Created attachment 2322 [details] possible fix for IMAP receive When selecting OATUH2 for either send (SMTP) or receive (IMAP in my case) ClawsMail will overwrite both send and receive passwords with the OAUTH2 token even if that login uses a non-OAUTH password. In my case I use my employer's SMTP server (secured via OAUTH2) to send but a local IMAP server to hold incoming mail (plaintext password). Currently I patch oauth2.c as shown in the attached patch, which fixes the issue for me. However the patch is not eg handling POP3 accounts so is more of a detailed explanation rather than a fix.
I am not so sure about this patch cause it could break reply-to if the receiving MTA validates if the sending server is allowed to act as mail sender for the specific mail domain.
Also, I am not familiar with any MTA which uses OAUTH for receiving and plain password for sending. Would somewhat break the protocol.
Since sending (SMTP) and receiving (IMAP) are different servers, I myself see no reason to assume they use the same authentication mechanism. ClawsMail does not do so either it seems, having separate password and method fields for them. I am not sure I understand comment:1. The SMTP server used in my case is indeed the one for my email address' email domain (@illinois.edu and the server is Microsoft's smtp.office.com). The IMAP server is my own and receives emails that are forwarded to it. The setup is like this: /- MS Outlook -- forwards to -> private IMAP server \ internet ---- -- claws mail \- MS SMTP <- sends email to --------------------- / So email always is sent to (by outside clients) to the official server and is received from the official server. The patch is certainly not intended as a final fix, since at the very least it does not handle POP3 accounts. It serves only as an illustration of the code that makes things behave the way I would expect for a situation where the authentication method selected in the UI for receive is Plaintext and that for sending is OAUTH2.
This is now fix in git, based on your patch but also including POP accounts. Many thanks for the patch!