, things don’t “Just Work” anymore. IMAP (that is, reading mail) still works, but SMTP (sending mail) does not.

Campus IT doesn’t support Thunderbird, but a friend of mine was able to get Thunderbird working. She kindly agreed to write up her experiences. If you are a kindred spirit, perhaps this will be of help!


Dear Fellow Thunderbird Die-Hards,

If you are a Thunderbird user who hates the thought of being forced to spend half your working day dealing with Microsoft Exchange, you are not alone!

And if you are going nuts because you haven’t yet figured out how to keep using Thunderbird following your department’s conversion to Microsoft Exchange and the (more recent) rigorous enforcement of dual-authentication, read on!

(Note before going further: I use Linux, so it’s possible things may look a little different for you if you use some other operating system.)

When Thunderbird suddenly stopped working a couple weeks ago, I poked around and learned that UMass was now using an authentication method known as “OAuth2” (dual authentication). I fussed with the Thunderbird account settings, changing the authentication method to OAuth2 under Account Settings: Server settings. This seemed to do the trick for incoming mail, but no amount of changing the outgoing server (SMTP) settings made it possible for me to send mail using my UMass account.

Out of desperation, I created a new personal email address and started sending mail from that, but Outlook decided to treat those emails as junk, so UMass colleagues typically weren’t getting my messages. (I’m not quite paranoid enough to believe this was retaliation from Microsoft AI for trying to get around it. Almost, but not quite.)

Then my excellent friend and MSP Co-President Marc Liberatore tipped me off about Exquilla. You have to pay for it, but it’s only around $11 per year. I quickly decided I didn’t mind paying people a bit to help me keep using Thunderbird.

To get Exquilla working for me, here’s what I did:

  1. I updated Thunderbird to the most recent release (91.5.0).

  2. I paid the people at Exquilla (https://www.exquilla.com/) by giving them my name, email address (I used my regular UMass address in both the “Email address” and “Exchange email” fields), and credit card info. I then got a confirmation email saying that I had paid and that it should work automatically without my needing to do anything further. I hope that’s true for you, but it wasn’t for me…

  3. In Thunderbird, I opened “Add-ons and Themes” in the hamburger menu (top right). Under Extensions, I enabled Exquilla for Exchange.

    • I clicked on the wrench icon.
    • I clicked “Add new account manually.”
    • I entered my regular UMass username and password and clicked “Next.”
    • Then came a very frustrating period where I couldn’t get it to work. This is where it needs the Exchange Web Services (EWS) URL. There’s an option to have it auto-detect, but it kept failing. There’s also an option to type it in manually, so I hunted around the UMass website and found one document that listed the EWS URL as https://exchange.umass.edu/ews/exchange.asmx. This was actually the same as the URL it was finding when it auto-detected, and it kept failing here as well. I just kept trying and then it finally worked (I’m pretty sure it worked while auto-detecting, but either way should be the same). I wish I could tell you what changed, but I can’t—I just hope it’s smoother for you! (Note: at some point in the process, it did run through the duo-authentication, including calling my phone. I can’t remember when that was, but I do remember that it still didn’t install properly at that point. It kept failing for a bit before finally the whole thing suddenly came together, for what reason I do not know.)
  4. Even after that, I was still having some trouble sending mail: it would send, but it would hang at the point where it was supposed to “assemble” the message and save it to my sent folder. What I finally determined is that the new system is simply not going to let me save my sent messages directly to a local folder as I used to do. Under Account Settings: Copies & Folders, make sure it’s set to save in the folder “Sent on username@umass.edu on outlook.office365.com.”

Also, notice that in addition to your regular account(s) and local folders in the left panel, if you scroll all the way down that panel you should see a new account, which is “username@umass.edu on outlook.office365.com.” I made sure the settings under Account Settings: Copies and Folders were correct there as well. Under that account, you’ll see a “Sent items” folder, which is where you can find copies of emails that you’ve sent. I just periodically go and scoop those up and move them to the local folder where I like to keep them—it doesn’t seem to mind my doing that, but it did object (i.e., failed to work) when I tried to set it to put them there automatically.

Otherwise, I don’t actually do anything with the new account (except deal with the junk folder—hooray! I no longer have to log in to Outlook to sort junk!). I continue to use the inbox for the account I originally had at the top of the left panel, and it works just fine for incoming and outgoing.

  1. You might also try this web page (https://exquilla.zendesk.com/hc/en-us/articles/212909826-Configuring-the-outgoing-server) if you’re having trouble sending mail—it was one of several things I consulted, and it may have helped, though I’m not sure.

In sum, don’t give up! And good luck!

Marc Liberatore
Marc Liberatore
Senior Teaching Faculty

My research interests include anonymity systems, file and network forensics, and computer science pedagogy.